Here are the results of the scans
SECURITY CHECK:
Results of screen317's Security Check version 0.99.76
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Lavasoft Ad-Watch Live! Anti-Virus
avast! Antivirus
COMODO Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
MVPS Hosts File
Out of date HijackThis installed!
SpywareBlaster 4.4
Spybot - Search & Destroy 2
Malwarebytes Anti-Malware version 1.75.0.1300
HijackThis 2.0.2
Java 6 Update 20
Java version out of Date!
Adobe Flash Player 11.9.900.117
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 24.0 Firefox out of Date!
Google Chrome 31.0.1650.34
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Spybot Teatimer.exe is disabled!
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
AswMBR: NOTE; ONLY ONE FILE SAVED, SO CANNOT ATTACH THE OTHER ONE IT SHOULD HAVE GENERATED ... AND THIS ERROR MESSAGE APPEARED PRIOR TO DOWNLOADING VIRUS DEF'S AND ALSO AFTER DOWNLOADING VIRUS DEFINITIONS:
The procedure entry point aswscnGetVirusID could not be located in the dydnamic link library aswScan.dll
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-03 12:20:07
-----------------------------
12:20:07.096 OS Version: Windows x64 6.1.7600
12:20:07.096 Number of processors: 2 586 0x170A
12:20:07.098 ComputerName: LORNA-PC UserName: Lorna
12:20:11.765 Initialize success
12:26:04.558 AVAST engine error: 2
12:27:53.465 The log file has been saved successfully to "C:\Users\Lorna\Desktop\aswMBR.txt"
OTL:
OTL logfile created on: 03/11/2013 12:30:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lorna\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
4.00 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 62.33% Memory free
7.99 Gb Paging File | 6.07 Gb Available in Paging File | 76.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.44 Gb Total Space | 268.88 Gb Free Space | 59.69% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 246.55 Gb Free Space | 52.93% Space Free | Partition Type: NTFS
Drive E: | 254.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: LORNA-PC | User Name: Lorna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found
PRC - C:\Users\Lorna\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Lorna\AppData\Roaming\Dashlane\Dashlane.exe ()
PRC - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
PRC - C:\Users\Lorna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe (Comodo Security Solutions Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe (GlavSoft LLC.)
PRC - C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SpeedBit Ltd.)
PRC - C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\WTClient.exe (Tablet Driver)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - c:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
PRC - c:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
========== Modules (No Company Name) ==========
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\Dashlane.exe ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.2.2.1.47394.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.2.2.1.47394.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.2.2.1.47394.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.2.2.1.47394.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.2.2.1.47394.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.2.2.1.47394.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.2.2.1.47394.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Windows\SysWOW64\WinTab32.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (DAZContentManagementService) -- C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe ()
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinTabService) -- C:\Windows\SysNative\drivers\WTSrv.exe (Tablet Driver)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (DragonUpdater) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
SRV - (CLPSLauncher) -- C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe (Comodo Security Solutions Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (tvnserver) -- C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe (GlavSoft LLC.)
SRV - (Guard Agent) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (EaseUS Agent) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (VideoAcceleratorService) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SpeedBit Ltd.)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (IGBASVC) -- c:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
========== Driver Services (SafeList) ==========
DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (CFRMD) -- C:\Windows\SysNative\drivers\CFRMD.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (EUFDDISK) -- C:\Windows\SysNative\drivers\EuFdDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV:64bit: - (EUBKMON) -- C:\Windows\SysNative\drivers\EUBKMON.sys ()
DRV:64bit: - (EUDSKACS) -- C:\Windows\SysNative\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV:64bit: - (EUBAKUP) -- C:\Windows\SysNative\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (silabser) -- C:\Windows\SysNative\drivers\silabser.sys (Silicon Laboratories)
DRV:64bit: - (silabenm) -- C:\Windows\SysNative\drivers\silabenm.sys (Silicon Laboratories)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\drivers\uim_vimx64.sys (Paragon)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows ® 2000 DDK provider)
DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\drivers\RapportKE64.sys (Trusteer Ltd.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (FPSensor) -- C:\Windows\SysNative\drivers\FPSensor.sys (Egistec)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (hidshim) -- C:\Windows\SysNative\drivers\hidshim.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (nuvotonhidgeneric) -- C:\Windows\SysNative\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (UCTblHid) -- C:\Windows\SysNative\drivers\UCTblHid.sys (Tablet Driver)
DRV:64bit: - (TClass2k) -- C:\Windows\SysNative\drivers\TClass2k.sys (Tablet Driver)
DRV:64bit: - (PTSimHid) -- C:\Windows\SysNative\drivers\PTSimHid.sys (PenTablet Driver)
DRV:64bit: - (PTSimBus) -- C:\Windows\SysNative\drivers\PTSimBus.sys (PenTablet Driver)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV - (cleanhlp) -- C:\EEK\Run\cleanhlp64.sys (Emsisoft GmbH)
DRV - (RapportCerberus_43926) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys ()
DRV - (CFRMD) -- C:\Windows\SysWOW64\drivers\CFRMD.sys (Windows ® Win 7 DDK provider)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.)
DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.)
DRV - (usbscan) -- C:\Windows\SysWOW64\drivers\USBSCAN.SYS (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...c8z185t5701w78n
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = Yandex
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...EC-3F8345330960
IE - HKCU\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...AW_enGB378GB379
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://yandex.ru/yan...t={searchTerms}
IE - HKCU\..\SearchScopes\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}: "URL" = http://ws.infospace....=7?_IceUrl=true
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\Moikrug: "URL" = http://moikrug.ru/pe...ms}&submitted=1
IE - HKCU\..\SearchScopes\Yandex: "URL" = http://www.google.co...AW_enGB378GB379
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.32: C:\Users\Lorna\AppData\Local\Spoon\3.32.2.12\npMozillaSpoonPlugin.dll (Code Systems Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lorna\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lorna\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/01 08:40:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/02 13:09:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/20 14:20:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/01 08:40:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}: C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} [2013/10/21 09:17:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/20 14:20:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012/02/10 13:34:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lorna\AppData\Roaming\Mozilla\Extensions
[2013/10/27 10:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lorna\AppData\Roaming\Mozilla\Firefox\Profiles\nlrnclme.default-1382870013963\extensions
[2013/10/20 14:20:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/10/20 14:20:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/20 14:20:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/10/21 09:17:25 | 000,000,000 | ---D | M] (Dashlane) -- C:\USERS\LORNA\APPDATA\ROAMING\DASHLANE\2.2.1.47394\BIN\FIREFOX_EXTENSION\{442718D9-475E-452A-B3E1-FB1EE16B8E9F}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.addthis.c...n3&clickbacks=1
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lorna\AppData\Local\Google\Chrome\Application\31.0.1650.34\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lorna\AppData\Local\Google\Chrome\Application\31.0.1650.34\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lorna\AppData\Local\Google\Chrome\Application\31.0.1650.34\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Chrome SVD extension (Enabled) = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.4_0\lib/npdownloaderchrome.dll
CHR - plugin: Chrome DAP extension (Enabled) = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.6_0\lib/npdapchrome.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RockMelt Update (Enabled) = C:\Users\Lorna\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll
CHR - plugin: Spoon Plugin (Enabled) = C:\Users\Lorna\AppData\Local\Spoon\3.32.2.12\npMozillaSpoonPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Google Translate = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0\
CHR - Extension: Spybot - Search & Destroy = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmcccagmbagkpbdgpammblejlmiempb\2.0.6.819_0\
CHR - Extension: YouTube = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
CHR - Extension: Google Search = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SpeedBit Video Downloader = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.4_0\
CHR - Extension: avast! WebRep = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Disconnect = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.10.0_0\
CHR - Extension: SpeedBit Search Predict = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea\2.0.2_0\
CHR - Extension: Window Close Protector = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnpifgapnmpninomacbhdlconlpikdai\2.2_0\
CHR - Extension: Dashlane = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjojgglmmcghgaiknnpgjgldgaocjfd\2.2.1.47394_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.2_0\
CHR - Extension: Short URL = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\obbdcmhkndhionekooeeiilbicfdkhml\1.0_0\
CHR - Extension: Instagram for Chrome = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\4.9.1_0\
CHR - Extension: Instagram for Chrome = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\4.9.2_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.3_0\
CHR - Extension: Gmail = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2012/08/17 07:48:50 | 000,443,169 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 15224 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files (x86)\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (Dashlane BHO) - {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - C:\Users\Lorna\AppData\Roaming\Dashlane\ie\Dashlanei.dll (Dashlane)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (SBCONVERT Class) - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU4E\tbcore3.dll ()
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU4E\Grabber.dll (SpeedBit)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU4E\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU4E\tbcore3.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKCU..\Run: [Dashlane] C:\Users\Lorna\AppData\Roaming\Dashlane\Dashlane.exe ()
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O4 - Startup: C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lorna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: fellfromgrace.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{143FF0DD-2870-4386-A8BB-C8C13DD9AC08}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{454243BE-109D-452A-96DD-5779CAC699AD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{454243BE-109D-452A-96DD-5779CAC699AD}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Value error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013/11/03 12:02:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lorna\Desktop\OTL.exe
[2013/11/03 11:58:56 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Lorna\Desktop\aswMBR.exe
[2013/10/29 10:54:07 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Lorna\Desktop\HijackThis.exe
[2013/10/27 10:52:51 | 000,000,000 | ---D | C] -- C:\Users\Lorna\AppData\Roaming\DesktopIconForAmazon
[2013/10/27 10:49:03 | 000,000,000 | ---D | C] -- C:\EEK
[2013/10/27 10:34:01 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Desktop\Old Firefox Data
[2013/10/25 18:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Nevercenter
[2013/10/25 17:58:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CameraBag 2
[2013/10/25 15:15:28 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\My Collages
[2013/10/24 21:26:29 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2013/10/24 21:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/10/24 16:43:58 | 000,000,000 | ---D | C] -- C:\3a3f13d26556370d06bc1f
[2013/10/24 16:20:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/10/22 11:33:01 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\word docs
[2013/10/22 11:32:20 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\pageplus stuff
[2013/10/22 11:31:21 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\robfossett
[2013/10/22 11:22:34 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\ie6 only
[2013/10/22 11:22:34 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\IE Kaleidoscope
[2013/10/22 11:22:21 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\Font Groups
[2013/10/22 11:22:21 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\flipphotos
[2013/10/22 11:22:20 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\files
[2013/10/22 11:18:40 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\data
[2013/10/22 11:18:36 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\com.nevercenter.camerabag2
[2013/10/22 11:15:43 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\Arcade Deluxe
[2013/10/22 11:15:43 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\application forms
[2013/10/22 11:15:43 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\Anvsoft
[2013/10/22 11:15:42 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\Amazon MP3
[2013/10/22 11:15:24 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\accounts excel
[2013/10/22 11:15:19 | 000,530,528 | ---- | C] (Yahoo! Inc.) -- C:\Users\Lorna\Documents\yahoo_installer.exe
[2013/10/22 11:15:12 | 002,500,664 | ---- | C] (CyberDefender Corp.) -- C:\Users\Lorna\Documents\toolbar_v2toolbarsite.exe
[2013/10/22 11:15:07 | 022,690,600 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Lorna\Documents\SkypeSetup.exe
[2013/10/22 11:14:59 | 018,649,560 | ---- | C] (eBay ) -- C:\Users\Lorna\Documents\setupUK.exe
[2013/10/22 11:14:57 | 006,798,200 | ---- | C] (Brajusta Publishing, Inc. ) -- C:\Users\Lorna\Documents\setup.exe
[2013/10/22 11:14:31 | 005,911,719 | ---- | C] (Free-Software-Forever.com) -- C:\Users\Lorna\Documents\googlein24.exe
[2013/10/22 11:14:25 | 011,028,800 | ---- | C] (Flock) -- C:\Users\Lorna\Documents\flock-2.0b2.en-US.win32.exe
[2013/10/21 17:33:07 | 000,000,000 | ---D | C] -- C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
[2013/10/21 17:31:50 | 000,000,000 | ---D | C] -- C:\Users\Lorna\AppData\Roaming\Dashlane
[2013/10/20 14:20:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/10/19 12:33:25 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\DAZ 3D
[2013/10/19 12:24:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My DAZ 3D Library
[2013/10/19 12:18:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAZ 3D
[2013/10/19 12:03:05 | 000,000,000 | ---D | C] -- C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
[2013/10/19 12:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\DAZ 3D
[2013/10/19 12:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\DAZ 3D
[2013/10/19 10:26:16 | 000,057,096 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2009/08/22 08:44:20 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[1 C:\Users\Lorna\Documents\*.tmp files -> C:\Users\Lorna\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/11/03 12:50:52 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/11/03 12:34:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/03 12:34:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1062119836-663356838-3640058548-1001UA.job
[2013/11/03 12:06:41 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1062119836-663356838-3640058548-1001Core.job
[2013/11/03 12:06:27 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/03 12:06:27 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/03 12:04:14 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/03 12:03:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/03 12:02:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lorna\Desktop\OTL.exe
[2013/11/03 11:59:04 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Lorna\Desktop\aswMBR.exe
[2013/11/03 11:58:42 | 000,891,184 | ---- | M] () -- C:\Users\Lorna\Desktop\SecurityCheck.exe
[2013/11/03 11:51:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/01 18:27:47 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/10/30 18:42:27 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2013/10/30 18:42:27 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2013/10/30 18:35:39 | 000,000,436 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013/10/30 18:34:17 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/10/30 18:33:51 | 3217,235,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/30 18:33:49 | 576,721,544 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/10/29 10:54:05 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Lorna\Desktop\HijackThis.exe
[2013/10/29 10:10:58 | 000,797,238 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/29 10:10:58 | 000,677,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/29 10:10:58 | 000,130,846 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/28 10:52:02 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\Paragon Archive name arc_080112231151836.job
[2013/10/27 15:49:48 | 000,002,145 | ---- | M] () -- C:\Users\Lorna\Desktop\avast! Free Antivirus 8.0.1489 Setup.lnk
[2013/10/27 14:46:41 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/27 10:55:07 | 000,002,370 | ---- | M] () -- C:\Users\Lorna\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/27 10:55:07 | 000,002,368 | ---- | M] () -- C:\Users\Lorna\Desktop\Google Chrome.lnk
[2013/10/27 10:52:52 | 000,001,482 | ---- | M] () -- C:\Users\Lorna\Desktop\Amazon.lnk
[2013/10/27 10:52:52 | 000,001,482 | ---- | M] () -- C:\Users\Lorna\Application Data\Microsoft\Internet Explorer\Quick Launch\Amazon.lnk
[2013/10/27 10:50:45 | 000,000,586 | ---- | M] () -- C:\Users\Lorna\Desktop\Emsisoft Emergency Kit.lnk
[2013/10/24 16:37:01 | 000,783,150 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/21 19:25:52 | 000,032,399 | ---- | M] () -- C:\Windows\Q-Dir.ini
[2013/10/21 19:21:24 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2013/10/21 17:33:07 | 000,002,019 | ---- | M] () -- C:\Users\Lorna\Desktop\Dashlane.lnk
[2013/10/20 18:59:46 | 000,002,087 | ---- | M] () -- C:\Users\Lorna\Desktop\DAZ 3D Install Manager 1.lnk
[2013/10/19 12:24:31 | 000,000,974 | ---- | M] () -- C:\Users\Lorna\Desktop\DAZ Studio 4.6 (64-bit).lnk
[2013/10/19 11:03:56 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/19 11:03:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/19 10:26:23 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2013/10/19 10:26:16 | 000,057,096 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2013/10/15 23:07:31 | 000,033,184 | ---- | M] () -- C:\Users\Lorna\Documents\cc_20131016_000724.reg
[1 C:\Users\Lorna\Documents\*.tmp files -> C:\Users\Lorna\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/11/03 11:58:44 | 000,891,184 | ---- | C] () -- C:\Users\Lorna\Desktop\SecurityCheck.exe
[2013/10/27 15:49:47 | 000,002,145 | ---- | C] () -- C:\Users\Lorna\Desktop\avast! Free Antivirus 8.0.1489 Setup.lnk
[2013/10/27 14:46:41 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/27 10:55:07 | 000,002,368 | ---- | C] () -- C:\Users\Lorna\Desktop\Google Chrome.lnk
[2013/10/27 10:52:52 | 000,001,482 | ---- | C] () -- C:\Users\Lorna\Desktop\Amazon.lnk
[2013/10/27 10:52:52 | 000,001,482 | ---- | C] () -- C:\Users\Lorna\Application Data\Microsoft\Internet Explorer\Quick Launch\Amazon.lnk
[2013/10/27 10:49:58 | 000,000,586 | ---- | C] () -- C:\Users\Lorna\Desktop\Emsisoft Emergency Kit.lnk
[2013/10/25 17:58:48 | 000,002,991 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CameraBag 2.lnk
[2013/10/22 11:15:20 | 005,505,155 | ---- | C] () -- C:\Users\Lorna\Documents\ZinioReader4.air
[2013/10/22 11:15:19 | 000,006,195 | ---- | C] () -- C:\Users\Lorna\Documents\xmas2012.html
[2013/10/22 11:15:18 | 007,919,073 | ---- | C] () -- C:\Users\Lorna\Documents\Weave-ItBkTwo.pdf
[2013/10/22 11:15:18 | 003,956,220 | ---- | C] ( ) -- C:\Users\Lorna\Documents\webgobbler126_setup.exe
[2013/10/22 11:15:18 | 000,256,521 | ---- | C] () -- C:\Users\Lorna\Documents\Winged Pig Crochet Pattern - Flying Pigs Crochet Pattern.mht
[2013/10/22 11:15:18 | 000,111,060 | ---- | C] () -- C:\Users\Lorna\Documents\WM0270.pdf
[2013/10/22 11:15:18 | 000,032,159 | ---- | C] () -- C:\Users\Lorna\Documents\Welcome to.png
[2013/10/22 11:15:18 | 000,008,500 | ---- | C] () -- C:\Users\Lorna\Documents\wordchart1.pdf
[2013/10/22 11:15:17 | 008,679,978 | ---- | C] () -- C:\Users\Lorna\Documents\Weave-ItBkThree.pdf
[2013/10/22 11:15:16 | 000,786,846 | ---- | C] () -- C:\Users\Lorna\Documents\vintage_knitting_tips.pdf
[2013/10/22 11:15:14 | 007,850,491 | ---- | C] () -- C:\Users\Lorna\Documents\vichallflyerfinal.ppp
[2013/10/22 11:15:14 | 006,729,331 | ---- | C] () -- C:\Users\Lorna\Documents\vertigo-source.png
[2013/10/22 11:15:14 | 000,145,212 | ---- | C] () -- C:\Users\Lorna\Documents\vertigo-logo-source.png
[2013/10/22 11:15:13 | 001,323,805 | ---- | C] () -- C:\Users\Lorna\Documents\tyroknit.pdf
[2013/10/22 11:15:13 | 000,852,185 | ---- | C] () -- C:\Users\Lorna\Documents\vertigo-footer-source.png
[2013/10/22 11:15:13 | 000,086,999 | ---- | C] () -- C:\Users\Lorna\Documents\Untitled-2.ai
[2013/10/22 11:15:13 | 000,006,219 | ---- | C] () -- C:\Users\Lorna\Documents\Untitled.htm
[2013/10/22 11:15:13 | 000,000,652 | ---- | C] () -- C:\Users\Lorna\Documents\Untitled-1.ai
[2013/10/22 11:15:11 | 007,070,390 | ---- | C] () -- C:\Users\Lorna\Documents\TheWeave-ItBook.pdf
[2013/10/22 11:15:11 | 000,000,163 | ---- | C] () -- C:\Users\Lorna\Documents\timesheet_20090216.csv
[2013/10/22 11:15:10 | 002,809,683 | ---- | C] () -- C:\Users\Lorna\Documents\testpdf.PDF
[2013/10/22 11:15:10 | 000,080,482 | ---- | C] () -- C:\Users\Lorna\Documents\tgest.xps
[2013/10/22 11:15:10 | 000,000,096 | ---- | C] () -- C:\Users\Lorna\Documents\test.key.prepare
[2013/10/22 11:15:09 | 003,761,664 | ---- | C] () -- C:\Users\Lorna\Documents\test.exe
[2013/10/22 11:15:09 | 000,001,207 | ---- | C] () -- C:\Users\Lorna\Documents\test.ebp
[2013/10/22 11:15:09 | 000,000,096 | ---- | C] () -- C:\Users\Lorna\Documents\test.key
[2013/10/22 11:15:08 | 001,690,966 | ---- | C] () -- C:\Users\Lorna\Documents\surveys.pdf
[2013/10/22 11:15:08 | 000,650,583 | ---- | C] () -- C:\Users\Lorna\Documents\TechniqueColoredPencil.pdf
[2013/10/22 11:15:08 | 000,557,191 | ---- | C] () -- C:\Users\Lorna\Documents\stitchy.pdf
[2013/10/22 11:15:08 | 000,364,234 | ---- | C] () -- C:\Users\Lorna\Documents\steampunkflier.png
[2013/10/22 11:15:08 | 000,329,320 | ---- | C] () -- C:\Users\Lorna\Documents\steamunkflier2.png
[2013/10/22 11:15:08 | 000,056,028 | ---- | C] () -- C:\Users\Lorna\Documents\sv_028.jpg
[2013/10/22 11:15:08 | 000,025,574 | ---- | C] () -- C:\Users\Lorna\Documents\swfobject.js
[2013/10/22 11:15:08 | 000,015,263 | ---- | C] () -- C:\Users\Lorna\Documents\steamstam tables.svg
[2013/10/22 11:15:08 | 000,011,906 | ---- | C] () -- C:\Users\Lorna\Documents\steamstam tables.pdf
[2013/10/22 11:15:07 | 003,144,125 | ---- | C] () -- C:\Users\Lorna\Documents\Spool221.pdf
[2013/10/22 11:15:07 | 002,196,497 | ---- | C] () -- C:\Users\Lorna\Documents\steampunk-bug.pdf
[2013/10/22 11:15:07 | 000,060,235 | ---- | C] () -- C:\Users\Lorna\Documents\stamford-artisans-guild-logo.jpg
[2013/10/22 11:15:07 | 000,009,469 | ---- | C] () -- C:\Users\Lorna\Documents\star_template.pdf
[2013/10/22 11:15:00 | 011,973,628 | ---- | C] () -- C:\Users\Lorna\Documents\showcase-source.png
[2013/10/22 11:15:00 | 000,055,038 | ---- | C] () -- C:\Users\Lorna\Documents\shkdd10.zip
[2013/10/22 11:14:56 | 000,103,326 | ---- | C] () -- C:\Users\Lorna\Documents\Sea%20Breeze%20Angelina%20instructions.pdf
[2013/10/22 11:14:56 | 000,034,959 | ---- | C] () -- C:\Users\Lorna\Documents\SEASCAPEPEYOTE.png
[2013/10/22 11:14:56 | 000,029,223 | ---- | C] () -- C:\Users\Lorna\Documents\SEASCAPELOOM.png
[2013/10/22 11:14:55 | 001,769,648 | ---- | C] () -- C:\Users\Lorna\Documents\saSetup.exe
[2013/10/22 11:14:54 | 001,252,686 | ---- | C] () -- C:\Users\Lorna\Documents\SAGEBACK010508.002
[2013/10/22 11:14:53 | 001,651,183 | ---- | C] () -- C:\Users\Lorna\Documents\rt_infuse_j15.tgz
[2013/10/22 11:14:53 | 001,561,078 | ---- | C] () -- C:\Users\Lorna\Documents\rt_vertigo_j15.tgz
[2013/10/22 11:14:52 | 001,190,402 | ---- | C] () -- C:\Users\Lorna\Documents\rt_affinity_j15.tgz
[2013/10/22 11:14:52 | 000,193,534 | ---- | C] () -- C:\Users\Lorna\Documents\replicant2-source.png
[2013/10/22 11:14:52 | 000,142,251 | ---- | C] () -- C:\Users\Lorna\Documents\Render 1.png
[2013/10/22 11:14:52 | 000,007,834 | ---- | C] () -- C:\Users\Lorna\Documents\rabbit2.png
[2013/10/22 11:14:51 | 000,114,202 | ---- | C] () -- C:\Users\Lorna\Documents\phtos unusul.nri
[2013/10/22 11:14:51 | 000,042,836 | ---- | C] () -- C:\Users\Lorna\Documents\PIXL_E.zip
[2013/10/22 11:14:51 | 000,014,915 | ---- | C] () -- C:\Users\Lorna\Documents\pic for payperhour.gif
[2013/10/22 11:14:50 | 006,213,246 | ---- | C] () -- C:\Users\Lorna\Documents\Photo Album.wmv
[2013/10/22 11:14:50 | 000,043,319 | ---- | C] () -- C:\Users\Lorna\Documents\penguin peyote.png
[2013/10/22 11:14:50 | 000,035,309 | ---- | C] () -- C:\Users\Lorna\Documents\penguin loom.png
[2013/10/22 11:14:50 | 000,026,816 | ---- | C] () -- C:\Users\Lorna\Documents\pdftedst.pdf
[2013/10/22 11:14:50 | 000,000,257 | R--- | C] () -- C:\Users\Lorna\Documents\PC Support.url
[2013/10/22 11:14:50 | 000,000,000 | ---- | C] () -- C:\Users\Lorna\Documents\PDFVistaPort
[2013/10/22 11:14:49 | 007,364,137 | ---- | C] () -- C:\Users\Lorna\Documents\orwell145b.exe
[2013/10/22 11:14:49 | 000,083,305 | ---- | C] () -- C:\Users\Lorna\Documents\paper doll maryjane.jpg
[2013/10/22 11:14:49 | 000,075,404 | R--- | C] () -- C:\Users\Lorna\Documents\Order-10527301-Docs-090326maggi.pdf
[2013/10/22 11:14:48 | 000,195,703 | R--- | C] () -- C:\Users\Lorna\Documents\Omotchama.rar
[2013/10/22 11:14:48 | 000,074,773 | R--- | C] () -- C:\Users\Lorna\Documents\Order-10520030-Docs-120335 Katrina .pdf
[2013/10/22 11:14:48 | 000,042,943 | ---- | C] () -- C:\Users\Lorna\Documents\oldtimeladypeyote.png
[2013/10/22 11:14:48 | 000,035,888 | ---- | C] () -- C:\Users\Lorna\Documents\oldtimeladyloom.png
[2013/10/22 11:14:46 | 058,615,296 | ---- | C] () -- C:\Users\Lorna\Documents\NOF-Essentials.exe
[2013/10/22 11:14:46 | 000,139,356 | ---- | C] () -- C:\Users\Lorna\Documents\NLP.zip
[2013/10/22 11:14:45 | 000,699,591 | ---- | C] () -- C:\Users\Lorna\Documents\Mysnowflakes.rtf
[2013/10/22 11:14:45 | 000,694,574 | ---- | C] () -- C:\Users\Lorna\Documents\nettie.png
[2013/10/22 11:14:45 | 000,351,585 | ---- | C] () -- C:\Users\Lorna\Documents\Mysnowflakes.pdf
[2013/10/22 11:14:45 | 000,187,007 | ---- | C] () -- C:\Users\Lorna\Documents\mysignature.png
[2013/10/22 11:14:45 | 000,161,621 | ---- | C] () -- C:\Users\Lorna\Documents\mywatchmanual.pdf
[2013/10/22 11:14:45 | 000,037,445 | ---- | C] () -- C:\Users\Lorna\Documents\MyMicroBalance2006.mmb
[2013/10/22 11:14:45 | 000,037,426 | ---- | C] () -- C:\Users\Lorna\Documents\MyMicroBalance2006.mmb.backup2
[2013/10/22 11:14:45 | 000,030,600 | ---- | C] () -- C:\Users\Lorna\Documents\MyMicroBalance2006.mmb.backup1
[2013/10/22 11:14:45 | 000,028,283 | ---- | C] () -- C:\Users\Lorna\Documents\MyMicroBalance2007.mmb
[2013/10/22 11:14:45 | 000,000,559 | ---- | C] () -- C:\Users\Lorna\Documents\My Sharing Folders.lnk
[2013/10/22 11:14:44 | 007,268,458 | ---- | C] () -- C:\Users\Lorna\Documents\Migrated Documents Report.csv
[2013/10/22 11:14:44 | 000,062,535 | ---- | C] () -- C:\Users\Lorna\Documents\modules-source.png
[2013/10/22 11:14:44 | 000,041,462 | ---- | C] () -- C:\Users\Lorna\Documents\Microsoft Word - r conboy webvert march 08.pdf
[2013/10/22 11:14:43 | 020,029,198 | ---- | C] () -- C:\Users\Lorna\Documents\Merry Christmas2.wmv
[2013/10/22 11:14:42 | 012,845,162 | ---- | C] () -- C:\Users\Lorna\Documents\Merry Christmas.wmv
[2013/10/22 11:14:42 | 000,182,928 | ---- | C] () -- C:\Users\Lorna\Documents\Making Wool Felt Booties.mht
[2013/10/22 11:14:42 | 000,140,974 | ---- | C] () -- C:\Users\Lorna\Documents\magicbutton.zip
[2013/10/22 11:14:42 | 000,103,521 | ---- | C] () -- C:\Users\Lorna\Documents\lv pl airInsurancePdf_2012.pdf
[2013/10/22 11:14:42 | 000,054,102 | ---- | C] () -- C:\Users\Lorna\Documents\menu-dropdown-source.png
[2013/10/22 11:14:42 | 000,023,034 | ---- | C] () -- C:\Users\Lorna\Documents\lv signature.png
[2013/10/22 11:14:40 | 002,171,605 | ---- | C] () -- C:\Users\Lorna\Documents\LoaderBackup-(2012-07-13)-3.bbb
[2013/10/22 11:14:40 | 002,169,420 | ---- | C] () -- C:\Users\Lorna\Documents\LoaderBackup-(2012-07-13)-2.bbb
[2013/10/22 11:14:40 | 002,169,411 | ---- | C] () -- C:\Users\Lorna\Documents\LoaderBackup-(2012-07-13).bbb
[2013/10/22 11:14:40 | 000,010,826 | ---- | C] () -- C:\Users\Lorna\Documents\logo.png
[2013/10/22 11:14:40 | 000,006,433 | ---- | C] () -- C:\Users\Lorna\Documents\logo1.gif
[2013/10/22 11:14:40 | 000,005,437 | ---- | C] () -- C:\Users\Lorna\Documents\logo-alt.png
[2013/10/22 11:14:40 | 000,000,681 | ---- | C] () -- C:\Users\Lorna\Documents\Lorna - Shortcut.lnk
[2013/10/22 11:14:39 | 007,108,414 | ---- | C] () -- C:\Users\Lorna\Documents\lasvegas.craft
[2013/10/22 11:14:39 | 002,169,408 | ---- | C] () -- C:\Users\Lorna\Documents\LoaderBackup-(2012-07-13)-1.bbb
[2013/10/22 11:14:39 | 002,125,788 | ---- | C] () -- C:\Users\Lorna\Documents\len and nell page 11 i think cmyk.pdf
[2013/10/22 11:14:39 | 000,202,368 | ---- | C] () -- C:\Users\Lorna\Documents\LayoutTool - Legacy.pdf
[2013/10/22 11:14:39 | 000,024,551 | ---- | C] () -- C:\Users\Lorna\Documents\lasvegaslv.jpg
[2013/10/22 11:14:38 | 010,469,136 | ---- | C] () -- C:\Users\Lorna\Documents\largexmas2011.craft
[2013/10/22 11:14:38 | 004,280,249 | ---- | C] () -- C:\Users\Lorna\Documents\joomla_15_quickstart.pdf
[2013/10/22 11:14:38 | 000,489,432 | ---- | C] () -- C:\Users\Lorna\Documents\IS SHAKESPEARE DEAD.pdf
[2013/10/22 11:14:38 | 000,122,285 | ---- | C] () -- C:\Users\Lorna\Documents\jemjoker.png
[2013/10/22 11:14:38 | 000,025,102 | ---- | C] () -- C:\Users\Lorna\Documents\JumpingJacks.pdf
[2013/10/22 11:14:38 | 000,011,379 | ---- | C] () -- C:\Users\Lorna\Documents\JumpingJacks(1).pdf
[2013/10/22 11:14:36 | 001,755,757 | ---- | C] () -- C:\Users\Lorna\Documents\Inside Front Cover.pdf
[2013/10/22 11:14:36 | 000,271,884 | ---- | C] () -- C:\Users\Lorna\Documents\invite square copy.jpg
[2013/10/22 11:14:36 | 000,083,274 | ---- | C] () -- C:\Users\Lorna\Documents\install_7-zip_.exe
[2013/10/22 11:14:35 | 002,019,964 | ---- | C] () -- C:\Users\Lorna\Documents\inside back cover cmyk.pdf
[2013/10/22 11:14:35 | 000,804,036 | ---- | C] () -- C:\Users\Lorna\Documents\Image3.psp
[2013/10/22 11:14:34 | 038,197,265 | ---- | C] () -- C:\Users\Lorna\Documents\hhswholething.pdf
[2013/10/22 11:14:34 | 001,669,393 | ---- | C] () -- C:\Users\Lorna\Documents\High-Raw-Kevin-Gianni.pdf
[2013/10/22 11:14:34 | 000,001,361 | ---- | C] () -- C:\Users\Lorna\Documents\hosts
[2013/10/22 11:14:31 | 000,513,317 | ---- | C] () -- C:\Users\Lorna\Documents\heartsnflowerspng.png
[2013/10/22 11:14:31 | 000,186,339 | ---- | C] () -- C:\Users\Lorna\Documents\Hearts.pdf
[2013/10/22 11:14:31 | 000,121,673 | ---- | C] () -- C:\Users\Lorna\Documents\HEARTSfinal layout.pdf
[2013/10/22 11:14:31 | 000,020,769 | ---- | C] () -- C:\Users\Lorna\Documents\Heart_templates.pdf
[2013/10/22 11:14:28 | 000,695,282 | ---- | C] () -- C:\Users\Lorna\Documents\GoogleAdwordsProduct.zip
[2013/10/22 11:14:28 | 000,324,804 | ---- | C] () -- C:\Users\Lorna\Documents\front cover cmyk.pdf
[2013/10/22 11:14:28 | 000,045,708 | ---- | C] () -- C:\Users\Lorna\Documents\girl1lpey.png
[2013/10/22 11:14:28 | 000,037,505 | ---- | C] () -- C:\Users\Lorna\Documents\girl1loom.png
[2013/10/22 11:14:28 | 000,002,390 | ---- | C] () -- C:\Users\Lorna\Documents\glutole.hottnote
[2013/10/22 11:14:27 | 015,425,536 | ---- | C] () -- C:\Users\Lorna\Documents\From the time I was a little girl.pps
[2013/10/22 11:14:25 | 001,313,030 | ---- | C] () -- C:\Users\Lorna\Documents\flowersp.bmp
[2013/10/22 11:14:25 | 000,202,368 | ---- | C] () -- C:\Users\Lorna\Documents\flower.pdf
[2013/10/22 11:14:25 | 000,201,436 | ---- | C] () -- C:\Users\Lorna\Documents\floral1peyote1.pdf
[2013/10/22 11:14:25 | 000,196,909 | ---- | C] () -- C:\Users\Lorna\Documents\flower1
[2013/10/22 11:14:25 | 000,113,685 | ---- | C] () -- C:\Users\Lorna\Documents\fox2crop.JPG
[2013/10/22 11:14:25 | 000,104,770 | ---- | C] () -- C:\Users\Lorna\Documents\floralpeyote v2.pdf
[2013/10/22 11:14:25 | 000,100,773 | ---- | C] () -- C:\Users\Lorna\Documents\floral1 peyote1.pdf
[2013/10/22 11:14:25 | 000,100,692 | ---- | C] () -- C:\Users\Lorna\Documents\floral1.pdf
[2013/10/22 11:14:25 | 000,009,948 | ---- | C] () -- C:\Users\Lorna\Documents\flower_template.pdf
[2013/10/22 11:14:24 | 000,215,381 | ---- | C] () -- C:\Users\Lorna\Documents\FlipBook3DMain.swf
[2013/10/22 11:14:24 | 000,138,468 | ---- | C] () -- C:\Users\Lorna\Documents\farm1a.JPG
[2013/10/22 11:14:23 | 000,089,180 | ---- | C] () -- C:\Users\Lorna\Documents\Fact Find 2 TESTGeneral.pdf
[2013/10/22 11:14:23 | 000,068,240 | ---- | C] () -- C:\Users\Lorna\Documents\Fact Find 2test1l.pdf
[2013/10/22 11:14:22 | 004,868,248 | ---- | C] () -- C:\Users\Lorna\Documents\ETSToysA.pdf
[2013/10/22 11:14:22 | 002,717,291 | ---- | C] () -- C:\Users\Lorna\Documents\ETSToysB.pdf
[2013/10/22 11:14:22 | 000,606,891 | ---- | C] () -- C:\Users\Lorna\Documents\Elfic_doll.pdf
[2013/10/22 11:14:22 | 000,334,132 | ---- | C] () -- C:\Users\Lorna\Documents\Etsy sylver Sylver Designs.mht
[2013/10/22 11:14:21 | 000,925,138 | ---- | C] () -- C:\Users\Lorna\Documents\edge.xps
[2013/10/22 11:14:21 | 000,112,236 | ---- | C] () -- C:\Users\Lorna\Documents\DVLA Vehicle Licensing Online Apply for a tax disc NOW.mht
[2013/10/22 11:14:21 | 000,034,652 | ---- | C] () -- C:\Users\Lorna\Documents\earlylady1peyote.png
[2013/10/22 11:14:21 | 000,029,265 | ---- | C] () -- C:\Users\Lorna\Documents\earlylady1loom.png
[2013/10/22 11:14:21 | 000,016,137 | ---- | C] () -- C:\Users\Lorna\Documents\decoladypeyote.png
[2013/10/22 11:14:21 | 000,013,977 | ---- | C] () -- C:\Users\Lorna\Documents\decoladyloom.png
[2013/10/22 11:14:21 | 000,013,396 | ---- | C] () -- C:\Users\Lorna\Documents\dvlalicenceapp.pdf
[2013/10/22 11:14:21 | 000,002,322 | ---- | C] () -- C:\Users\Lorna\Documents\Document2.wpd
[2013/10/22 11:14:20 | 004,017,882 | ---- | C] () -- C:\Users\Lorna\Documents\CTMJanFeb08 FINAL.pdf
[2013/10/22 11:14:20 | 000,002,859 | ---- | C] () -- C:\Users\Lorna\Documents\dddd.csv
[2013/10/22 11:14:19 | 000,023,005 | ---- | C] () -- C:\Users\Lorna\Documents\CTFEB07CrochetFroggyHatCheerioEssentials.pdf
[2013/10/22 11:14:18 | 000,292,350 | ---- | C] () -- C:\Users\Lorna\Documents\Crocheted Frog Treasure Pocket.mht
[2013/10/22 11:14:17 | 000,166,321 | ---- | C] () -- C:\Users\Lorna\Documents\copyrightnotice.pdf
[2013/10/22 11:14:16 | 003,559,424 | ---- | C] () -- C:\Users\Lorna\Documents\Charitable contributions.accdb
[2013/10/22 11:14:14 | 043,144,704 | ---- | C] () -- C:\Users\Lorna\Documents\CGSX3SP2.msp
[2013/10/22 11:14:14 | 029,478,912 | ---- | C] () -- C:\Users\Lorna\Documents\CGSX3SP1.msp
[2013/10/22 11:14:07 | 001,107,100 | ---- | C] () -- C:\Users\Lorna\Documents\CD30 BUTTERFLY KINETIC SWING CA.svg
[2013/10/22 11:14:06 | 000,480,086 | ---- | C] () -- C:\Users\Lorna\Documents\Card07.pdf
[2013/10/22 11:14:06 | 000,319,332 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20130614_200931.reg
[2013/10/22 11:14:06 | 000,101,094 | ---- | C] () -- C:\Users\Lorna\Documents\CD30 BUTTERFLY KINETIC SWING CA.pdf
[2013/10/22 11:14:06 | 000,094,760 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20130717_222003.reg
[2013/10/22 11:14:06 | 000,062,746 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20130614_202503.reg
[2013/10/22 11:14:06 | 000,050,750 | ---- | C] () -- C:\Users\Lorna\Documents\cctreescrop.JPG
[2013/10/22 11:14:06 | 000,033,184 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20131016_000724.reg
[2013/10/22 11:14:06 | 000,030,030 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20111214_181813.reg
[2013/10/22 11:14:06 | 000,018,942 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20130902_153501.reg
[2013/10/22 11:14:06 | 000,007,302 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20120108_154432.reg
[2013/10/22 11:14:06 | 000,005,750 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20130614_203430.reg
[2013/10/22 11:14:05 | 001,998,134 | ---- | C] () -- C:\Users\Lorna\Documents\broadsheetsteampunk.pdf
[2013/10/22 11:14:05 | 000,467,168 | ---- | C] () -- C:\Users\Lorna\Documents\Card06.pdf
[2013/10/22 11:14:05 | 000,315,773 | ---- | C] () -- C:\Users\Lorna\Documents\Card04.pdf
[2013/10/22 11:14:05 | 000,138,078 | ---- | C] () -- C:\Users\Lorna\Documents\bookmarks_10_02_2012.html
[2013/10/22 11:14:05 | 000,100,676 | ---- | C] () -- C:\Users\Lorna\Documents\Bulk_Certificate_Posting_Signature.pdf
[2013/10/22 11:14:05 | 000,036,419 | ---- | C] () -- C:\Users\Lorna\Documents\calendar_organizer_months.pdf
[2013/10/22 11:14:05 | 000,036,385 | ---- | C] () -- C:\Users\Lorna\Documents\Bulk_Certificate_Posting_Standard.pdf
[2013/10/22 11:14:04 | 011,721,211 | ---- | C] () -- C:\Users\Lorna\Documents\bigbadges.craft
[2013/10/22 11:14:04 | 001,581,606 | ---- | C] () -- C:\Users\Lorna\Documents\Bookkeeping
[2013/10/22 11:14:03 | 002,807,643 | ---- | C] () -- C:\Users\Lorna\Documents\BABYmocsBtys.pdf
[2013/10/22 11:14:03 | 000,305,408 | ---- | C] () -- C:\Users\Lorna\Documents\banner.png
[2013/10/22 11:14:02 | 010,676,572 | ---- | C] () -- C:\Users\Lorna\Documents\auctamerpro.exe
[2013/10/22 11:14:02 | 000,161,621 | ---- | C] () -- C:\Users\Lorna\Documents\B023_ebook.pdf
[2013/10/22 11:14:01 | 010,676,572 | ---- | C] () -- C:\Users\Lorna\Documents\auctamerpro(1).exe
[2013/10/22 11:14:00 | 002,355,200 | ---- | C] () -- C:\Users\Lorna\Documents\amclassical_silent_night.mp3
[2013/10/22 11:14:00 | 000,511,137 | ---- | C] () -- C:\Users\Lorna\Documents\AmazonDealProduct.zip
[2013/10/22 11:13:59 | 004,844,131 | R--- | C] () -- C:\Users\Lorna\Documents\Alien_Blaster_PePaKuRa_File_by_billybob884.rar
[2013/10/22 11:13:59 | 003,533,600 | ---- | C] () -- C:\Users\Lorna\Documents\alice1.ppp
[2013/10/22 11:13:59 | 001,231,224 | ---- | C] () -- C:\Users\Lorna\Documents\agendusstd_ota_en.prc
[2013/10/22 11:13:59 | 000,161,278 | ---- | C] () -- C:\Users\Lorna\Documents\aglaciercrop.JPG
[2013/10/22 11:13:59 | 000,109,943 | ---- | C] () -- C:\Users\Lorna\Documents\alicewivbaby.jpg
[2013/10/22 11:13:59 | 000,059,844 | ---- | C] () -- C:\Users\Lorna\Documents\Absolut_Pro_Bold.otf
[2013/10/22 11:13:59 | 000,000,406 | ---- | C] () -- C:\Users\Lorna\Documents\348059.vcf
[2013/10/22 11:13:59 | 000,000,081 | ---- | C] () -- C:\Users\Lorna\Documents\1Click.cfg
[2013/10/22 11:13:58 | 004,485,072 | ---- | C] () -- C:\Users\Lorna\Documents\1940sxmas2.craft
[2013/10/22 11:13:58 | 000,000,364 | ---- | C] () -- C:\Users\Lorna\Documents\08-10-30.sv
[2013/10/21 19:21:23 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2013/10/21 17:33:07 | 000,002,019 | ---- | C] () -- C:\Users\Lorna\Desktop\Dashlane.lnk
[2013/10/20 18:59:46 | 000,002,087 | ---- | C] () -- C:\Users\Lorna\Desktop\DAZ 3D Install Manager 1.lnk
[2013/10/19 12:24:31 | 000,000,974 | ---- | C] () -- C:\Users\Lorna\Desktop\DAZ Studio 4.6 (64-bit).lnk
[2012/05/24 20:24:55 | 000,001,269 | ---- | C] () -- C:\Users\Lorna\.recently-used.xbel
[2012/05/08 18:29:44 | 000,000,132 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2012/03/19 00:24:05 | 000,006,168 | ---- | C] () -- C:\Users\Lorna\AppData\Local\recently-used.xbel
[2012/03/07 20:12:53 | 000,035,328 | ---- | C] () -- C:\Windows\INETWH32.DLL
[2012/03/07 20:12:53 | 000,009,136 | ---- | C] () -- C:\Windows\INETWH16.DLL
[2012/03/07 20:12:53 | 000,004,528 | ---- | C] () -- C:\Windows\SETBROWS.EXE
[2012/03/07 20:06:35 | 000,044,544 | ---- | C] () -- C:\Windows\AWuninstall.exe
[2012/03/04 15:54:23 | 000,002,800 | ---- | C] () -- C:\Users\Lorna\2px-80percentransparencyblack.png
[2012/02/27 21:48:53 | 000,111,661 | ---- | C] () -- C:\Users\Lorna\Image2.jpg
[2012/02/26 17:49:45 | 000,000,084 | ---- | C] () -- C:\Users\Lorna\pathinfo.php
[2012/02/15 14:23:05 | 000,000,092 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2012/02/15 14:18:01 | 000,212,233 | ---- | C] () -- C:\Windows\Photo Pos Pro Uninstaller.exe.bak
[2012/02/12 20:44:55 | 000,172,032 | ---- | C] () -- C:\Users\Lorna\abrViewer.NET.exe
[2012/01/08 15:21:55 | 000,004,800 | ---- | C] () -- C:\ProgramData\NTIRegistry.REG
[2011/12/23 23:32:32 | 000,000,989 | ---- | C] () -- C:\Windows\wininit.ini
[2011/11/21 18:44:45 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/11/21 18:44:45 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/11/05 17:12:38 | 000,543,531 | ---- | C] () -- C:\Users\Lorna\New document 1.2011_11_05_17_12_38.0.svg
[2011/06/22 08:08:33 | 000,000,000 | ---- | C] () -- C:\Users\Lorna\AppData\Local\{5975D6E1-F7BB-4A5D-AD55-1634EB9C6B35}
[2011/06/13 15:12:39 | 000,000,000 | ---- | C] () -- C:\Users\Lorna\AppData\Local\{0DBB6458-1470-4D4F-9753-7EAB03AE0100}
[2011/03/04 12:56:48 | 000,040,907 | ---- | C] () -- C:\Users\Lorna\kitty_headbang.gif
[2011/01/14 22:53:58 | 000,000,132 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/12/19 23:48:49 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/04 21:58:22 | 000,000,837 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\FrameFun.ini
[2010/10/03 16:26:15 | 000,001,456 | ---- | C] () -- C:\Users\Lorna\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/10/03 10:44:53 | 000,006,144 | ---- | C] () -- C:\Users\Lorna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/01 20:42:00 | 000,000,036 | ---- | C] () -- C:\Users\Lorna\AppData\Local\housecall.guid.cache
[2010/09/22 08:57:37 | 000,033,134 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\UserTile.png
[2010/09/13 08:10:50 | 000,149,504 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\SharedSettings.ccs
[2010/08/27 16:51:33 | 000,000,132 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/08/17 11:14:46 | 002,064,206 | ---- | C] () -- C:\Users\Lorna\vichallflyerfinal.pdf
[2010/06/30 16:48:41 | 000,004,943 | ---- | C] () -- C:\ProgramData\pyknfeyt.slj
[2010/06/21 08:25:44 | 000,000,104 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\wklnhst.dat
[2010/05/10 08:55:47 | 000,135,441 | ---- | C] () -- C:\Program Files\VH1946-09.jpg
[2008/01/18 21:23:30 | 000,031,766 | ---- | C] () -- C:\Users\Lorna\20067.tdb
[2008/01/18 21:22:33 | 000,000,407 | ---- | C] () -- C:\Users\Lorna\tbook.properties
========== ZeroAccess Check ==========
[2009/08/19 09:40:19 | 000,054,458 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1062119836-663356838-3640058548-1001\$R819B5X\My Downloaded Artwork\Metallic Alphabet\L.png
[2009/08/19 09:40:42 | 000,077,456 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1062119836-663356838-3640058548-1001\$R819B5X\My Downloaded Artwork\Metallic Alphabet\N.png
[2009/08/19 09:42:00 | 000,069,609 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1062119836-663356838-3640058548-1001\$R819B5X\My Downloaded Artwork\Metallic Alphabet\U.png
[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 09:59:19 | 014,164,480 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 09:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012/02/10 12:09:24 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Avant Downloader
[2012/04/02 13:09:02 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Azureus
[2012/04/02 13:09:02 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\BeadTool
[2012/08/15 20:17:46 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Canon
[2010/07/23 20:43:03 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/02 13:08:04 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Chrysanth
[2010/09/15 20:26:58 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\CoffeeCup Software
[2010/07/27 15:55:43 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/05/10 16:24:20 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Craftwell Inc
[2012/04/02 13:08:05 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\CTdeveloping
[2010/06/18 21:52:46 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\CustomBrushesMini
[2013/10/25 21:57:50 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Dashlane
[2013/10/19 12:33:25 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\DAZ 3D
[2013/10/27 10:52:52 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\DesktopIconForAmazon
[2010/08/11 09:06:07 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\DeviceDoctorSoftware
[2013/11/01 18:26:37 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Dropbox
[2012/05/10 17:06:29 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\eCraftShop Pro
[2012/03/28 20:37:07 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\ExpressFiles
[2010/08/30 19:35:45 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Filter Forge Freepack 3 - Frames
[2012/04/02 13:09:03 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\gtk-2.0
[2011/01/21 23:19:58 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\inkscape
[2011/09/15 15:10:27 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Kaleider
[2012/03/19 20:29:22 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\LumaPix
[2012/04/02 13:09:04 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Maxthon2
[2012/05/02 18:03:16 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\NexusFont
[2010/06/07 01:01:05 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Nuance
[2012/04/05 16:02:11 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\onOne Software
[2012/04/02 13:08:22 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Opera
[2010/09/07 10:00:26 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\PC Suite
[2010/09/22 08:57:36 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\PeerNetworking
[2010/07/19 11:06:22 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\PhotoEchoes
[2012/04/02 13:08:22 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Poser Debut
[2012/04/02 13:09:05 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\PowerCinema
[2012/04/02 13:09:05 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Q-Dir
[2012/04/02 13:08:37 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Serif
[2012/04/02 13:09:06 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\SoftDMA
[2011/09/14 15:34:38 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\SPE
[2010/07/27 20:43:06 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/06/21 08:25:51 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Template
[2012/04/02 13:08:39 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Trusteer
[2012/05/04 20:52:46 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\XnView
[2012/03/30 17:03:32 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Yandex
[2012/04/02 13:08:40 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Zeon
[2011/11/03 10:59:55 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
========== Purity Check ==========
========== Custom Scans ==========
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< %temp%\smtmp\*.* /s > >
< MD5 for: EXPLORER.ADML >
[2009/07/14 02:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml
< MD5 for: EXPLORER.ADMX >
[2009/06/10 20:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
< MD5 for: EXPLORER.EXE >
[2011/02/26 06:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/26 06:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 06:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/10/05 15:46:38 | 003,167,656 | ---- | M] (Safer-Networking Ltd.) MD5=0AB68BFCE1579A61C36B79CAAFDCE992 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
[2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 05:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 06:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 12:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 06:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 06:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 05:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 13:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 06:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 05:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 01:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 06:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 06:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 06:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: EXPLORER.EXE.MUI >
[2009/07/14 02:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/14 02:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/14 02:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/14 02:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui
< MD5 for: EXPLORER.EXE-03C49D11.PF >
[2013/10/29 10:56:31 | 000,166,552 | ---- | M] () MD5=3BE6A2DBBA0CE08B15B2285379E9B130 -- C:\Windows\Prefetch\EXPLORER.EXE-03C49D11.pf
< MD5 for: IEXPLORE.EXE >
[2011/11/05 05:28:03 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=0377589BF14A6E5667B730D6D6DB59B4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16912_none_0fae4f323e42a646\iexplore.exe
[2010/09/08 04:36:39 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=14803EA3E5DD7CB37CB446C74CFDA38F -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_1a39121b8bff3c23\iexplore.exe
[2011/04/22 20:15:52 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=281C23EC5BCB1853A5D571F1A6E52FB1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_101e7c5957724e1d\iexplore.exe
[2009/07/14 01:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2011/12/16 08:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=38668C6CADABC9487C683FADD3D165D0 -- C:\Windows\SoftwareDistribution\Download\b0feba321cfd1099562f871d1ce948a1\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16930_none_19eb591872b56d75\iexplore.exe
[2011/08/20 04:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=41FE5E37EFE0B587A688BA0E4FA41288 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_19d3ea0872c5a830\iexplore.exe
[2011/11/05 05:34:31 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=441C397A9ECF07747920F7F5E40B419B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21085_none_0fef13a357968bc7\iexplore.exe
[2010/09/08 05:37:57 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=4879CB864E290BED38C5BDB641144B1B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_0fe467c9579e7a28\iexplore.exe
[2010/09/08 05:49:01 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=498035ABCCF1ED47AE6791D239187587 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_0f6c69ae3e743d20\iexplore.exe
[2010/11/04 05:54:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=58CF468D3FF4CF830339FE5E45356355 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_1a0bc510729d1f54\iexplore.exe
[2010/09/08 04:31:24 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=61EDBCE47ADF3E52AB0B9F49EE4AEBB8 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_19c1140072d4ff1b\iexplore.exe
[2011/04/22 19:29:16 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=64EFAF916C4009F1B84153D0BB491FB0 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_1a0bc6f6729d1c7b\iexplore.exe
[2010/11/04 05:54:59 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6B2258FF6D2332073FE9E90122FA4168 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1a75f2618bd22c48\iexplore.exe
[2011/06/21 06:14:22 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=6B2383EDA3956983E3219A62D8408DAB -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_0fe16ab757a12871\iexplore.exe
[2011/06/21 05:25:30 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6BB506124872ACDFAC5BD912CA1334CE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_1a3615098c01ea6c\iexplore.exe
[2010/12/18 06:17:48 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=700B40EA39DFB25517A81032F03D6D20 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_0fa37b7a3e4ac7e9\iexplore.exe
[2010/11/20 13:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2010/12/18 06:11:10 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=8C6C32E4AF8A3D7155656F5897C504E0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1000d84b5789be20\iexplore.exe
[2011/11/05 04:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=8ED7C19AEFA3673AADB0D6864B03FBCE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16912_none_1a02f98472a36841\iexplore.exe
[2012/02/20 10:18:11 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2012/02/20 10:18:11 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
[2010/12/18 05:32:25 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=9321CF0D023528C71E3645F8433C86C8 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1a55829d8bea801b\iexplore.exe
[2011/06/21 05:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=A3AB0A260049BE22AB52E302D9220A92 -- C:\Windows\ERDNT\cache86\iexplore.exe
[2011/06/21 05:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=A3AB0A260049BE22AB52E302D9220A92 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_19f459cc72ad545d\iexplore.exe
[2011/12/16 08:45:57 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=A3F56CED7B94A30BE8954387F0E2B5D2 -- C:\Windows\SoftwareDistribution\Download\b0feba321cfd1099562f871d1ce948a1\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16930_none_0f96aec63e54ab7a\iexplore.exe
[2011/11/05 04:39:45 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=A8A14CD0CB499B80412F75D53996AE29 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21085_none_1a43bdf58bf74dc2\iexplore.exe
[2010/12/18 05:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AA08B68EF4E35EFA170CF85A44B23B70 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_19f825cc72ab89e4\iexplore.exe
[2011/02/24 05:45:11 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AB2BB40A5FE49AD236791AC22BD08869 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1a9d66118bb386fd\iexplore.exe
[2011/08/20 05:46:07 | 000,696,576 | ---- | M] (Microsoft Corporation) MD5=AC1CC7CD5CBE60EFF105BB3C0DC199C5 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_0f7f3fb63e64e635\iexplore.exe
[2011/06/21 06:21:24 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=B38DE184AC135A4B0AE7D286476FA33F -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_0f9faf7a3e4c9262\iexplore.exe
[2011/02/24 06:29:19 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=B4881B8F6EDB48CABD44BCC9FB5475C4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1048bbbf5752c502\iexplore.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2011/12/16 08:42:35 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=C152529FD67ABB61F0609EF5A299794C -- C:\Windows\SoftwareDistribution\Download\b0feba321cfd1099562f871d1ce948a1\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21108_none_104895c75752f56b\iexplore.exe
[2011/12/16 09:19:51 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=C53E41F92B19EC97D987F968403BEC49 -- C:\Windows\SoftwareDistribution\Download\b0feba321cfd1099562f871d1ce948a1\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21108_none_1a9d40198bb3b766\iexplore.exe
[2010/11/20 12:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2011/02/24 05:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C6697A46554E36541E81182B258A19D6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_19d0e74472c85f04\iexplore.exe
[2011/08/20 05:42:38 | 000,696,576 | ---- | M] (Microsoft Corporation) MD5=C66C8BF791F9DB974022506265518EE0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_102322ab576fcd64\iexplore.exe
[2011/04/22 20:16:25 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=D6F57A9ECB4606076FB9519D1698FCBA -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_0fb71ca43e3c5a80\iexplore.exe
[2010/11/04 06:37:41 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=D8E00EA671A1EFE95C69C7566C505AD4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_0fb71abe3e3c5d59\iexplore.exe
[2011/02/24 06:32:09 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=E1BBDE0F187194D4B08335234A4B9FC7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_0f7c3cf23e679d09\iexplore.exe
[2010/11/04 06:42:22 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=E220FB009F54AAF649C6A278A5156764 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1021480f57716a4d\iexplore.exe
[2012/02/20 10:18:00 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Program Files\Internet Explorer\iexplore.exe
[2012/02/20 10:18:00 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe
[2009/07/14 01:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
[2011/04/22 19:11:29 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=F94877A94996B3C12BB31AD722840457 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_1a7326ab8bd31018\iexplore.exe
[2011/08/20 04:32:44 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=FA623BE79902A7B49FF4F21117B63C83 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_1a77ccfd8bd08f5f\iexplore.exe
< MD5 for: IEXPLORE.EXE.MUI >
[2012/02/20 10:18:01 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2012/02/20 10:18:01 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2012/02/20 10:18:15 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2012/02/20 10:18:15 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2009/07/14 02:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui
[2009/07/14 02:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/14 02:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui
[2009/07/14 02:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui
< MD5 for: SERVICES >
[2009/06/10 21:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
< MD5 for: SERVICES.DTD >
[2012/03/28 20:40:18 | 000,007,693 | ---- | M] () MD5=0167EEA0CD182E558850B3E3BF241D88 -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{06990470-8417-465F-8B58-A3008B344A95}\locale\ru\services.dtd
[2012/03/28 20:40:18 | 000,007,080 | ---- | M] () MD5=5ED0DE2E8771F3061E8A5EA7E83858C4 -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{06990470-8417-465F-8B58-A3008B344A95}\locale\en\services.dtd
[2012/03/28 20:40:18 | 000,007,679 | ---- | M] () MD5=6F349841B35825885251E27954AC2F43 -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{06990470-8417-465F-8B58-A3008B344A95}\locale\be\services.dtd
[2012/03/28 20:40:18 | 000,007,109 | ---- | M] () MD5=863C33EF25373CD8D1103ECEDF027D6F -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{06990470-8417-465F-8B58-A3008B344A95}\locale\cs\services.dtd
[2012/03/28 20:40:18 | 000,007,701 | ---- | M] () MD5=B0758798DEEF23E1D7EF07112D281FCA -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{06990470-8417-465F-8B58-A3008B344A95}\locale\uk\services.dtd
[2012/03/28 20:40:18 | 000,007,859 | ---- | M] () MD5=ECD85452EF5E94D66560797B64751E28 -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{06990470-8417-465F-8B58-A3008B344A95}\locale\kk\services.dtd
[2012/03/28 20:40:18 | 000,007,088 | ---- | M] () MD5=F2F23D6C79AF6CE288C9CC71A99A8C59 -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{06990470-8417-465F-8B58-A3008B344A95}\locale\tr\services.dtd
< MD5 for: SERVICES.EXE >
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SERVICES.EXE.MUI >
[2009/07/14 02:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/14 02:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
< MD5 for: SERVICES.JS >
[2013/10/19 11:09:43 | 000,005,711 | ---- | M] () MD5=92C58E360CF2E2E364275DB15E9D0289 -- C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.10.0_0\scripts\services.js
< MD5 for: SERVICES.LNK >
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOF >
[2009/06/10 20:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 20:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
< MD5 for: SERVICES.MSC >
[2009/07/14 02:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 20:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/14 02:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/14 02:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 20:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/14 02:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
< MD5 for: SERVICES.PTXML >
[2009/07/13 20:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 20:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
< MD5 for: SERVICES.SBS >
[2011/03/01 09:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy 2\Includes\Services.sbs
< MD5 for: SERVICES.XML >
[2012/03/28 20:40:29 | 000,018,507 | ---- | M] () MD5=C4950F1359292A158B143327D6AEB90B -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\packages\{D02A3D80-B37F-4DB7-8B7A-3E07D5239D7F}\services\services.xml
< MD5 for: WINLOGON.ADML >
[2009/07/14 02:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml
< MD5 for: WINLOGON.ADMX >
[2009/06/10 21:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
< MD5 for: WINLOGON.EXE >
[2010/11/20 13:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 01:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 07:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 06:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009/10/28 06:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 06:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WINLOGON.EXE.MUI >
[2010/11/20 13:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
[2009/07/14 02:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2009/07/14 02:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui
< MD5 for: WINLOGON.MFL >
[2009/07/14 02:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/14 02:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl
< MD5 for: WINLOGON.MOF >
[2009/07/13 20:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 20:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
< %SYSTEMDRIVE%\*.* >
[2013/10/30 18:33:49 | 000,028,220 | ---- | M] () -- C:\aaw7boot.log
[2013/10/27 10:54:50 | 000,000,002 | ---- | M] () -- C:\AvastSetup.log
[2009/07/14 01:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/07/27 20:40:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/07/02 08:51:00 | 000,013,757 | ---- | M] () -- C:\CDAVFSuser.log
[2010/07/01 09:01:47 | 000,017,570 | ---- | M] () -- C:\CDAVFSuserBackup.log
[2011/10/09 12:17:21 | 000,045,546 | ---- | M] () -- C:\ComboFix.txt
[2008/10/27 13:19:23 | 000,064,883 | ---- | M] () -- C:\converterv_mzr64rr1.jar
[2008/10/08 11:48:50 | 000,075,174 | ---- | M] () -- C:\CybDefInstallInfo.log
[2008/10/27 13:30:51 | 000,132,104 | ---- | M] () -- C:\dap050015_ciqqkzpv.jar
[2012/05/01 23:21:53 | 000,000,089 | ---- | M] () -- C:\data
[2002/07/28 23:40:00 | 001,059,840 | ---- | M] (Auto FX Software) -- C:\DS_Bonus_Plugin.8bf
[2012/01/09 18:10:47 | 000,461,824 | -HS- | M] () -- C:\EUMONBMP.SYS
[2010/01/03 00:00:36 | 000,004,047 | ---- | M] () -- C:\EyeCandyLog.txt
[2009/01/04 07:40:46 | 000,003,275 | ---- | M] () -- C:\flpalbm.opf
[2008/10/27 13:17:57 | 000,060,114 | ---- | M] () -- C:\gintris_u77v9ril.jar
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2008/10/27 13:08:33 | 000,051,408 | ---- | M] () -- C:\greatertha_bhihclc7.jar
[2005/01/21 04:12:14 | 000,000,011 | ---- | M] () -- C:\H07542EN.tag
[2013/10/30 18:33:51 | 3217,235,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/29 10:39:32 | 000,016,629 | ---- | M] () -- C:\hijackthis.log
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2010/02/25 09:20:32 | 000,000,490 | ---- | M] () -- C:\INSTALL.LOG
[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2012/01/19 16:57:49 | 000,000,863 | ---- | M] () -- C:\InstallHelper.log
[2010/03/22 18:11:13 | 000,696,747 | ---- | M] () -- C:\jemshorthair1.jpg
[2010/03/22 18:11:33 | 001,754,727 | ---- | M] () -- C:\jemshorthair2.jpg
[2010/03/22 18:12:13 | 000,650,199 | ---- | M] () -- C:\jemshorthair3.jpg
[2010/03/22 18:13:01 | 000,916,381 | ---- | M] () -- C:\jemshorthair4.jpg
[2010/03/22 18:13:42 | 001,051,683 | ---- | M] () -- C:\jemshorthair6.jpg
[2010/03/22 18:14:35 | 000,761,656 | ---- | M] () -- C:\jemshorthair7.jpg
[2010/03/22 18:15:11 | 000,838,946 | ---- | M] () -- C:\jemshorthair8.jpg
[2009/03/23 21:26:52 | 000,047,183 | ---- | M] () -- C:\me.jpg
[2010/03/22 18:07:55 | 001,293,737 | ---- | M] () -- C:\merlinlas4t.jpg
[2010/03/22 18:00:47 | 000,654,981 | ---- | M] () -- C:\merlinlast1.jpg
[2010/03/22 18:01:29 | 000,709,909 | ---- | M] () -- C:\merlinlast2.jpg
[2010/03/22 18:02:11 | 000,833,637 | ---- | M] () -- C:\merlinlast3.jpg
[2010/03/22 18:08:37 | 000,599,749 | ---- | M] () -- C:\merlinlast5.jpg
[2010/03/22 18:09:28 | 000,565,526 | ---- | M] () -- C:\merlinlast6.jpg
[2010/03/22 18:10:08 | 000,596,533 | ---- | M] () -- C:\merlinlast7.jpg
[2000/05/21 23:00:00 | 000,115,920 | ---- | M] (Microsoft Corporation) -- C:\Msinet.ocx
[2002/01/05 02:38:38 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\msvci70.dll
[2013/10/30 18:33:54 | 4289,650,688 | -HS- | M] () -- C:\pagefile.sys
[2009/09/04 16:15:12 | 000,003,011 | RHS- | M] () -- C:\Patch.rev
[2010/05/09 18:16:33 | 000,000,218 | RHS- | M] () -- C:\Preload.rev
[2009/04/23 19:46:30 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\psapi.dll
[2007/03/07 16:40:40 | 000,000,345 | ---- | M] () -- C:\RHDSetup (1).log
[2010/05/09 18:25:31 | 000,001,989 | ---- | M] () -- C:\RHDSetup.log
[2008/05/15 15:04:28 | 000,000,479 | ---- | M] () -- C:\sghmmail.ECF
[2009/09/12 22:17:37 | 000,115,224 | ---- | M] () -- C:\snp2sxp-001.raw
[2007/06/11 10:28:58 | 000,000,600 | -H-- | M] () -- C:\SWSTAMP.TXT
[2009/10/26 21:46:58 | 000,005,966 | ---- | M] () -- C:\SyncTraceFile.txt
[2011/04/28 09:07:54 | 000,067,488 | ---- | M] () -- C:\TDSSKiller.2.4.3.0_28.04.2011_10.04.28_log.txt
[2011/10/09 13:26:05 | 000,000,414 | ---- | M] () -- C:\TDSSKiller.2.5.22.0_09.10.2011_14.25.57_log.txt
[2011/09/14 15:30:40 | 000,074,170 | ---- | M] () -- C:\TDSSKiller.2.5.22.0_14.09.2011_16.29.14_log.txt
[2011/10/09 13:30:57 | 000,171,428 | ---- | M] () -- C:\TDSSKiller.2.6.6.0_09.10.2011_14.28.05_log.txt
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/10/05 15:13:30 | 000,470,582 | ---- | M] () -- C:\vcredist_x86.log
[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2008/10/27 13:09:33 | 000,000,839 | ---- | M] () -- C:\worms08_kz4me3av.jad
[2010/11/06 15:56:03 | 003,656,870 | ---- | M] () -- C:\xcards.ppp
[2008/06/04 11:37:03 | 000,000,162 | ---- | M] () -- C:\YServer.txt
[2008/10/27 13:05:41 | 000,269,414 | ---- | M] () -- C:\zuma_mp7zxmpq.jar
[2012/01/09 19:17:22 | 000,004,096 | -HS- | M] () -- C:\{37CC1B76-A9E8-4D00-8A60-DE2D72F75C1D}.CBM
< %systemroot%\Fonts\*.com >
[2009/07/14 05:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 05:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 05:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 05:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/06/10 20:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2011/11/28 18:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2009/09/22 16:15:26 | 000,220,672 | ---- | M] (Juan Trujillo Tarradas; http://www.jttsoft.com) -- C:\Windows\PhotoEchoes.scr
[2010/11/10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2009/07/14 04:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is ACER
Volume Serial Number is 046D-856D
Directory of C:\
14/07/2009 05:08 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
14/07/2009 05:08 <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 05:08 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 05:08 <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 05:08 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 05:08 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 05:08 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
14/07/2009 05:08 <SYMLINKD> All Users [C:\ProgramData]
14/07/2009 05:08 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
14/07/2009 05:08 <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 05:08 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 05:08 <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 05:08 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 05:08 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 05:08 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
14/07/2009 05:08 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 05:08 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
14/07/2009 05:08 <JUNCTION> My Documents [C:\Users\Default\Documents]
14/07/2009 05:08 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 05:08 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 05:08 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 05:08 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 05:08 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 05:08 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
14/07/2009 05:08 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
14/07/2009 05:08 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 05:08 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
14/07/2009 05:08 <JUNCTION> My Music [C:\Users\Default\Music]
14/07/2009 05:08 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
14/07/2009 05:08 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Lorna
09/05/2010 18:16 <JUNCTION> Application Data [C:\Users\Lorna\AppData\Roaming]
09/05/2010 18:16 <JUNCTION> Cookies [C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Cookies]
09/05/2010 18:16 <JUNCTION> Local Settings [C:\Users\Lorna\AppData\Local]
09/05/2010 18:16 <JUNCTION> My Documents [C:\Users\Lorna\Documents]
09/05/2010 18:16 <JUNCTION> NetHood [C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/05/2010 18:16 <JUNCTION> PrintHood [C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/05/2010 18:16 <JUNCTION> Recent [C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Recent]
09/05/2010 18:16 <JUNCTION> SendTo [C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\SendTo]
09/05/2010 18:16 <JUNCTION> Start Menu [C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Start Menu]
09/05/2010 18:16 <JUNCTION> Templates [C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Lorna\AppData\Local
09/05/2010 18:16 <JUNCTION> Application Data [C:\Users\Lorna\AppData\Local]
09/05/2010 18:16 <JUNCTION> History [C:\Users\Lorna\AppData\Local\Microsoft\Windows\History]
09/05/2010 18:16 <JUNCTION> Temporary Internet Files [C:\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Lorna\Documents
09/05/2010 18:16 <JUNCTION> My Music [C:\Users\Lorna\Music]
09/05/2010 18:16 <JUNCTION> My Pictures [C:\Users\Lorna\Pictures]
09/05/2010 18:16 <JUNCTION> My Videos [C:\Users\Lorna\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
14/07/2009 05:08 <JUNCTION> My Music [C:\Users\Public\Music]
14/07/2009 05:08 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
14/07/2009 05:08 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
06/09/2010 17:51 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
06/09/2010 17:51 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
06/09/2010 17:51 <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
06/09/2010 17:51 <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/09/2010 17:51 <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/09/2010 17:51 <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
06/09/2010 17:51 <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
06/09/2010 17:51 <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
06/09/2010 17:51 <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
06/09/2010 17:51 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
06/09/2010 17:51 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
06/09/2010 17:51 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
06/09/2010 17:51 <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
06/09/2010 17:51 <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
06/09/2010 17:51 <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile
06/09/2010 17:51 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
06/09/2010 17:51 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
06/09/2010 17:51 <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
06/09/2010 17:51 <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/09/2010 17:51 <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/09/2010 17:51 <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
06/09/2010 17:51 <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
06/09/2010 17:51 <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
06/09/2010 17:51 <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
06/09/2010 17:51 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
06/09/2010 17:51 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
06/09/2010 17:51 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
06/09/2010 17:51 <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
06/09/2010 17:51 <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
06/09/2010 17:51 <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
79 Dir(s) 290,217,127,936 bytes free
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/03/29 09:35:59 | 000,000,286 | -HS- | M] () -- C:\Users\Lorna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2012/02/23 14:27:21 | 000,000,221 | -HS- | M] () -- C:\Users\Lorna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2013/11/03 11:59:04 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Lorna\Desktop\aswMBR.exe
[2013/10/29 10:54:05 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Lorna\Desktop\HijackThis.exe
[2013/11/03 12:02:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lorna\Desktop\OTL.exe
[2013/11/03 11:58:42 | 000,891,184 | ---- | M] () -- C:\Users\Lorna\Desktop\SecurityCheck.exe
< %PROGRAMFILES%\Common Files\*.* >
[2009/02/10 19:23:42 | 000,192,484 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acer GameZone online.ico
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
========== Base Services ==========
SRV:64bit: - [2009/07/14 01:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2009/07/14 01:40:01 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 01:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2009/07/14 01:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2009/07/14 01:40:10 | 000,703,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 07:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 01:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 01:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2009/07/14 01:40:13 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2009/07/14 01:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2009/07/14 01:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2009/07/14 01:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2009/07/14 01:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 01:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 06:17:10 | 000,182,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 01:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 01:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 01:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 01:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009/07/14 01:41:10 | 000,500,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/14 01:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 01:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 01:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 01:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 01:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2009/07/14 01:41:52 | 000,302,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 01:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 11:21:59 | 000,404,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2010/08/21 06:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 07:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 01:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2009/07/14 01:41:53 | 000,343,552 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2009/07/14 01:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2009/07/14 01:41:53 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 07:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2010/12/21 06:16:27 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/08/27 06:14:02 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2009/07/14 01:41:54 | 000,369,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/14 01:16:14 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/02 05:16:53 | 001,114,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2009/07/14 01:41:55 | 000,316,416 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 01:16:15 | 000,241,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 01:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/14 01:41:53 | 000,208,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2009/07/14 01:39:50 | 001,598,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2009/07/14 01:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2009/07/14 01:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2009/07/14 01:41:53 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:41:56 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2009/07/14 01:41:27 | 000,824,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2009/07/14 01:41:56 | 000,578,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2009/07/14 01:39:21 | 000,127,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2009/07/14 01:14:25 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 01:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 22:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2009/07/14 01:40:32 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 01:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2009/07/14 01:41:56 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
========== Drive Information ==========
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HTS545050B9A300
Partitions: 4
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HTS545050B9A300
Partitions: 1
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 12.00GB
Starting Offset: 1048576
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 4.00GB
Starting Offset: 12583960576
Hidden sectors: 0
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 16342056960
Hidden sectors: 0
DeviceID: Disk #0, Partition #3
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 450.00GB
Starting Offset: 16446914560
Hidden sectors: 0
DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 466.00GB
Starting Offset: 32256
Hidden sectors: 0
========== Alternate Data Streams ==========
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\wordchart1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\WM0270.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Weave-ItBkTwo.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Weave-ItBkThree.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\vintage_knitting_tips.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\vintage_knitting_tips.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\vertigo-source.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\vertigo-logo-source.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\vertigo-footer-source.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Valsaddress.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\tyroknit.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\TheWeave-ItBook.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\testpdf.PDF:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\TechniqueColoredPencil.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\sv_028.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\surveys.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\stitchy.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\steampunk-bug.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\star_template.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\stamford-artisans-guild-logo.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Spool221.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\showcase-source.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Sea%20Breeze%20Angelina%20instructions.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\SAGE INVOICES.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\replicant2-source.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\PRESS RELEASEoldword.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\press release vic hall lorna.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\pic for payperhour.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\pdftedst.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\paper doll maryjane.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\office10beta.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\OFFICE PROFESSIONAL KEY.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\mywatchmanual.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Mysnowflakes.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Mysnowflakes.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Microsoft Word - r conboy webvert march 08.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\m names.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\linked in us search.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\len and nell page 11 i think cmyk.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\LayoutTool - Legacy.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\JumpingJacks.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\JumpingJacks(1).pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\joomla_15_quickstart.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\jemjoker.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\jemcvnewtxtonly.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\jem cv.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\jem cv new.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\jem coverletterbarclays.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\IS SHAKESPEARE DEAD.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\invite square copy.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Inside Front Cover.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\inside back cover cmyk.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\High-Raw-Kevin-Gianni.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\hhswholething.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\heartsnflowerspng.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\HEARTSfinal layout2up.docx.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\HEARTSfinal layout.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Hearts.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Heart_templates.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\googlebase-ezlibris-200806231005.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\googlebase-ezlibris-200806230956.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\front cover cmyk.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\From the time I was a little girl.pps:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\fox2crop.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\flowersp.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\flower_template.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\flower.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\floralpeyote v2.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\floral1peyote1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\floral1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\floral1 peyote1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\farm1a.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\ETSToysB.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\ETSToysA.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Elfic_doll.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\dvlalicenceapp.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\CTMJanFeb08 FINAL.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\CTFEB07CrochetFroggyHatCheerioEssentials.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\cs5serial.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\COURIER.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\CorelDRAW Graphics Suite X3.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\copyrightnotice.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\copyrightnotice.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\cctreescrop.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\cash_book_pro_v2.0.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Card07.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Card06.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Card04.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\calendar_organizer_months.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\broadsheetsteampunk.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\BABYmocsBtys.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\B023_ebook.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\amclassical_silent_night.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\alicewivbaby.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\aglaciercrop.JPG:Roxio EMC Stream
@Alternate Data Stream - 452 bytes -> C:\Users\Lorna\Documents\vichallflyerfinal.ppp:SummaryInformation
@Alternate Data Stream - 436 bytes -> C:\xcards.ppp:SummaryInformation
@Alternate Data Stream - 432 bytes -> C:\Users\Lorna\Documents\alice1.ppp:SummaryInformation
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:BC3DB898
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:2B11E0DF
< End of report >
EXTRAS.txt:
OTL Extras logfile created on: 03/11/2013 12:30:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lorna\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
4.00 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 62.33% Memory free
7.99 Gb Paging File | 6.07 Gb Available in Paging File | 76.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.44 Gb Total Space | 268.88 Gb Free Space | 59.69% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 246.55 Gb Free Space | 52.93% Space Free | Partition Type: NTFS
Drive E: | 254.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: LORNA-PC | User Name: Lorna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Value error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FB98A1-7AF9-46DA-870E-B3E179CE55A5}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0A37EBFD-4C01-4323-BBD7-D212EB87C91B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0D23B282-2882-4D6B-B34C-C809FBDB29EB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0E8B587E-8654-49E1-ADD9-5A6126327F9C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{109092A7-9655-42A4-BE06-1E4293F9D2BC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{175CC621-2FC3-4E9A-8A3B-8688346CBA8F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1AB91F7A-C8C3-4F1B-90E2-0DF59D760C39}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2456651F-140F-41DB-AE77-FD4C437211B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{285DA852-E50B-4CD6-A2AF-A67C16058365}" = rport=445 | protocol=6 | dir=out | app=system |
"{2F22710D-5CDC-42CB-8492-66DE3A6C1D8D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{327F1DA6-D344-4488-B593-D5455C2CC737}" = rport=10243 | protocol=6 | dir=out | app=system |
"{36B71C93-50A9-4F48-BF8E-7569CFD30A5C}" = rport=2869 | protocol=6 | dir=out | app=system |
"{40D98898-C72B-48A9-9001-AA1EA67D641E}" = lport=137 | protocol=17 | dir=in | app=system |
"{6B75E5BC-8C35-4758-A8B9-670E1F4D590B}" = rport=138 | protocol=17 | dir=out | app=system |
"{6CD889C3-ADC0-4253-A003-13D5A86433E1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E491A19-0544-4E98-8CCB-FEDFDAC391BA}" = lport=445 | protocol=6 | dir=in | app=system |
"{8F3FDE23-CB59-40E2-99DC-248E18C6AD35}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8F63FA6D-D92E-43F1-9736-08F1DA4C0ED6}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{990019A1-389A-4131-8ED1-75C68E987E3B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{999B8C11-E1E9-48B0-B131-51BF04F48763}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AAA4096A-8218-492F-867B-6DBBFF09D244}" = lport=139 | protocol=6 | dir=in | app=system |
"{AFDF5C9D-EF74-429B-9DDA-9E4A52576469}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B4D7A118-7027-45E5-82C6-7DDA4005F457}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B8ACFC35-CE78-4145-97F9-3CBB5905ACA3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C242A725-DF66-4D6B-A25D-B69DFEC85D60}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C5299320-4AFA-44FD-A254-D0ACE41376CF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D00F6322-F81F-48FE-A42C-689480474DF6}" = lport=138 | protocol=17 | dir=in | app=system |
"{D60C093C-775D-44FB-AA6D-5FAA2E4AB678}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DADE18E9-DEFD-4BE3-AFCF-7D5B3440B6FA}" = rport=137 | protocol=17 | dir=out | app=system |
"{DD1C5633-85CA-4F5D-9761-7C44D8785AB1}" = rport=139 | protocol=6 | dir=out | app=system |
"{EC3E75AD-21E1-4969-9906-E6FFDDE263DE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E663DF1-5CC7-49F9-B4F2-DE4EC2CDF538}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0F9493B2-954A-45C2-A962-D64D963598B1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0FE74F0C-38DE-4447-9C5F-A7F1C895A49C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{17355C71-1C6A-4F7A-8DCB-76D5074EC64E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{19B926AF-F118-4E2D-A0D5-C54FC4933C29}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{24F886AC-2564-49A6-89B6-1C9DA4C959E8}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{3439C0E9-1858-4AFC-B720-4D3F0F01045D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{35CDDABE-97DD-4AD8-821E-EEEB6CEF9103}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3FBBCB08-A755-4D39-A53F-895873691A91}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{4316C09F-0F43-489A-B7F3-8E3B9B5A77CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{439578B7-4ED0-4CF8-8AB8-880B24B1A4F0}" = protocol=17 | dir=in | app=c:\windows\temp\cmc_dragon\restart_helper.exe |
"{4C0574E3-F9E2-453F-977D-3571B658121D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4FF09CFE-451B-44A1-94E3-5D177B5026A7}" = protocol=17 | dir=in | app=c:\users\lorna\appdata\roaming\dropbox\bin\dropbox.exe |
"{5AE9766C-EC17-454E-8FAA-3F3A5806AE5F}" = protocol=6 | dir=in | app=c:\users\lorna\appdata\roaming\dropbox\bin\dropbox.exe |
"{64FAC652-19ED-4637-86F6-E87D29048500}" = protocol=6 | dir=out | app=system |
"{65189FD5-E420-4929-89DC-C2432B37F088}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{658D211A-36E4-456B-9DE6-B38E6BF5B7E1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6756D2C8-D447-4C27-992D-1671AB2C3B21}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\comodo\tvnserver.exe |
"{69C7DF42-A0B7-4CBF-BFD9-C5402896D6E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E739B8C-F5DE-44CC-8156-3C2DC7FBF9E3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{727199DC-71F7-4C6F-9C5A-F2D8EBFFBFC0}" = protocol=6 | dir=in | app=c:\windows\temp\cmc_dragon\restart_helper.exe |
"{7928CA9C-B0CE-4A93-92AC-D6D67FF39CD8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7AC87AB6-F04D-4E76-A450-665B8B5DDD80}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{7D537CD3-E95A-48C2-92C2-0362143919F4}" = protocol=6 | dir=in | app=c:\users\lorna\appdata\roaming\dropbox\bin\dropbox.exe |
"{9C1B4A8A-2198-4CB1-8A6A-233778D9C76E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A2D0DBED-F7DE-49E0-98DB-F40E792C4A74}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AD7E18DA-5144-4307-BA47-6F910D52F525}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AE1F3226-FB2F-458F-863C-92CE34467DBD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BF5AE95C-5779-49FC-A95F-A19EB426F5D2}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C38F1B2D-5541-4443-B546-983E13B9D4FF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C4F6DDF6-0527-4A4C-86DB-FD1661B27A3B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C97E426B-9C46-428A-BA44-247A11D73F7C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CB269071-FD26-4B3D-A1F0-ED82D4F8FF34}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{CE7E3F2C-374E-434B-8097-6F85E818F921}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\comodo\tvnserver.exe |
"{D8442974-63BC-40C7-9F42-2A2EB91307D4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DF1E12D1-625A-434C-8AF2-ADBACA066882}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EA239201-9796-4433-8FAD-6D2F7FBC6256}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{EEE8BE16-4EBD-4E1F-BC9F-8CDFD7739918}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EF398F74-BF9D-4889-A8D1-65612570EE45}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F512C44E-C797-4A64-852D-559A86C114ED}" = protocol=17 | dir=in | app=c:\users\lorna\appdata\roaming\dropbox\bin\dropbox.exe |
"{FECBDD97-A918-4925-8F49-4671A74E4771}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{108A39BF-4ED1-4293-B11A-06BD521FB8F7}" = FreeOCR 3.0
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A9E695CB-A6AA-4B4C-9754-BA3CFF1C3B00}" = HP Officejet Pro 8000 A809 Series
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"A5B98551C6BA1C24D2FDDFB2E1764339D449F74D" = Windows Driver Package - Intel (NETw5v64) net (09/15/2009 13.0.0.107)
"B540836D57069F83653778772EE56C5408F1B192" = Windows Driver Package - Intel (NETw5s64) net (09/15/2009 13.0.0.107)
"DesktopIconAmazon" = Desktop Icon für Amazon
"Free PDF to Word Converter_is1" = Free PDF to Word Converter 4.2.3.183
"GIMP-2_is1" = GIMP 2.6.12
"HitmanPro37" = HitmanPro 3.7
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"novaPDF Pro v5_is1" = novaPDF Pro v5 (novaPDF Professional Desktop 5.5 printer)
"NVIDIA Drivers" = NVIDIA Drivers
"PDFtypewriter Printer Driver" = PDFtypewriter Printer Driver
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FAEAEC8-F458-4AE2-89B8-BF680FD245D5}" = 8000A809_eDocs
"{1000ACF5-0BCF-4FC0-B4F5-F044317F9155}" = ProductContext
"{10B1D4F7-6568-48F7-92FD-74D616CD061E}" = Serif CraftArtist Wedding Days Collection
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1439B98F-681E-4D51-BB90-D04474E4C6EA}" = Serif Digital Scrapbook Artist 2
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15879CF1-46AD-4A19-B362-E3A939C65BA9}" = DaisyTrail Summer Fun Digikit
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BB1AF9-981C-4539-9113-D2F88F031C1D}" = GeekBuddy
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2189194E-35E0-4597-BC93-63DC40EB9258}" = Serif Digital Scrapbook Artist Photobook, Basic
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{25015AF4-F435-4605-A06F-BA91C0BF6087}" = Serif CraftArtist Scrapbooks Collection
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20
"{26F8F39E-C228-4E3C-93A5-061FCCBFC914}" = Serif PagePlus Essentials
"{27996809-446F-7261-6C69-6B654C656F6E}" =
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{312F775B-EF9B-4456-83C8-4B4596677C13}" = Serif CraftArtist Baby Photos Collection
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{366584A4-1D35-49B2-97B3-C803DDFCC543}" = myPrintMileage (Officejet Pro 8000 A809)
"{3AD783E5-1DC6-4FDF-B913-C371657B7A6B}" = Acer Arcade Instant On
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EC9C9AB-28DA-411D-8EFE-E31AFAFA038A}" = Karen Gover, Turkish Delight Digikit
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{565A39D6-4FB0-4F35-A2AC-0DC66ACC3520}" = Fingerprint Solution
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5ED5BC4D-CADC-4705-A230-D1FC80882252}" = PhotoTools 2.6.3 Free
"{5F9DDC8F-5D4D-4D63-BDB5-8DB3EE1432E4}" = Serif PagePlus Essentials Bonus Content Pack
"{61B3CAF9-0C8A-4390-AE72-D6B90FB71C17}" = Serif CraftArtist Professional
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63CA71FE-85AB-49AE-8668-26951FBD95DC}" = Kaleidoscope Kreator 3
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{761E061F-FB8E-BBB4-69A4-B1DEF3640DB7}" = Zinio Reader 4
"{76E2A1A0-CE72-48A0-8D8E-767A1B0C2191}" = PhotoFrame 4.6.3 Free
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C08721F-AC43-4198-A35B-93442DD10A26}" = Serif CraftArtist Greeting Cards Collection
"{7D336C6B-1C91-4AD4-B168-F1E1AC08D737}" = PDFtypewriter with PDF Printer Driver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}" = Star Defender 4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92975DF9-EA36-4F36-A9AC-D412BC1D709E}" = Nuvoton EC Generic HID Driver
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A8BCCBD-07F6-4B3E-9463-FA556619744E}" = eBaitor
"{9ADE9794-F65D-11BE-051B-B6E52B5CDD04}" = Adobe Community Help
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FB13038-240D-427E-B27E-1796E5C0FA1A}" = DaisyTrail Vintage Sideshow Digikit
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{B9830694-3D4A-40CC-AB27-5A8C9E160200}" = BPDSoftware
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BDE7CE44-145A-47E3-9A75-9FBD49D9B46B}" = 8000A809
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C5F7045B-193F-418C-A4DE-27F76F28841E}" = BPDSoftware_Ini
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF255306-5B68-401F-87BA-AA62BEA6888C}" = 8000A809_Help
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12EBB4E-CF21-496D-979F-89D9DE58C5B8}" = PDFill PDF Tools (FREE)
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3F42516-EC12-4ECF-A3C3-5A79CD3CB5F5}" = Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D575FBAA-D6D6-4221-A2C4-67541DB7AB5E}_is1" = Device Doctor 1.0.0.1
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12F5FD8-3C24-4594-9730-3F89C04A45AA}" = eCraftShop Pro
"{E2B31B67-9795-4EF9-9AC6-B683E7B11BE6}_is1" = FotoFusion v4
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFEDD205-43FE-4208-B682-0937E803E19E}_is1" = NexusFont 2.5 (ver 2.5.7.1562)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F840E2F3-138C-4307-83F7-D0A5DD75B6CE}" = Samsung SCX-4100 Series (TWAIN)
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aniMate 2 DS3 2.0.0.7" = aniMate 2 DS3
"avast" = avast! Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Comodo Dragon" = Comodo Dragon
"DAZ 3D Install Manager 1 1.0.1.90" = DAZ 3D Install Manager 1
"DAZ Content Management Service 4.8.1.7" = DAZ Content Management Service
"DAZ Studio 3 3.1.2.32" = DAZ Studio 3
"Dazzling Reflections PE (Trial Version)_is1" = Dazzling Reflections PE v2.1
"DirPrintOK" = DirPrintOK
"DreamSuite Bonus" = Uninstall DreamSuite Bonus
"EaseUS Todo Backup Free 4.0_is1" = EaseUS Todo Backup Free 4.0
"Echoes_is1" = PhotoEchoes 3.1.004
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressBurn" = Express Burn Disc Burning Software
"Filter Forge Freepack 1 - Metals_is1" = Filter Forge Freepack 1 - Metals 2.009
"Filter Forge Freepack 2 - Photo Effects_is1" = Filter Forge Freepack 2 - Photo Effects 2.009
"Filter Forge Freepack 3 - Frames_is1" = Filter Forge Freepack 3 - Frames 2.009
"Filter Forge Freepack 4 - Distortions_is1" = Filter Forge Freepack 4 - Distortions 1.015
"Filter Forge Freepack 5 - Hearts_is1" = Filter Forge Freepack 5 - Hearts 2.009
"Filter Forge Freepack 6 - Patterns_is1" = Filter Forge Freepack 6 - Patterns 2.009
"FrameFun_is1" = FrameFun 2.0.0.7
"FrameMaster" = FrameMaster 2.14
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"GPL Ghostscript 8.57" = GPL Ghostscript 8.57
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"GridMagic_is1" = GridMagic 3.3.0.201
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"Identity Card" = Identity Card
"IE Kaleidoscope" = IE Kaleidoscope
"Inkscape" = Inkscape 0.48.2
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{565A39D6-4FB0-4F35-A2AC-0DC66ACC3520}" = Acer Bio Protection
"Instant Eyedropper_is1" = Instant Eyedropper 1.75
"Kaleider_is1" = Kaleider 4.8.1
"LManager" = Launch Manager
"Make The Cut!" = Make The Cut!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Maxthon2" = Maxthon2
"Mozilla Firefox 24.0 (x86 en-GB)" = Mozilla Firefox 24.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Pattaizer_is1" = Pattaizer v1.3
"Picasa 3" = Picasa 3
"Plugin Commander Light 1.61_is1" = Plugin Commander Light 1.61
"Poser Debut_is1" = Poser Debut
"Rapport_msi" = Rapport
"Samsung SCX-4100 Series" = Samsung SCX-4100 Series
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"SpywareBlaster_is1" = SpywareBlaster 4.4
"TabletDriver" = Trust Tablet Driver
"Ulead ArtTexture.Plugin 1.0" = Ulead ArtTexture.Plugin 1.0
"Ulead FantasyWarp.Plugin 1.0" = Ulead FantasyWarp.Plugin 1.0
"VertusPlayWithPictures" = Vertus Play With Pictures 1.0.9
"WinLiveSuite" = Windows Live Essentials
"Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free
"XnView_is1" = XnView 1.96.1
"Yandex Toolbar Removal Tool_is1" = Yandex Toolbar Removal Tool
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dashlane" = Dashlane
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spoon Sandbox Manager 3.32" = Spoon Sandbox Manager 3.32
"WinDirStat" = WinDirStat 1.1.2
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21/08/2011 14:51:35 | Computer Name = Lorna-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wbengine.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bc537 Faulting module name: ntdll.dll, version: 6.1.7600.16695,
time stamp: 0x4cc7b325 Exception code: 0xc0000005 Fault offset: 0x000000000004c8f4
Faulting
process id: 0x227c Faulting application start time: 0x01cc602cfa36a747 Faulting application
path: C:\Windows\system32\wbengine.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 978b0a96-cc26-11e0-87ba-ab44c7e5e56f
Error - 25/08/2011 14:40:11 | Computer Name = Lorna-PC | Source = MSSOAP | ID = 16
Description = Soap error: XML Parser failed at linenumber 0, lineposition 0, reason
is: The system cannot locate the resource specified. .
Error - 25/08/2011 14:40:11 | Computer Name = Lorna-PC | Source = MSSOAP | ID = 16
Description = Soap error: Loading of the WSDL file failed.
Error - 25/08/2011 14:40:11 | Computer Name = Lorna-PC | Source = MSSOAP | ID = 16
Description = Soap error: One of the parameters supplied is invalid..
Error - 26/08/2011 08:40:41 | Computer Name = Lorna-PC | Source = Application Hang | ID = 1002
Description = The program CraftArtist.exe version 1.0.4.40 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1fb4 Start
Time: 01cc63d406a2153c Termination Time: 0 Application Path: C:\Program Files (x86)\Serif\CraftArtist\1.0\Program\CraftArtist.exe
Report
Id: 860975a6-cfe0-11e0-87ba-ab44c7e5e56f
Error - 27/08/2011 18:46:38 | Computer Name = Lorna-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
Error - 28/08/2011 07:28:10 | Computer Name = Lorna-PC | Source = System Restore | ID = 8210
Description =
Error - 28/08/2011 16:38:41 | Computer Name = Lorna-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16768,
time stamp: 0x4d688122 Faulting module name: wucltux.dll, version: 7.3.7600.16385,
time stamp: 0x4a5be09e Exception code: 0xc0000005 Fault offset: 0x0000000000054f1d
Faulting
process id: 0x46c Faulting application start time: 0x01cc65795e54bcd5 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\wucltux.dll
Report
Id: b67d2884-d1b5-11e0-859f-ea060eeb6d6c
Error - 28/08/2011 16:42:33 | Computer Name = Lorna-PC | Source = Application Hang | ID = 1002
Description = The program Photoshop.exe version 12.0.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: d28 Start
Time: 01cc65c14a159d76 Termination Time: 835 Application Path: C:\Program Files\Adobe\Adobe
Photoshop CS5 (64 Bit)\Photoshop.exe Report Id:
Error - 01/09/2011 14:20:39 | Computer Name = Lorna-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
[ System Events ]
Error - 01/11/2013 14:25:58 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
Error - 01/11/2013 14:26:03 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
Error - 01/11/2013 14:26:17 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
Error - 01/11/2013 14:26:26 | Computer Name = Lorna-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Google
Software Updater service to connect.
Error - 01/11/2013 14:26:26 | Computer Name = Lorna-PC | Source = DCOM | ID = 10005
Description =
Error - 03/11/2013 07:51:00 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
Error - 03/11/2013 07:51:10 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
Error - 03/11/2013 07:51:40 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
Error - 03/11/2013 09:31:42 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
Error - 03/11/2013 09:31:44 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
< End of report >