Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

pc slows down to crawling pace [Solved]


  • This topic is locked This topic is locked
92 replies to this topic

#1 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 29 October 2013 - 04:59 AM

Hi

I don't know what the problem is, I have scanned using malwarebytes, comodo and EEK. a few spywares found and a trojan in recycle bin, plus Heuro.corrupt (?) in temp files and skype setup. All quarantined.
Think I may have rather stupidly copied it over from my other newer laptop which was behaving in the same way even after reloading windows, updating all drivers, scanning etc. (Hence moving to this older one in the hope of it not happening here!)

Basically it just starts to slow down, I get the blue circle spinning slower and slower, some processes can take half an hour or more or it just goes black, then I have to restart.

I tried to update the antivirus on this pc when I revived it after it lying around for a year or so, and I could not update or run avira or panda cloud. I did manage eventually to get comodo working again (altho for some reason it was not loading at startup; it is now) and use EEK and Malwarebytes, with results as above.

I'm running Windows 7 home premium on an acer aspire 7738G, Intel Core2 Duo16600, NVIDIA GeforceGT240M, $gb memory and 1TB hd. I hasxn't got service pack 1 on it as I system restroed after doing all the updates - as that seemed to be when it started runnuing slow. thinkin about it now, I had also reloaded all my DAZ/Poser 3D content back on to drive D too, and unzipped some of it, so maybe the problem was not the windows update after all ... any help you can offer would be fantastic, thanks


I could not run DDS as it said I didn't have a program associated with it to run it., so here's the HijackThis logfile:

I also could not post this with the HijackThis pasted in here as I was redirected to a 2007 post saying my HijackkThis was out of date and to redownload it from a broken link ... strange as I have just downloaded it this morning from your link herehere

So I am attempting to upload the file as an attachment .... and it says I am not permitted to upload this type of file! OK have downloaded from sourceforge. Here goes


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:58:27, on 29/10/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
CHROME: 31.0.1650.34
FIREFOX: 24.0 (en-GB)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Lorna\AppData\Roaming\Dashlane\Dashlane.exe
C:\Users\Lorna\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Users\Lorna\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...c8z185t5701w78n
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: This resource fork intentionally left blank ÿÿ
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~2\SEARCH~1\SEARCH~1.DLL
O2 - BHO: Dashlane BHO - {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - C:\Users\Lorna\AppData\Roaming\Dashlane\ie\Dashlanei.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SBCONVERT - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU4E\tbcore3.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU4E\grabber.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU4E\tbcore3.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKCU\..\Run: [Google Update] "C:\Users\Lorna\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Dashlane] "C:\Users\Lorna\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
O4 - Startup: Dropbox.lnk = Lorna\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra button: eBay US - {A7897C2E-3A8D-4c80-AC60-2310038CE551} - C:\Program Files (x86)\Supreme Auction\ebay_us.url (file missing) (HKCU)
O9 - Extra button: eBay DE - {C1514B92-E6E2-4be8-B93C-8A44D1F3011F} - C:\Program Files (x86)\Supreme Auction\ebay_de.url (file missing) (HKCU)
O9 - Extra button: Supreme Auction - {DFE4453A-65DF-47d5-BF37-3D0FD37FBDBB} - C:\Program Files (x86)\Supreme Auction\SupremeAuctionOnline.exe (file missing) (HKCU)
O9 - Extra button: eBay UK - {EA17D6B8-BE9B-4f12-89FD-0D2C8F756747} - C:\Program Files (x86)\Supreme Auction\ebay_uk.url (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{454243BE-109D-452A-96DD-5779CAC699AD}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions Inc. - C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: DAZ Content Management Service (DAZContentManagementService) - Unknown owner - C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
O23 - Service: EaseUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Guard Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: EgisTec Service (IGBASVC) - Egis Technology Inc. - c:\Program Files (x86)\Acer Bio Protection\BASVC.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\nlssrv32.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot S&D 2 Live Protection Service (SDHookService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VideoAcceleratorService - SpeedBit Ltd. - C:\PROGRA~2\SPEEDB~2\VideoAcceleratorService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\Windows\System32\Drivers\WTSRV.EXE (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16440 bytes

    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 02 November 2013 - 10:17 AM

Hi fellfromgrace,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
=========================
bullseye_zpse9eaf36e.gif OTL

Download OTL to your desktop.
  • Make sure all other windows are closed and to let it run uninterrupted.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    %USERPROFILE%\..|smtmp;true;true;true /FP
    %temp%\smtmp\*.* /s >
    /md5start
    iexplore.*
    explorer.*
    winlogon.*
    dll
    zx.dll
    hlp.dat
    consrv.dll
    services.*
    /md5stop
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    BASESERVICES
    DRIVES
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    • You may need two posts to fit them both in.
=========================

In your next post please provide the following:
  • checkup.txt
  • aswMBR.txt
  • attach MBR.zip
  • OTL.txt
  • Extras.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 03 November 2013 - 05:56 AM

Thank you for your reply ...  Please bear with me whilst I download and run the suggested programs, as I imagine they will take a long time to run - I have a lot of files on the 1TB disk!



#4 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 03 November 2013 - 06:01 AM

I'm afraid I can't download OTL as my ISP won't allow me onto the site (says it is a security risk) ... any ideas?

thanks



#5 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 03 November 2013 - 06:03 AM

it's ok, I've found it somewhere else and managed to download it ok after all (I think)



#6 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 03 November 2013 - 07:45 AM

Here are the results of the scans

 

SECURITY CHECK:

 

 Results of screen317's Security Check version 0.99.76  
 Windows 7  x64 (UAC is enabled)  
 Out of date service pack!!
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Lavasoft Ad-Watch Live! Anti-Virus   
avast! Antivirus                     
COMODO Antivirus                     
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Ad-Aware
 MVPS Hosts File  
 Out of date HijackThis  installed!
 SpywareBlaster 4.4    
 Spybot - Search & Destroy 2
 Malwarebytes Anti-Malware version 1.75.0.1300  
 HijackThis 2.0.2    
 Java™ 6 Update 20  
 Java version out of Date!
 Adobe Flash Player 11.9.900.117  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox 24.0 Firefox out of Date!  
 Google Chrome 31.0.1650.34  
````````Process Check: objlist.exe by Laurent````````  
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 Spybot Teatimer.exe is disabled!
 Comodo Firewall cmdagent.exe
 Comodo Firewall cfp.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

AswMBR: NOTE; ONLY ONE FILE SAVED, SO CANNOT ATTACH THE OTHER ONE IT SHOULD HAVE GENERATED ... AND THIS ERROR MESSAGE APPEARED PRIOR TO DOWNLOADING VIRUS DEF'S AND ALSO AFTER DOWNLOADING VIRUS DEFINITIONS:

 

The procedure entry point aswscnGetVirusID could not be located in the dydnamic link library aswScan.dll

 

 

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-03 12:20:07
-----------------------------
12:20:07.096    OS Version: Windows x64 6.1.7600
12:20:07.096    Number of processors: 2 586 0x170A
12:20:07.098    ComputerName: LORNA-PC  UserName: Lorna
12:20:11.765    Initialize success
12:26:04.558    AVAST engine error: 2
12:27:53.465    The log file has been saved successfully to "C:\Users\Lorna\Desktop\aswMBR.txt"

 

OTL:

 

OTL logfile created on: 03/11/2013 12:30:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lorna\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
4.00 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 62.33% Memory free
7.99 Gb Paging File | 6.07 Gb Available in Paging File | 76.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.44 Gb Total Space | 268.88 Gb Free Space | 59.69% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 246.55 Gb Free Space | 52.93% Space Free | Partition Type: NTFS
Drive E: | 254.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: LORNA-PC | User Name: Lorna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Lorna\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Lorna\AppData\Roaming\Dashlane\Dashlane.exe ()
PRC - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
PRC - C:\Users\Lorna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe (Comodo Security Solutions Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe (GlavSoft LLC.)
PRC - C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SpeedBit Ltd.)
PRC - C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\WTClient.exe (Tablet Driver)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - c:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
PRC - c:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\Dashlane.exe ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.2.2.1.47394.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.2.2.1.47394.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.2.2.1.47394.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.2.2.1.47394.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.2.2.1.47394.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.2.2.1.47394.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.2.2.1.47394.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Windows\SysWOW64\WinTab32.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (DAZContentManagementService) -- C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe ()
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinTabService) -- C:\Windows\SysNative\drivers\WTSrv.exe (Tablet Driver)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (DragonUpdater) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
SRV - (CLPSLauncher) -- C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe (Comodo Security Solutions Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (tvnserver) -- C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe (GlavSoft LLC.)
SRV - (Guard Agent) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (EaseUS Agent) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (VideoAcceleratorService) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SpeedBit Ltd.)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (IGBASVC) -- c:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (CFRMD) -- C:\Windows\SysNative\drivers\CFRMD.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (EUFDDISK) -- C:\Windows\SysNative\drivers\EuFdDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV:64bit: - (EUBKMON) -- C:\Windows\SysNative\drivers\EUBKMON.sys ()
DRV:64bit: - (EUDSKACS) -- C:\Windows\SysNative\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV:64bit: - (EUBAKUP) -- C:\Windows\SysNative\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (silabser) -- C:\Windows\SysNative\drivers\silabser.sys (Silicon Laboratories)
DRV:64bit: - (silabenm) -- C:\Windows\SysNative\drivers\silabenm.sys (Silicon Laboratories)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\drivers\uim_vimx64.sys (Paragon)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows ® 2000 DDK provider)
DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\drivers\RapportKE64.sys (Trusteer Ltd.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (FPSensor) -- C:\Windows\SysNative\drivers\FPSensor.sys (Egistec)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (hidshim) -- C:\Windows\SysNative\drivers\hidshim.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (nuvotonhidgeneric) -- C:\Windows\SysNative\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (UCTblHid) -- C:\Windows\SysNative\drivers\UCTblHid.sys (Tablet Driver)
DRV:64bit: - (TClass2k) -- C:\Windows\SysNative\drivers\TClass2k.sys (Tablet Driver)
DRV:64bit: - (PTSimHid) -- C:\Windows\SysNative\drivers\PTSimHid.sys (PenTablet Driver)
DRV:64bit: - (PTSimBus) -- C:\Windows\SysNative\drivers\PTSimBus.sys (PenTablet Driver)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV - (cleanhlp) -- C:\EEK\Run\cleanhlp64.sys (Emsisoft GmbH)
DRV - (RapportCerberus_43926) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys ()
DRV - (CFRMD) -- C:\Windows\SysWOW64\drivers\CFRMD.sys (Windows ® Win 7 DDK provider)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.)
DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.)
DRV - (usbscan) -- C:\Windows\SysWOW64\drivers\USBSCAN.SYS (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...c8z185t5701w78n
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = Yandex
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...EC-3F8345330960
IE - HKCU\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...AW_enGB378GB379
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://yandex.ru/yan...t={searchTerms}
IE - HKCU\..\SearchScopes\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}: "URL" = http://ws.infospace....=7?_IceUrl=true
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\Moikrug: "URL" = http://moikrug.ru/pe...ms}&submitted=1
IE - HKCU\..\SearchScopes\Yandex: "URL" = http://www.google.co...AW_enGB378GB379
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.32: C:\Users\Lorna\AppData\Local\Spoon\3.32.2.12\npMozillaSpoonPlugin.dll (Code Systems Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lorna\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lorna\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/01 08:40:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/02 13:09:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/20 14:20:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/01 08:40:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}: C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} [2013/10/21 09:17:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/20 14:20:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/02/10 13:34:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lorna\AppData\Roaming\Mozilla\Extensions
[2013/10/27 10:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lorna\AppData\Roaming\Mozilla\Firefox\Profiles\nlrnclme.default-1382870013963\extensions
[2013/10/20 14:20:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/10/20 14:20:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/20 14:20:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/10/21 09:17:25 | 000,000,000 | ---D | M] (Dashlane) -- C:\USERS\LORNA\APPDATA\ROAMING\DASHLANE\2.2.1.47394\BIN\FIREFOX_EXTENSION\{442718D9-475E-452A-B3E1-FB1EE16B8E9F}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.addthis.c...n3&clickbacks=1
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lorna\AppData\Local\Google\Chrome\Application\31.0.1650.34\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lorna\AppData\Local\Google\Chrome\Application\31.0.1650.34\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lorna\AppData\Local\Google\Chrome\Application\31.0.1650.34\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Chrome SVD extension (Enabled) = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.4_0\lib/npdownloaderchrome.dll
CHR - plugin: Chrome DAP extension (Enabled) = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.6_0\lib/npdapchrome.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RockMelt Update (Enabled) = C:\Users\Lorna\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll
CHR - plugin: Spoon Plugin (Enabled) = C:\Users\Lorna\AppData\Local\Spoon\3.32.2.12\npMozillaSpoonPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Google Translate = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0\
CHR - Extension: Spybot - Search & Destroy = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmcccagmbagkpbdgpammblejlmiempb\2.0.6.819_0\
CHR - Extension: YouTube = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
CHR - Extension: Google Search = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SpeedBit Video Downloader = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.4_0\
CHR - Extension: avast! WebRep = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Disconnect = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.10.0_0\
CHR - Extension: SpeedBit Search Predict = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea\2.0.2_0\
CHR - Extension: Window Close Protector = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnpifgapnmpninomacbhdlconlpikdai\2.2_0\
CHR - Extension: Dashlane = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjojgglmmcghgaiknnpgjgldgaocjfd\2.2.1.47394_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.2_0\
CHR - Extension: Short URL = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\obbdcmhkndhionekooeeiilbicfdkhml\1.0_0\
CHR - Extension: Instagram for Chrome = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\4.9.1_0\
CHR - Extension: Instagram for Chrome = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\4.9.2_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.3_0\
CHR - Extension: Gmail = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012/08/17 07:48:50 | 000,443,169 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts:     127.0.0.1 activate.adobe.com
O1 - Hosts:     127.0.0.1 practivate.adobe.com
O1 - Hosts:     127.0.0.1 ereg.adobe.com
O1 - Hosts:     127.0.0.1 activate.wip3.adobe.com
O1 - Hosts:     127.0.0.1 wip3.adobe.com
O1 - Hosts:     127.0.0.1 3dns-3.adobe.com
O1 - Hosts:     127.0.0.1 3dns-2.adobe.com
O1 - Hosts:     127.0.0.1 adobe-dns.adobe.com
O1 - Hosts:     127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts:     127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts:     127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts:     127.0.0.1 activate-sea.adobe.com
O1 - Hosts:     127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts:     127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts:     127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 15224 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files (x86)\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (Dashlane BHO) - {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - C:\Users\Lorna\AppData\Roaming\Dashlane\ie\Dashlanei.dll (Dashlane)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (SBCONVERT Class) - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU4E\tbcore3.dll ()
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU4E\Grabber.dll (SpeedBit)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU4E\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU4E\tbcore3.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKCU..\Run: [Dashlane] C:\Users\Lorna\AppData\Roaming\Dashlane\Dashlane.exe ()
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O4 - Startup: C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lorna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: fellfromgrace.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{143FF0DD-2870-4386-A8BB-C8C13DD9AC08}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{454243BE-109D-452A-96DD-5779CAC699AD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{454243BE-109D-452A-96DD-5779CAC699AD}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Value error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/03 12:02:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lorna\Desktop\OTL.exe
[2013/11/03 11:58:56 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Lorna\Desktop\aswMBR.exe
[2013/10/29 10:54:07 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Lorna\Desktop\HijackThis.exe
[2013/10/27 10:52:51 | 000,000,000 | ---D | C] -- C:\Users\Lorna\AppData\Roaming\DesktopIconForAmazon
[2013/10/27 10:49:03 | 000,000,000 | ---D | C] -- C:\EEK
[2013/10/27 10:34:01 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Desktop\Old Firefox Data
[2013/10/25 18:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Nevercenter
[2013/10/25 17:58:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CameraBag 2
[2013/10/25 15:15:28 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\My Collages
[2013/10/24 21:26:29 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2013/10/24 21:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/10/24 16:43:58 | 000,000,000 | ---D | C] -- C:\3a3f13d26556370d06bc1f
[2013/10/24 16:20:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/10/22 11:33:01 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\word docs
[2013/10/22 11:32:20 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\pageplus stuff
[2013/10/22 11:31:21 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\robfossett
[2013/10/22 11:22:34 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\ie6 only
[2013/10/22 11:22:34 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\IE Kaleidoscope
[2013/10/22 11:22:21 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\Font Groups
[2013/10/22 11:22:21 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\flipphotos
[2013/10/22 11:22:20 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\files
[2013/10/22 11:18:40 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\data
[2013/10/22 11:18:36 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\com.nevercenter.camerabag2
[2013/10/22 11:15:43 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\Arcade Deluxe
[2013/10/22 11:15:43 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\application forms
[2013/10/22 11:15:43 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\Anvsoft
[2013/10/22 11:15:42 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\Amazon MP3
[2013/10/22 11:15:24 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\accounts excel
[2013/10/22 11:15:19 | 000,530,528 | ---- | C] (Yahoo! Inc.) -- C:\Users\Lorna\Documents\yahoo_installer.exe
[2013/10/22 11:15:12 | 002,500,664 | ---- | C] (CyberDefender Corp.) -- C:\Users\Lorna\Documents\toolbar_v2toolbarsite.exe
[2013/10/22 11:15:07 | 022,690,600 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Lorna\Documents\SkypeSetup.exe
[2013/10/22 11:14:59 | 018,649,560 | ---- | C] (eBay                                                        ) -- C:\Users\Lorna\Documents\setupUK.exe
[2013/10/22 11:14:57 | 006,798,200 | ---- | C] (Brajusta Publishing, Inc.                                   ) -- C:\Users\Lorna\Documents\setup.exe
[2013/10/22 11:14:31 | 005,911,719 | ---- | C] (Free-Software-Forever.com) -- C:\Users\Lorna\Documents\googlein24.exe
[2013/10/22 11:14:25 | 011,028,800 | ---- | C] (Flock) -- C:\Users\Lorna\Documents\flock-2.0b2.en-US.win32.exe
[2013/10/21 17:33:07 | 000,000,000 | ---D | C] -- C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
[2013/10/21 17:31:50 | 000,000,000 | ---D | C] -- C:\Users\Lorna\AppData\Roaming\Dashlane
[2013/10/20 14:20:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/10/19 12:33:25 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\DAZ 3D
[2013/10/19 12:24:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My DAZ 3D Library
[2013/10/19 12:18:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAZ 3D
[2013/10/19 12:03:05 | 000,000,000 | ---D | C] -- C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
[2013/10/19 12:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\DAZ 3D
[2013/10/19 12:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\DAZ 3D
[2013/10/19 10:26:16 | 000,057,096 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2009/08/22 08:44:20 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[1 C:\Users\Lorna\Documents\*.tmp files -> C:\Users\Lorna\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/03 12:50:52 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/11/03 12:34:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/03 12:34:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1062119836-663356838-3640058548-1001UA.job
[2013/11/03 12:06:41 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1062119836-663356838-3640058548-1001Core.job
[2013/11/03 12:06:27 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/03 12:06:27 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/03 12:04:14 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/03 12:03:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/03 12:02:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lorna\Desktop\OTL.exe
[2013/11/03 11:59:04 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Lorna\Desktop\aswMBR.exe
[2013/11/03 11:58:42 | 000,891,184 | ---- | M] () -- C:\Users\Lorna\Desktop\SecurityCheck.exe
[2013/11/03 11:51:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/01 18:27:47 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/10/30 18:42:27 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2013/10/30 18:42:27 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2013/10/30 18:35:39 | 000,000,436 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013/10/30 18:34:17 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/10/30 18:33:51 | 3217,235,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/30 18:33:49 | 576,721,544 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/10/29 10:54:05 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Lorna\Desktop\HijackThis.exe
[2013/10/29 10:10:58 | 000,797,238 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/29 10:10:58 | 000,677,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/29 10:10:58 | 000,130,846 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/28 10:52:02 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\Paragon Archive name arc_080112231151836.job
[2013/10/27 15:49:48 | 000,002,145 | ---- | M] () -- C:\Users\Lorna\Desktop\avast! Free Antivirus 8.0.1489 Setup.lnk
[2013/10/27 14:46:41 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/27 10:55:07 | 000,002,370 | ---- | M] () -- C:\Users\Lorna\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/27 10:55:07 | 000,002,368 | ---- | M] () -- C:\Users\Lorna\Desktop\Google Chrome.lnk
[2013/10/27 10:52:52 | 000,001,482 | ---- | M] () -- C:\Users\Lorna\Desktop\Amazon.lnk
[2013/10/27 10:52:52 | 000,001,482 | ---- | M] () -- C:\Users\Lorna\Application Data\Microsoft\Internet Explorer\Quick Launch\Amazon.lnk
[2013/10/27 10:50:45 | 000,000,586 | ---- | M] () -- C:\Users\Lorna\Desktop\Emsisoft Emergency Kit.lnk
[2013/10/24 16:37:01 | 000,783,150 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/21 19:25:52 | 000,032,399 | ---- | M] () -- C:\Windows\Q-Dir.ini
[2013/10/21 19:21:24 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2013/10/21 17:33:07 | 000,002,019 | ---- | M] () -- C:\Users\Lorna\Desktop\Dashlane.lnk
[2013/10/20 18:59:46 | 000,002,087 | ---- | M] () -- C:\Users\Lorna\Desktop\DAZ 3D Install Manager 1.lnk
[2013/10/19 12:24:31 | 000,000,974 | ---- | M] () -- C:\Users\Lorna\Desktop\DAZ Studio 4.6 (64-bit).lnk
[2013/10/19 11:03:56 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/19 11:03:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/19 10:26:23 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2013/10/19 10:26:16 | 000,057,096 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2013/10/15 23:07:31 | 000,033,184 | ---- | M] () -- C:\Users\Lorna\Documents\cc_20131016_000724.reg
[1 C:\Users\Lorna\Documents\*.tmp files -> C:\Users\Lorna\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/11/03 11:58:44 | 000,891,184 | ---- | C] () -- C:\Users\Lorna\Desktop\SecurityCheck.exe
[2013/10/27 15:49:47 | 000,002,145 | ---- | C] () -- C:\Users\Lorna\Desktop\avast! Free Antivirus 8.0.1489 Setup.lnk
[2013/10/27 14:46:41 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/27 10:55:07 | 000,002,368 | ---- | C] () -- C:\Users\Lorna\Desktop\Google Chrome.lnk
[2013/10/27 10:52:52 | 000,001,482 | ---- | C] () -- C:\Users\Lorna\Desktop\Amazon.lnk
[2013/10/27 10:52:52 | 000,001,482 | ---- | C] () -- C:\Users\Lorna\Application Data\Microsoft\Internet Explorer\Quick Launch\Amazon.lnk
[2013/10/27 10:49:58 | 000,000,586 | ---- | C] () -- C:\Users\Lorna\Desktop\Emsisoft Emergency Kit.lnk
[2013/10/25 17:58:48 | 000,002,991 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CameraBag 2.lnk
[2013/10/22 11:15:20 | 005,505,155 | ---- | C] () -- C:\Users\Lorna\Documents\ZinioReader4.air
[2013/10/22 11:15:19 | 000,006,195 | ---- | C] () -- C:\Users\Lorna\Documents\xmas2012.html
[2013/10/22 11:15:18 | 007,919,073 | ---- | C] () -- C:\Users\Lorna\Documents\Weave-ItBkTwo.pdf
[2013/10/22 11:15:18 | 003,956,220 | ---- | C] (                                                            ) -- C:\Users\Lorna\Documents\webgobbler126_setup.exe
[2013/10/22 11:15:18 | 000,256,521 | ---- | C] () -- C:\Users\Lorna\Documents\Winged Pig Crochet Pattern - Flying Pigs Crochet Pattern.mht
[2013/10/22 11:15:18 | 000,111,060 | ---- | C] () -- C:\Users\Lorna\Documents\WM0270.pdf
[2013/10/22 11:15:18 | 000,032,159 | ---- | C] () -- C:\Users\Lorna\Documents\Welcome to.png
[2013/10/22 11:15:18 | 000,008,500 | ---- | C] () -- C:\Users\Lorna\Documents\wordchart1.pdf
[2013/10/22 11:15:17 | 008,679,978 | ---- | C] () -- C:\Users\Lorna\Documents\Weave-ItBkThree.pdf
[2013/10/22 11:15:16 | 000,786,846 | ---- | C] () -- C:\Users\Lorna\Documents\vintage_knitting_tips.pdf
[2013/10/22 11:15:14 | 007,850,491 | ---- | C] () -- C:\Users\Lorna\Documents\vichallflyerfinal.ppp
[2013/10/22 11:15:14 | 006,729,331 | ---- | C] () -- C:\Users\Lorna\Documents\vertigo-source.png
[2013/10/22 11:15:14 | 000,145,212 | ---- | C] () -- C:\Users\Lorna\Documents\vertigo-logo-source.png
[2013/10/22 11:15:13 | 001,323,805 | ---- | C] () -- C:\Users\Lorna\Documents\tyroknit.pdf
[2013/10/22 11:15:13 | 000,852,185 | ---- | C] () -- C:\Users\Lorna\Documents\vertigo-footer-source.png
[2013/10/22 11:15:13 | 000,086,999 | ---- | C] () -- C:\Users\Lorna\Documents\Untitled-2.ai
[2013/10/22 11:15:13 | 000,006,219 | ---- | C] () -- C:\Users\Lorna\Documents\Untitled.htm
[2013/10/22 11:15:13 | 000,000,652 | ---- | C] () -- C:\Users\Lorna\Documents\Untitled-1.ai
[2013/10/22 11:15:11 | 007,070,390 | ---- | C] () -- C:\Users\Lorna\Documents\TheWeave-ItBook.pdf
[2013/10/22 11:15:11 | 000,000,163 | ---- | C] () -- C:\Users\Lorna\Documents\timesheet_20090216.csv
[2013/10/22 11:15:10 | 002,809,683 | ---- | C] () -- C:\Users\Lorna\Documents\testpdf.PDF
[2013/10/22 11:15:10 | 000,080,482 | ---- | C] () -- C:\Users\Lorna\Documents\tgest.xps
[2013/10/22 11:15:10 | 000,000,096 | ---- | C] () -- C:\Users\Lorna\Documents\test.key.prepare
[2013/10/22 11:15:09 | 003,761,664 | ---- | C] () -- C:\Users\Lorna\Documents\test.exe
[2013/10/22 11:15:09 | 000,001,207 | ---- | C] () -- C:\Users\Lorna\Documents\test.ebp
[2013/10/22 11:15:09 | 000,000,096 | ---- | C] () -- C:\Users\Lorna\Documents\test.key
[2013/10/22 11:15:08 | 001,690,966 | ---- | C] () -- C:\Users\Lorna\Documents\surveys.pdf
[2013/10/22 11:15:08 | 000,650,583 | ---- | C] () -- C:\Users\Lorna\Documents\TechniqueColoredPencil.pdf
[2013/10/22 11:15:08 | 000,557,191 | ---- | C] () -- C:\Users\Lorna\Documents\stitchy.pdf
[2013/10/22 11:15:08 | 000,364,234 | ---- | C] () -- C:\Users\Lorna\Documents\steampunkflier.png
[2013/10/22 11:15:08 | 000,329,320 | ---- | C] () -- C:\Users\Lorna\Documents\steamunkflier2.png
[2013/10/22 11:15:08 | 000,056,028 | ---- | C] () -- C:\Users\Lorna\Documents\sv_028.jpg
[2013/10/22 11:15:08 | 000,025,574 | ---- | C] () -- C:\Users\Lorna\Documents\swfobject.js
[2013/10/22 11:15:08 | 000,015,263 | ---- | C] () -- C:\Users\Lorna\Documents\steamstam tables.svg
[2013/10/22 11:15:08 | 000,011,906 | ---- | C] () -- C:\Users\Lorna\Documents\steamstam tables.pdf
[2013/10/22 11:15:07 | 003,144,125 | ---- | C] () -- C:\Users\Lorna\Documents\Spool221.pdf
[2013/10/22 11:15:07 | 002,196,497 | ---- | C] () -- C:\Users\Lorna\Documents\steampunk-bug.pdf
[2013/10/22 11:15:07 | 000,060,235 | ---- | C] () -- C:\Users\Lorna\Documents\stamford-artisans-guild-logo.jpg
[2013/10/22 11:15:07 | 000,009,469 | ---- | C] () -- C:\Users\Lorna\Documents\star_template.pdf
[2013/10/22 11:15:00 | 011,973,628 | ---- | C] () -- C:\Users\Lorna\Documents\showcase-source.png
[2013/10/22 11:15:00 | 000,055,038 | ---- | C] () -- C:\Users\Lorna\Documents\shkdd10.zip
[2013/10/22 11:14:56 | 000,103,326 | ---- | C] () -- C:\Users\Lorna\Documents\Sea%20Breeze%20Angelina%20instructions.pdf
[2013/10/22 11:14:56 | 000,034,959 | ---- | C] () -- C:\Users\Lorna\Documents\SEASCAPEPEYOTE.png
[2013/10/22 11:14:56 | 000,029,223 | ---- | C] () -- C:\Users\Lorna\Documents\SEASCAPELOOM.png
[2013/10/22 11:14:55 | 001,769,648 | ---- | C] () -- C:\Users\Lorna\Documents\saSetup.exe
[2013/10/22 11:14:54 | 001,252,686 | ---- | C] () -- C:\Users\Lorna\Documents\SAGEBACK010508.002
[2013/10/22 11:14:53 | 001,651,183 | ---- | C] () -- C:\Users\Lorna\Documents\rt_infuse_j15.tgz
[2013/10/22 11:14:53 | 001,561,078 | ---- | C] () -- C:\Users\Lorna\Documents\rt_vertigo_j15.tgz
[2013/10/22 11:14:52 | 001,190,402 | ---- | C] () -- C:\Users\Lorna\Documents\rt_affinity_j15.tgz
[2013/10/22 11:14:52 | 000,193,534 | ---- | C] () -- C:\Users\Lorna\Documents\replicant2-source.png
[2013/10/22 11:14:52 | 000,142,251 | ---- | C] () -- C:\Users\Lorna\Documents\Render 1.png
[2013/10/22 11:14:52 | 000,007,834 | ---- | C] () -- C:\Users\Lorna\Documents\rabbit2.png
[2013/10/22 11:14:51 | 000,114,202 | ---- | C] () -- C:\Users\Lorna\Documents\phtos unusul.nri
[2013/10/22 11:14:51 | 000,042,836 | ---- | C] () -- C:\Users\Lorna\Documents\PIXL_E.zip
[2013/10/22 11:14:51 | 000,014,915 | ---- | C] () -- C:\Users\Lorna\Documents\pic for payperhour.gif
[2013/10/22 11:14:50 | 006,213,246 | ---- | C] () -- C:\Users\Lorna\Documents\Photo Album.wmv
[2013/10/22 11:14:50 | 000,043,319 | ---- | C] () -- C:\Users\Lorna\Documents\penguin peyote.png
[2013/10/22 11:14:50 | 000,035,309 | ---- | C] () -- C:\Users\Lorna\Documents\penguin loom.png
[2013/10/22 11:14:50 | 000,026,816 | ---- | C] () -- C:\Users\Lorna\Documents\pdftedst.pdf
[2013/10/22 11:14:50 | 000,000,257 | R--- | C] () -- C:\Users\Lorna\Documents\PC Support.url
[2013/10/22 11:14:50 | 000,000,000 | ---- | C] () -- C:\Users\Lorna\Documents\PDFVistaPort
[2013/10/22 11:14:49 | 007,364,137 | ---- | C] () -- C:\Users\Lorna\Documents\orwell145b.exe
[2013/10/22 11:14:49 | 000,083,305 | ---- | C] () -- C:\Users\Lorna\Documents\paper doll maryjane.jpg
[2013/10/22 11:14:49 | 000,075,404 | R--- | C] () -- C:\Users\Lorna\Documents\Order-10527301-Docs-090326maggi.pdf
[2013/10/22 11:14:48 | 000,195,703 | R--- | C] () -- C:\Users\Lorna\Documents\Omotchama.rar
[2013/10/22 11:14:48 | 000,074,773 | R--- | C] () -- C:\Users\Lorna\Documents\Order-10520030-Docs-120335 Katrina .pdf
[2013/10/22 11:14:48 | 000,042,943 | ---- | C] () -- C:\Users\Lorna\Documents\oldtimeladypeyote.png
[2013/10/22 11:14:48 | 000,035,888 | ---- | C] () -- C:\Users\Lorna\Documents\oldtimeladyloom.png
[2013/10/22 11:14:46 | 058,615,296 | ---- | C] () -- C:\Users\Lorna\Documents\NOF-Essentials.exe
[2013/10/22 11:14:46 | 000,139,356 | ---- | C] () -- C:\Users\Lorna\Documents\NLP.zip
[2013/10/22 11:14:45 | 000,699,591 | ---- | C] () -- C:\Users\Lorna\Documents\Mysnowflakes.rtf
[2013/10/22 11:14:45 | 000,694,574 | ---- | C] () -- C:\Users\Lorna\Documents\nettie.png
[2013/10/22 11:14:45 | 000,351,585 | ---- | C] () -- C:\Users\Lorna\Documents\Mysnowflakes.pdf
[2013/10/22 11:14:45 | 000,187,007 | ---- | C] () -- C:\Users\Lorna\Documents\mysignature.png
[2013/10/22 11:14:45 | 000,161,621 | ---- | C] () -- C:\Users\Lorna\Documents\mywatchmanual.pdf
[2013/10/22 11:14:45 | 000,037,445 | ---- | C] () -- C:\Users\Lorna\Documents\MyMicroBalance2006.mmb
[2013/10/22 11:14:45 | 000,037,426 | ---- | C] () -- C:\Users\Lorna\Documents\MyMicroBalance2006.mmb.backup2
[2013/10/22 11:14:45 | 000,030,600 | ---- | C] () -- C:\Users\Lorna\Documents\MyMicroBalance2006.mmb.backup1
[2013/10/22 11:14:45 | 000,028,283 | ---- | C] () -- C:\Users\Lorna\Documents\MyMicroBalance2007.mmb
[2013/10/22 11:14:45 | 000,000,559 | ---- | C] () -- C:\Users\Lorna\Documents\My Sharing Folders.lnk
[2013/10/22 11:14:44 | 007,268,458 | ---- | C] () -- C:\Users\Lorna\Documents\Migrated Documents Report.csv
[2013/10/22 11:14:44 | 000,062,535 | ---- | C] () -- C:\Users\Lorna\Documents\modules-source.png
[2013/10/22 11:14:44 | 000,041,462 | ---- | C] () -- C:\Users\Lorna\Documents\Microsoft Word - r conboy webvert march 08.pdf
[2013/10/22 11:14:43 | 020,029,198 | ---- | C] () -- C:\Users\Lorna\Documents\Merry Christmas2.wmv
[2013/10/22 11:14:42 | 012,845,162 | ---- | C] () -- C:\Users\Lorna\Documents\Merry Christmas.wmv
[2013/10/22 11:14:42 | 000,182,928 | ---- | C] () -- C:\Users\Lorna\Documents\Making Wool Felt Booties.mht
[2013/10/22 11:14:42 | 000,140,974 | ---- | C] () -- C:\Users\Lorna\Documents\magicbutton.zip
[2013/10/22 11:14:42 | 000,103,521 | ---- | C] () -- C:\Users\Lorna\Documents\lv pl airInsurancePdf_2012.pdf
[2013/10/22 11:14:42 | 000,054,102 | ---- | C] () -- C:\Users\Lorna\Documents\menu-dropdown-source.png
[2013/10/22 11:14:42 | 000,023,034 | ---- | C] () -- C:\Users\Lorna\Documents\lv signature.png
[2013/10/22 11:14:40 | 002,171,605 | ---- | C] () -- C:\Users\Lorna\Documents\LoaderBackup-(2012-07-13)-3.bbb
[2013/10/22 11:14:40 | 002,169,420 | ---- | C] () -- C:\Users\Lorna\Documents\LoaderBackup-(2012-07-13)-2.bbb
[2013/10/22 11:14:40 | 002,169,411 | ---- | C] () -- C:\Users\Lorna\Documents\LoaderBackup-(2012-07-13).bbb
[2013/10/22 11:14:40 | 000,010,826 | ---- | C] () -- C:\Users\Lorna\Documents\logo.png
[2013/10/22 11:14:40 | 000,006,433 | ---- | C] () -- C:\Users\Lorna\Documents\logo1.gif
[2013/10/22 11:14:40 | 000,005,437 | ---- | C] () -- C:\Users\Lorna\Documents\logo-alt.png
[2013/10/22 11:14:40 | 000,000,681 | ---- | C] () -- C:\Users\Lorna\Documents\Lorna - Shortcut.lnk
[2013/10/22 11:14:39 | 007,108,414 | ---- | C] () -- C:\Users\Lorna\Documents\lasvegas.craft
[2013/10/22 11:14:39 | 002,169,408 | ---- | C] () -- C:\Users\Lorna\Documents\LoaderBackup-(2012-07-13)-1.bbb
[2013/10/22 11:14:39 | 002,125,788 | ---- | C] () -- C:\Users\Lorna\Documents\len and nell page 11 i think cmyk.pdf
[2013/10/22 11:14:39 | 000,202,368 | ---- | C] () -- C:\Users\Lorna\Documents\LayoutTool - Legacy.pdf
[2013/10/22 11:14:39 | 000,024,551 | ---- | C] () -- C:\Users\Lorna\Documents\lasvegaslv.jpg
[2013/10/22 11:14:38 | 010,469,136 | ---- | C] () -- C:\Users\Lorna\Documents\largexmas2011.craft
[2013/10/22 11:14:38 | 004,280,249 | ---- | C] () -- C:\Users\Lorna\Documents\joomla_15_quickstart.pdf
[2013/10/22 11:14:38 | 000,489,432 | ---- | C] () -- C:\Users\Lorna\Documents\IS SHAKESPEARE DEAD.pdf
[2013/10/22 11:14:38 | 000,122,285 | ---- | C] () -- C:\Users\Lorna\Documents\jemjoker.png
[2013/10/22 11:14:38 | 000,025,102 | ---- | C] () -- C:\Users\Lorna\Documents\JumpingJacks.pdf
[2013/10/22 11:14:38 | 000,011,379 | ---- | C] () -- C:\Users\Lorna\Documents\JumpingJacks(1).pdf
[2013/10/22 11:14:36 | 001,755,757 | ---- | C] () -- C:\Users\Lorna\Documents\Inside Front Cover.pdf
[2013/10/22 11:14:36 | 000,271,884 | ---- | C] () -- C:\Users\Lorna\Documents\invite square copy.jpg
[2013/10/22 11:14:36 | 000,083,274 | ---- | C] () -- C:\Users\Lorna\Documents\install_7-zip_.exe
[2013/10/22 11:14:35 | 002,019,964 | ---- | C] () -- C:\Users\Lorna\Documents\inside back cover cmyk.pdf
[2013/10/22 11:14:35 | 000,804,036 | ---- | C] () -- C:\Users\Lorna\Documents\Image3.psp
[2013/10/22 11:14:34 | 038,197,265 | ---- | C] () -- C:\Users\Lorna\Documents\hhswholething.pdf
[2013/10/22 11:14:34 | 001,669,393 | ---- | C] () -- C:\Users\Lorna\Documents\High-Raw-Kevin-Gianni.pdf
[2013/10/22 11:14:34 | 000,001,361 | ---- | C] () -- C:\Users\Lorna\Documents\hosts
[2013/10/22 11:14:31 | 000,513,317 | ---- | C] () -- C:\Users\Lorna\Documents\heartsnflowerspng.png
[2013/10/22 11:14:31 | 000,186,339 | ---- | C] () -- C:\Users\Lorna\Documents\Hearts.pdf
[2013/10/22 11:14:31 | 000,121,673 | ---- | C] () -- C:\Users\Lorna\Documents\HEARTSfinal layout.pdf
[2013/10/22 11:14:31 | 000,020,769 | ---- | C] () -- C:\Users\Lorna\Documents\Heart_templates.pdf
[2013/10/22 11:14:28 | 000,695,282 | ---- | C] () -- C:\Users\Lorna\Documents\GoogleAdwordsProduct.zip
[2013/10/22 11:14:28 | 000,324,804 | ---- | C] () -- C:\Users\Lorna\Documents\front cover cmyk.pdf
[2013/10/22 11:14:28 | 000,045,708 | ---- | C] () -- C:\Users\Lorna\Documents\girl1lpey.png
[2013/10/22 11:14:28 | 000,037,505 | ---- | C] () -- C:\Users\Lorna\Documents\girl1loom.png
[2013/10/22 11:14:28 | 000,002,390 | ---- | C] () -- C:\Users\Lorna\Documents\glutole.hottnote
[2013/10/22 11:14:27 | 015,425,536 | ---- | C] () -- C:\Users\Lorna\Documents\From the time I was a little girl.pps
[2013/10/22 11:14:25 | 001,313,030 | ---- | C] () -- C:\Users\Lorna\Documents\flowersp.bmp
[2013/10/22 11:14:25 | 000,202,368 | ---- | C] () -- C:\Users\Lorna\Documents\flower.pdf
[2013/10/22 11:14:25 | 000,201,436 | ---- | C] () -- C:\Users\Lorna\Documents\floral1peyote1.pdf
[2013/10/22 11:14:25 | 000,196,909 | ---- | C] () -- C:\Users\Lorna\Documents\flower1
[2013/10/22 11:14:25 | 000,113,685 | ---- | C] () -- C:\Users\Lorna\Documents\fox2crop.JPG
[2013/10/22 11:14:25 | 000,104,770 | ---- | C] () -- C:\Users\Lorna\Documents\floralpeyote v2.pdf
[2013/10/22 11:14:25 | 000,100,773 | ---- | C] () -- C:\Users\Lorna\Documents\floral1 peyote1.pdf
[2013/10/22 11:14:25 | 000,100,692 | ---- | C] () -- C:\Users\Lorna\Documents\floral1.pdf
[2013/10/22 11:14:25 | 000,009,948 | ---- | C] () -- C:\Users\Lorna\Documents\flower_template.pdf
[2013/10/22 11:14:24 | 000,215,381 | ---- | C] () -- C:\Users\Lorna\Documents\FlipBook3DMain.swf
[2013/10/22 11:14:24 | 000,138,468 | ---- | C] () -- C:\Users\Lorna\Documents\farm1a.JPG
[2013/10/22 11:14:23 | 000,089,180 | ---- | C] () -- C:\Users\Lorna\Documents\Fact Find 2 TESTGeneral.pdf
[2013/10/22 11:14:23 | 000,068,240 | ---- | C] () -- C:\Users\Lorna\Documents\Fact Find 2test1l.pdf
[2013/10/22 11:14:22 | 004,868,248 | ---- | C] () -- C:\Users\Lorna\Documents\ETSToysA.pdf
[2013/10/22 11:14:22 | 002,717,291 | ---- | C] () -- C:\Users\Lorna\Documents\ETSToysB.pdf
[2013/10/22 11:14:22 | 000,606,891 | ---- | C] () -- C:\Users\Lorna\Documents\Elfic_doll.pdf
[2013/10/22 11:14:22 | 000,334,132 | ---- | C] () -- C:\Users\Lorna\Documents\Etsy  sylver  Sylver Designs.mht
[2013/10/22 11:14:21 | 000,925,138 | ---- | C] () -- C:\Users\Lorna\Documents\edge.xps
[2013/10/22 11:14:21 | 000,112,236 | ---- | C] () -- C:\Users\Lorna\Documents\DVLA Vehicle Licensing Online  Apply for a tax disc NOW.mht
[2013/10/22 11:14:21 | 000,034,652 | ---- | C] () -- C:\Users\Lorna\Documents\earlylady1peyote.png
[2013/10/22 11:14:21 | 000,029,265 | ---- | C] () -- C:\Users\Lorna\Documents\earlylady1loom.png
[2013/10/22 11:14:21 | 000,016,137 | ---- | C] () -- C:\Users\Lorna\Documents\decoladypeyote.png
[2013/10/22 11:14:21 | 000,013,977 | ---- | C] () -- C:\Users\Lorna\Documents\decoladyloom.png
[2013/10/22 11:14:21 | 000,013,396 | ---- | C] () -- C:\Users\Lorna\Documents\dvlalicenceapp.pdf
[2013/10/22 11:14:21 | 000,002,322 | ---- | C] () -- C:\Users\Lorna\Documents\Document2.wpd
[2013/10/22 11:14:20 | 004,017,882 | ---- | C] () -- C:\Users\Lorna\Documents\CTMJanFeb08 FINAL.pdf
[2013/10/22 11:14:20 | 000,002,859 | ---- | C] () -- C:\Users\Lorna\Documents\dddd.csv
[2013/10/22 11:14:19 | 000,023,005 | ---- | C] () -- C:\Users\Lorna\Documents\CTFEB07CrochetFroggyHatCheerioEssentials.pdf
[2013/10/22 11:14:18 | 000,292,350 | ---- | C] () -- C:\Users\Lorna\Documents\Crocheted Frog Treasure Pocket.mht
[2013/10/22 11:14:17 | 000,166,321 | ---- | C] () -- C:\Users\Lorna\Documents\copyrightnotice.pdf
[2013/10/22 11:14:16 | 003,559,424 | ---- | C] () -- C:\Users\Lorna\Documents\Charitable contributions.accdb
[2013/10/22 11:14:14 | 043,144,704 | ---- | C] () -- C:\Users\Lorna\Documents\CGSX3SP2.msp
[2013/10/22 11:14:14 | 029,478,912 | ---- | C] () -- C:\Users\Lorna\Documents\CGSX3SP1.msp
[2013/10/22 11:14:07 | 001,107,100 | ---- | C] () -- C:\Users\Lorna\Documents\CD30 BUTTERFLY KINETIC SWING CA.svg
[2013/10/22 11:14:06 | 000,480,086 | ---- | C] () -- C:\Users\Lorna\Documents\Card07.pdf
[2013/10/22 11:14:06 | 000,319,332 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20130614_200931.reg
[2013/10/22 11:14:06 | 000,101,094 | ---- | C] () -- C:\Users\Lorna\Documents\CD30 BUTTERFLY KINETIC SWING CA.pdf
[2013/10/22 11:14:06 | 000,094,760 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20130717_222003.reg
[2013/10/22 11:14:06 | 000,062,746 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20130614_202503.reg
[2013/10/22 11:14:06 | 000,050,750 | ---- | C] () -- C:\Users\Lorna\Documents\cctreescrop.JPG
[2013/10/22 11:14:06 | 000,033,184 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20131016_000724.reg
[2013/10/22 11:14:06 | 000,030,030 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20111214_181813.reg
[2013/10/22 11:14:06 | 000,018,942 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20130902_153501.reg
[2013/10/22 11:14:06 | 000,007,302 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20120108_154432.reg
[2013/10/22 11:14:06 | 000,005,750 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20130614_203430.reg
[2013/10/22 11:14:05 | 001,998,134 | ---- | C] () -- C:\Users\Lorna\Documents\broadsheetsteampunk.pdf
[2013/10/22 11:14:05 | 000,467,168 | ---- | C] () -- C:\Users\Lorna\Documents\Card06.pdf
[2013/10/22 11:14:05 | 000,315,773 | ---- | C] () -- C:\Users\Lorna\Documents\Card04.pdf
[2013/10/22 11:14:05 | 000,138,078 | ---- | C] () -- C:\Users\Lorna\Documents\bookmarks_10_02_2012.html
[2013/10/22 11:14:05 | 000,100,676 | ---- | C] () -- C:\Users\Lorna\Documents\Bulk_Certificate_Posting_Signature.pdf
[2013/10/22 11:14:05 | 000,036,419 | ---- | C] () -- C:\Users\Lorna\Documents\calendar_organizer_months.pdf
[2013/10/22 11:14:05 | 000,036,385 | ---- | C] () -- C:\Users\Lorna\Documents\Bulk_Certificate_Posting_Standard.pdf
[2013/10/22 11:14:04 | 011,721,211 | ---- | C] () -- C:\Users\Lorna\Documents\bigbadges.craft
[2013/10/22 11:14:04 | 001,581,606 | ---- | C] () -- C:\Users\Lorna\Documents\Bookkeeping
[2013/10/22 11:14:03 | 002,807,643 | ---- | C] () -- C:\Users\Lorna\Documents\BABYmocsBtys.pdf
[2013/10/22 11:14:03 | 000,305,408 | ---- | C] () -- C:\Users\Lorna\Documents\banner.png
[2013/10/22 11:14:02 | 010,676,572 | ---- | C] () -- C:\Users\Lorna\Documents\auctamerpro.exe
[2013/10/22 11:14:02 | 000,161,621 | ---- | C] () -- C:\Users\Lorna\Documents\B023_ebook.pdf
[2013/10/22 11:14:01 | 010,676,572 | ---- | C] () -- C:\Users\Lorna\Documents\auctamerpro(1).exe
[2013/10/22 11:14:00 | 002,355,200 | ---- | C] () -- C:\Users\Lorna\Documents\amclassical_silent_night.mp3
[2013/10/22 11:14:00 | 000,511,137 | ---- | C] () -- C:\Users\Lorna\Documents\AmazonDealProduct.zip
[2013/10/22 11:13:59 | 004,844,131 | R--- | C] () -- C:\Users\Lorna\Documents\Alien_Blaster_PePaKuRa_File_by_billybob884.rar
[2013/10/22 11:13:59 | 003,533,600 | ---- | C] () -- C:\Users\Lorna\Documents\alice1.ppp
[2013/10/22 11:13:59 | 001,231,224 | ---- | C] () -- C:\Users\Lorna\Documents\agendusstd_ota_en.prc
[2013/10/22 11:13:59 | 000,161,278 | ---- | C] () -- C:\Users\Lorna\Documents\aglaciercrop.JPG
[2013/10/22 11:13:59 | 000,109,943 | ---- | C] () -- C:\Users\Lorna\Documents\alicewivbaby.jpg
[2013/10/22 11:13:59 | 000,059,844 | ---- | C] () -- C:\Users\Lorna\Documents\Absolut_Pro_Bold.otf
[2013/10/22 11:13:59 | 000,000,406 | ---- | C] () -- C:\Users\Lorna\Documents\348059.vcf
[2013/10/22 11:13:59 | 000,000,081 | ---- | C] () -- C:\Users\Lorna\Documents\1Click.cfg
[2013/10/22 11:13:58 | 004,485,072 | ---- | C] () -- C:\Users\Lorna\Documents\1940sxmas2.craft
[2013/10/22 11:13:58 | 000,000,364 | ---- | C] () -- C:\Users\Lorna\Documents\08-10-30.sv
[2013/10/21 19:21:23 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2013/10/21 17:33:07 | 000,002,019 | ---- | C] () -- C:\Users\Lorna\Desktop\Dashlane.lnk
[2013/10/20 18:59:46 | 000,002,087 | ---- | C] () -- C:\Users\Lorna\Desktop\DAZ 3D Install Manager 1.lnk
[2013/10/19 12:24:31 | 000,000,974 | ---- | C] () -- C:\Users\Lorna\Desktop\DAZ Studio 4.6 (64-bit).lnk
[2012/05/24 20:24:55 | 000,001,269 | ---- | C] () -- C:\Users\Lorna\.recently-used.xbel
[2012/05/08 18:29:44 | 000,000,132 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2012/03/19 00:24:05 | 000,006,168 | ---- | C] () -- C:\Users\Lorna\AppData\Local\recently-used.xbel
[2012/03/07 20:12:53 | 000,035,328 | ---- | C] () -- C:\Windows\INETWH32.DLL
[2012/03/07 20:12:53 | 000,009,136 | ---- | C] () -- C:\Windows\INETWH16.DLL
[2012/03/07 20:12:53 | 000,004,528 | ---- | C] () -- C:\Windows\SETBROWS.EXE
[2012/03/07 20:06:35 | 000,044,544 | ---- | C] () -- C:\Windows\AWuninstall.exe
[2012/03/04 15:54:23 | 000,002,800 | ---- | C] () -- C:\Users\Lorna\2px-80percentransparencyblack.png
[2012/02/27 21:48:53 | 000,111,661 | ---- | C] () -- C:\Users\Lorna\Image2.jpg
[2012/02/26 17:49:45 | 000,000,084 | ---- | C] () -- C:\Users\Lorna\pathinfo.php
[2012/02/15 14:23:05 | 000,000,092 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2012/02/15 14:18:01 | 000,212,233 | ---- | C] () -- C:\Windows\Photo Pos Pro Uninstaller.exe.bak
[2012/02/12 20:44:55 | 000,172,032 | ---- | C] () -- C:\Users\Lorna\abrViewer.NET.exe
[2012/01/08 15:21:55 | 000,004,800 | ---- | C] () -- C:\ProgramData\NTIRegistry.REG
[2011/12/23 23:32:32 | 000,000,989 | ---- | C] () -- C:\Windows\wininit.ini
[2011/11/21 18:44:45 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/11/21 18:44:45 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/11/05 17:12:38 | 000,543,531 | ---- | C] () -- C:\Users\Lorna\New document 1.2011_11_05_17_12_38.0.svg
[2011/06/22 08:08:33 | 000,000,000 | ---- | C] () -- C:\Users\Lorna\AppData\Local\{5975D6E1-F7BB-4A5D-AD55-1634EB9C6B35}
[2011/06/13 15:12:39 | 000,000,000 | ---- | C] () -- C:\Users\Lorna\AppData\Local\{0DBB6458-1470-4D4F-9753-7EAB03AE0100}
[2011/03/04 12:56:48 | 000,040,907 | ---- | C] () -- C:\Users\Lorna\kitty_headbang.gif
[2011/01/14 22:53:58 | 000,000,132 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/12/19 23:48:49 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/04 21:58:22 | 000,000,837 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\FrameFun.ini
[2010/10/03 16:26:15 | 000,001,456 | ---- | C] () -- C:\Users\Lorna\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/10/03 10:44:53 | 000,006,144 | ---- | C] () -- C:\Users\Lorna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/01 20:42:00 | 000,000,036 | ---- | C] () -- C:\Users\Lorna\AppData\Local\housecall.guid.cache
[2010/09/22 08:57:37 | 000,033,134 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\UserTile.png
[2010/09/13 08:10:50 | 000,149,504 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\SharedSettings.ccs
[2010/08/27 16:51:33 | 000,000,132 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/08/17 11:14:46 | 002,064,206 | ---- | C] () -- C:\Users\Lorna\vichallflyerfinal.pdf
[2010/06/30 16:48:41 | 000,004,943 | ---- | C] () -- C:\ProgramData\pyknfeyt.slj
[2010/06/21 08:25:44 | 000,000,104 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\wklnhst.dat
[2010/05/10 08:55:47 | 000,135,441 | ---- | C] () -- C:\Program Files\VH1946-09.jpg
[2008/01/18 21:23:30 | 000,031,766 | ---- | C] () -- C:\Users\Lorna\20067.tdb
[2008/01/18 21:22:33 | 000,000,407 | ---- | C] () -- C:\Users\Lorna\tbook.properties
 
========== ZeroAccess Check ==========
 
[2009/08/19 09:40:19 | 000,054,458 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1062119836-663356838-3640058548-1001\$R819B5X\My Downloaded Artwork\Metallic Alphabet\L.png
[2009/08/19 09:40:42 | 000,077,456 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1062119836-663356838-3640058548-1001\$R819B5X\My Downloaded Artwork\Metallic Alphabet\N.png
[2009/08/19 09:42:00 | 000,069,609 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1062119836-663356838-3640058548-1001\$R819B5X\My Downloaded Artwork\Metallic Alphabet\U.png
[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 09:59:19 | 014,164,480 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 09:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/02/10 12:09:24 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Avant Downloader
[2012/04/02 13:09:02 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Azureus
[2012/04/02 13:09:02 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\BeadTool
[2012/08/15 20:17:46 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Canon
[2010/07/23 20:43:03 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/02 13:08:04 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Chrysanth
[2010/09/15 20:26:58 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\CoffeeCup Software
[2010/07/27 15:55:43 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/05/10 16:24:20 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Craftwell Inc
[2012/04/02 13:08:05 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\CTdeveloping
[2010/06/18 21:52:46 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\CustomBrushesMini
[2013/10/25 21:57:50 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Dashlane
[2013/10/19 12:33:25 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\DAZ 3D
[2013/10/27 10:52:52 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\DesktopIconForAmazon
[2010/08/11 09:06:07 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\DeviceDoctorSoftware
[2013/11/01 18:26:37 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Dropbox
[2012/05/10 17:06:29 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\eCraftShop Pro
[2012/03/28 20:37:07 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\ExpressFiles
[2010/08/30 19:35:45 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Filter Forge Freepack 3 - Frames
[2012/04/02 13:09:03 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\gtk-2.0
[2011/01/21 23:19:58 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\inkscape
[2011/09/15 15:10:27 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Kaleider
[2012/03/19 20:29:22 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\LumaPix
[2012/04/02 13:09:04 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Maxthon2
[2012/05/02 18:03:16 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\NexusFont
[2010/06/07 01:01:05 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Nuance
[2012/04/05 16:02:11 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\onOne Software
[2012/04/02 13:08:22 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Opera
[2010/09/07 10:00:26 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\PC Suite
[2010/09/22 08:57:36 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\PeerNetworking
[2010/07/19 11:06:22 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\PhotoEchoes
[2012/04/02 13:08:22 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Poser Debut
[2012/04/02 13:09:05 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\PowerCinema
[2012/04/02 13:09:05 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Q-Dir
[2012/04/02 13:08:37 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Serif
[2012/04/02 13:09:06 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\SoftDMA
[2011/09/14 15:34:38 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\SPE
[2010/07/27 20:43:06 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/06/21 08:25:51 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Template
[2012/04/02 13:08:39 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Trusteer
[2012/05/04 20:52:46 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\XnView
[2012/03/30 17:03:32 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Yandex
[2012/04/02 13:08:40 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Zeon
[2011/11/03 10:59:55 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.ADML  >
[2009/07/14 02:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2009/06/10 20:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 06:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/26 06:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 06:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/10/05 15:46:38 | 003,167,656 | ---- | M] (Safer-Networking Ltd.) MD5=0AB68BFCE1579A61C36B79CAAFDCE992 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
[2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 05:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 06:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 12:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 06:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 06:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 05:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 13:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 06:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 05:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 01:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 06:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 06:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 06:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2009/07/14 02:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/14 02:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/14 02:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/14 02:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui
 
< MD5 for: EXPLORER.EXE-03C49D11.PF  >
[2013/10/29 10:56:31 | 000,166,552 | ---- | M] () MD5=3BE6A2DBBA0CE08B15B2285379E9B130 -- C:\Windows\Prefetch\EXPLORER.EXE-03C49D11.pf
 
< MD5 for: IEXPLORE.EXE  >
[2011/11/05 05:28:03 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=0377589BF14A6E5667B730D6D6DB59B4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16912_none_0fae4f323e42a646\iexplore.exe
[2010/09/08 04:36:39 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=14803EA3E5DD7CB37CB446C74CFDA38F -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_1a39121b8bff3c23\iexplore.exe
[2011/04/22 20:15:52 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=281C23EC5BCB1853A5D571F1A6E52FB1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_101e7c5957724e1d\iexplore.exe
[2009/07/14 01:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2011/12/16 08:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=38668C6CADABC9487C683FADD3D165D0 -- C:\Windows\SoftwareDistribution\Download\b0feba321cfd1099562f871d1ce948a1\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16930_none_19eb591872b56d75\iexplore.exe
[2011/08/20 04:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=41FE5E37EFE0B587A688BA0E4FA41288 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_19d3ea0872c5a830\iexplore.exe
[2011/11/05 05:34:31 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=441C397A9ECF07747920F7F5E40B419B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21085_none_0fef13a357968bc7\iexplore.exe
[2010/09/08 05:37:57 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=4879CB864E290BED38C5BDB641144B1B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_0fe467c9579e7a28\iexplore.exe
[2010/09/08 05:49:01 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=498035ABCCF1ED47AE6791D239187587 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_0f6c69ae3e743d20\iexplore.exe
[2010/11/04 05:54:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=58CF468D3FF4CF830339FE5E45356355 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_1a0bc510729d1f54\iexplore.exe
[2010/09/08 04:31:24 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=61EDBCE47ADF3E52AB0B9F49EE4AEBB8 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_19c1140072d4ff1b\iexplore.exe
[2011/04/22 19:29:16 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=64EFAF916C4009F1B84153D0BB491FB0 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_1a0bc6f6729d1c7b\iexplore.exe
[2010/11/04 05:54:59 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6B2258FF6D2332073FE9E90122FA4168 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1a75f2618bd22c48\iexplore.exe
[2011/06/21 06:14:22 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=6B2383EDA3956983E3219A62D8408DAB -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_0fe16ab757a12871\iexplore.exe
[2011/06/21 05:25:30 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6BB506124872ACDFAC5BD912CA1334CE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_1a3615098c01ea6c\iexplore.exe
[2010/12/18 06:17:48 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=700B40EA39DFB25517A81032F03D6D20 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_0fa37b7a3e4ac7e9\iexplore.exe
[2010/11/20 13:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2010/12/18 06:11:10 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=8C6C32E4AF8A3D7155656F5897C504E0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1000d84b5789be20\iexplore.exe
[2011/11/05 04:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=8ED7C19AEFA3673AADB0D6864B03FBCE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16912_none_1a02f98472a36841\iexplore.exe
[2012/02/20 10:18:11 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2012/02/20 10:18:11 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
[2010/12/18 05:32:25 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=9321CF0D023528C71E3645F8433C86C8 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1a55829d8bea801b\iexplore.exe
[2011/06/21 05:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=A3AB0A260049BE22AB52E302D9220A92 -- C:\Windows\ERDNT\cache86\iexplore.exe
[2011/06/21 05:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=A3AB0A260049BE22AB52E302D9220A92 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_19f459cc72ad545d\iexplore.exe
[2011/12/16 08:45:57 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=A3F56CED7B94A30BE8954387F0E2B5D2 -- C:\Windows\SoftwareDistribution\Download\b0feba321cfd1099562f871d1ce948a1\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16930_none_0f96aec63e54ab7a\iexplore.exe
[2011/11/05 04:39:45 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=A8A14CD0CB499B80412F75D53996AE29 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21085_none_1a43bdf58bf74dc2\iexplore.exe
[2010/12/18 05:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AA08B68EF4E35EFA170CF85A44B23B70 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_19f825cc72ab89e4\iexplore.exe
[2011/02/24 05:45:11 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AB2BB40A5FE49AD236791AC22BD08869 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1a9d66118bb386fd\iexplore.exe
[2011/08/20 05:46:07 | 000,696,576 | ---- | M] (Microsoft Corporation) MD5=AC1CC7CD5CBE60EFF105BB3C0DC199C5 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_0f7f3fb63e64e635\iexplore.exe
[2011/06/21 06:21:24 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=B38DE184AC135A4B0AE7D286476FA33F -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_0f9faf7a3e4c9262\iexplore.exe
[2011/02/24 06:29:19 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=B4881B8F6EDB48CABD44BCC9FB5475C4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1048bbbf5752c502\iexplore.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2011/12/16 08:42:35 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=C152529FD67ABB61F0609EF5A299794C -- C:\Windows\SoftwareDistribution\Download\b0feba321cfd1099562f871d1ce948a1\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21108_none_104895c75752f56b\iexplore.exe
[2011/12/16 09:19:51 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=C53E41F92B19EC97D987F968403BEC49 -- C:\Windows\SoftwareDistribution\Download\b0feba321cfd1099562f871d1ce948a1\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21108_none_1a9d40198bb3b766\iexplore.exe
[2010/11/20 12:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2011/02/24 05:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C6697A46554E36541E81182B258A19D6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_19d0e74472c85f04\iexplore.exe
[2011/08/20 05:42:38 | 000,696,576 | ---- | M] (Microsoft Corporation) MD5=C66C8BF791F9DB974022506265518EE0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_102322ab576fcd64\iexplore.exe
[2011/04/22 20:16:25 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=D6F57A9ECB4606076FB9519D1698FCBA -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_0fb71ca43e3c5a80\iexplore.exe
[2010/11/04 06:37:41 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=D8E00EA671A1EFE95C69C7566C505AD4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_0fb71abe3e3c5d59\iexplore.exe
[2011/02/24 06:32:09 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=E1BBDE0F187194D4B08335234A4B9FC7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_0f7c3cf23e679d09\iexplore.exe
[2010/11/04 06:42:22 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=E220FB009F54AAF649C6A278A5156764 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1021480f57716a4d\iexplore.exe
[2012/02/20 10:18:00 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Program Files\Internet Explorer\iexplore.exe
[2012/02/20 10:18:00 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe
[2009/07/14 01:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
[2011/04/22 19:11:29 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=F94877A94996B3C12BB31AD722840457 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_1a7326ab8bd31018\iexplore.exe
[2011/08/20 04:32:44 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=FA623BE79902A7B49FF4F21117B63C83 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_1a77ccfd8bd08f5f\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2012/02/20 10:18:01 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2012/02/20 10:18:01 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2012/02/20 10:18:15 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2012/02/20 10:18:15 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2009/07/14 02:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui
[2009/07/14 02:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/14 02:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui
[2009/07/14 02:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui
 
< MD5 for: SERVICES  >
[2009/06/10 21:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.DTD  >
[2012/03/28 20:40:18 | 000,007,693 | ---- | M] () MD5=0167EEA0CD182E558850B3E3BF241D88 -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{06990470-8417-465F-8B58-A3008B344A95}\locale\ru\services.dtd
[2012/03/28 20:40:18 | 000,007,080 | ---- | M] () MD5=5ED0DE2E8771F3061E8A5EA7E83858C4 -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{06990470-8417-465F-8B58-A3008B344A95}\locale\en\services.dtd
[2012/03/28 20:40:18 | 000,007,679 | ---- | M] () MD5=6F349841B35825885251E27954AC2F43 -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{06990470-8417-465F-8B58-A3008B344A95}\locale\be\services.dtd
[2012/03/28 20:40:18 | 000,007,109 | ---- | M] () MD5=863C33EF25373CD8D1103ECEDF027D6F -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{06990470-8417-465F-8B58-A3008B344A95}\locale\cs\services.dtd
[2012/03/28 20:40:18 | 000,007,701 | ---- | M] () MD5=B0758798DEEF23E1D7EF07112D281FCA -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{06990470-8417-465F-8B58-A3008B344A95}\locale\uk\services.dtd
[2012/03/28 20:40:18 | 000,007,859 | ---- | M] () MD5=ECD85452EF5E94D66560797B64751E28 -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{06990470-8417-465F-8B58-A3008B344A95}\locale\kk\services.dtd
[2012/03/28 20:40:18 | 000,007,088 | ---- | M] () MD5=F2F23D6C79AF6CE288C9CC71A99A8C59 -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{06990470-8417-465F-8B58-A3008B344A95}\locale\tr\services.dtd
 
< MD5 for: SERVICES.EXE  >
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2009/07/14 02:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/14 02:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.JS  >
[2013/10/19 11:09:43 | 000,005,711 | ---- | M] () MD5=92C58E360CF2E2E364275DB15E9D0289 -- C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.10.0_0\scripts\services.js
 
< MD5 for: SERVICES.LNK  >
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 20:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 20:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/07/14 02:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 20:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/14 02:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/14 02:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 20:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/14 02:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 20:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 20:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SERVICES.SBS  >
[2011/03/01 09:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy 2\Includes\Services.sbs
 
< MD5 for: SERVICES.XML  >
[2012/03/28 20:40:29 | 000,018,507 | ---- | M] () MD5=C4950F1359292A158B143327D6AEB90B -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\packages\{D02A3D80-B37F-4DB7-8B7A-3E07D5239D7F}\services\services.xml
 
< MD5 for: WINLOGON.ADML  >
[2009/07/14 02:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2009/06/10 21:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 13:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 01:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 07:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 06:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009/10/28 06:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 06:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2010/11/20 13:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
[2009/07/14 02:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2009/07/14 02:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui
 
< MD5 for: WINLOGON.MFL  >
[2009/07/14 02:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/14 02:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2009/07/13 20:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 20:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2013/10/30 18:33:49 | 000,028,220 | ---- | M] () -- C:\aaw7boot.log
[2013/10/27 10:54:50 | 000,000,002 | ---- | M] () -- C:\AvastSetup.log
[2009/07/14 01:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/07/27 20:40:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/07/02 08:51:00 | 000,013,757 | ---- | M] () -- C:\CDAVFSuser.log
[2010/07/01 09:01:47 | 000,017,570 | ---- | M] () -- C:\CDAVFSuserBackup.log
[2011/10/09 12:17:21 | 000,045,546 | ---- | M] () -- C:\ComboFix.txt
[2008/10/27 13:19:23 | 000,064,883 | ---- | M] () -- C:\converterv_mzr64rr1.jar
[2008/10/08 11:48:50 | 000,075,174 | ---- | M] () -- C:\CybDefInstallInfo.log
[2008/10/27 13:30:51 | 000,132,104 | ---- | M] () -- C:\dap050015_ciqqkzpv.jar
[2012/05/01 23:21:53 | 000,000,089 | ---- | M] () -- C:\data
[2002/07/28 23:40:00 | 001,059,840 | ---- | M] (Auto FX Software) -- C:\DS_Bonus_Plugin.8bf
[2012/01/09 18:10:47 | 000,461,824 | -HS- | M] () -- C:\EUMONBMP.SYS
[2010/01/03 00:00:36 | 000,004,047 | ---- | M] () -- C:\EyeCandyLog.txt
[2009/01/04 07:40:46 | 000,003,275 | ---- | M] () -- C:\flpalbm.opf
[2008/10/27 13:17:57 | 000,060,114 | ---- | M] () -- C:\gintris_u77v9ril.jar
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2008/10/27 13:08:33 | 000,051,408 | ---- | M] () -- C:\greatertha_bhihclc7.jar
[2005/01/21 04:12:14 | 000,000,011 | ---- | M] () -- C:\H07542EN.tag
[2013/10/30 18:33:51 | 3217,235,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/29 10:39:32 | 000,016,629 | ---- | M] () -- C:\hijackthis.log
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2010/02/25 09:20:32 | 000,000,490 | ---- | M] () -- C:\INSTALL.LOG
[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2012/01/19 16:57:49 | 000,000,863 | ---- | M] () -- C:\InstallHelper.log
[2010/03/22 18:11:13 | 000,696,747 | ---- | M] () -- C:\jemshorthair1.jpg
[2010/03/22 18:11:33 | 001,754,727 | ---- | M] () -- C:\jemshorthair2.jpg
[2010/03/22 18:12:13 | 000,650,199 | ---- | M] () -- C:\jemshorthair3.jpg
[2010/03/22 18:13:01 | 000,916,381 | ---- | M] () -- C:\jemshorthair4.jpg
[2010/03/22 18:13:42 | 001,051,683 | ---- | M] () -- C:\jemshorthair6.jpg
[2010/03/22 18:14:35 | 000,761,656 | ---- | M] () -- C:\jemshorthair7.jpg
[2010/03/22 18:15:11 | 000,838,946 | ---- | M] () -- C:\jemshorthair8.jpg
[2009/03/23 21:26:52 | 000,047,183 | ---- | M] () -- C:\me.jpg
[2010/03/22 18:07:55 | 001,293,737 | ---- | M] () -- C:\merlinlas4t.jpg
[2010/03/22 18:00:47 | 000,654,981 | ---- | M] () -- C:\merlinlast1.jpg
[2010/03/22 18:01:29 | 000,709,909 | ---- | M] () -- C:\merlinlast2.jpg
[2010/03/22 18:02:11 | 000,833,637 | ---- | M] () -- C:\merlinlast3.jpg
[2010/03/22 18:08:37 | 000,599,749 | ---- | M] () -- C:\merlinlast5.jpg
[2010/03/22 18:09:28 | 000,565,526 | ---- | M] () -- C:\merlinlast6.jpg
[2010/03/22 18:10:08 | 000,596,533 | ---- | M] () -- C:\merlinlast7.jpg
[2000/05/21 23:00:00 | 000,115,920 | ---- | M] (Microsoft Corporation) -- C:\Msinet.ocx
[2002/01/05 02:38:38 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\msvci70.dll
[2013/10/30 18:33:54 | 4289,650,688 | -HS- | M] () -- C:\pagefile.sys
[2009/09/04 16:15:12 | 000,003,011 | RHS- | M] () -- C:\Patch.rev
[2010/05/09 18:16:33 | 000,000,218 | RHS- | M] () -- C:\Preload.rev
[2009/04/23 19:46:30 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\psapi.dll
[2007/03/07 16:40:40 | 000,000,345 | ---- | M] () -- C:\RHDSetup (1).log
[2010/05/09 18:25:31 | 000,001,989 | ---- | M] () -- C:\RHDSetup.log
[2008/05/15 15:04:28 | 000,000,479 | ---- | M] () -- C:\sghmmail.ECF
[2009/09/12 22:17:37 | 000,115,224 | ---- | M] () -- C:\snp2sxp-001.raw
[2007/06/11 10:28:58 | 000,000,600 | -H-- | M] () -- C:\SWSTAMP.TXT
[2009/10/26 21:46:58 | 000,005,966 | ---- | M] () -- C:\SyncTraceFile.txt
[2011/04/28 09:07:54 | 000,067,488 | ---- | M] () -- C:\TDSSKiller.2.4.3.0_28.04.2011_10.04.28_log.txt
[2011/10/09 13:26:05 | 000,000,414 | ---- | M] () -- C:\TDSSKiller.2.5.22.0_09.10.2011_14.25.57_log.txt
[2011/09/14 15:30:40 | 000,074,170 | ---- | M] () -- C:\TDSSKiller.2.5.22.0_14.09.2011_16.29.14_log.txt
[2011/10/09 13:30:57 | 000,171,428 | ---- | M] () -- C:\TDSSKiller.2.6.6.0_09.10.2011_14.28.05_log.txt
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/10/05 15:13:30 | 000,470,582 | ---- | M] () -- C:\vcredist_x86.log
[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2008/10/27 13:09:33 | 000,000,839 | ---- | M] () -- C:\worms08_kz4me3av.jad
[2010/11/06 15:56:03 | 003,656,870 | ---- | M] () -- C:\xcards.ppp
[2008/06/04 11:37:03 | 000,000,162 | ---- | M] () -- C:\YServer.txt
[2008/10/27 13:05:41 | 000,269,414 | ---- | M] () -- C:\zuma_mp7zxmpq.jar
[2012/01/09 19:17:22 | 000,004,096 | -HS- | M] () -- C:\{37CC1B76-A9E8-4D00-8A60-DE2D72F75C1D}.CBM
 
< %systemroot%\Fonts\*.com >
[2009/07/14 05:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 05:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 05:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 05:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 20:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2011/11/28 18:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2009/09/22 16:15:26 | 000,220,672 | ---- | M] (Juan Trujillo Tarradas; http://www.jttsoft.com) -- C:\Windows\PhotoEchoes.scr
[2010/11/10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009/07/14 04:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is ACER
 Volume Serial Number is 046D-856D
 Directory of C:\
14/07/2009  05:08    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
14/07/2009  05:08    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
14/07/2009  05:08    <SYMLINKD>     All Users [C:\ProgramData]
14/07/2009  05:08    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
14/07/2009  05:08    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009  05:08    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     My Documents [C:\Users\Default\Documents]
14/07/2009  05:08    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009  05:08    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009  05:08    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009  05:08    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Users\Default\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Lorna
09/05/2010  18:16    <JUNCTION>     Application Data [C:\Users\Lorna\AppData\Roaming]
09/05/2010  18:16    <JUNCTION>     Cookies [C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Cookies]
09/05/2010  18:16    <JUNCTION>     Local Settings [C:\Users\Lorna\AppData\Local]
09/05/2010  18:16    <JUNCTION>     My Documents [C:\Users\Lorna\Documents]
09/05/2010  18:16    <JUNCTION>     NetHood [C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/05/2010  18:16    <JUNCTION>     PrintHood [C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/05/2010  18:16    <JUNCTION>     Recent [C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Recent]
09/05/2010  18:16    <JUNCTION>     SendTo [C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\SendTo]
09/05/2010  18:16    <JUNCTION>     Start Menu [C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Start Menu]
09/05/2010  18:16    <JUNCTION>     Templates [C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Lorna\AppData\Local
09/05/2010  18:16    <JUNCTION>     Application Data [C:\Users\Lorna\AppData\Local]
09/05/2010  18:16    <JUNCTION>     History [C:\Users\Lorna\AppData\Local\Microsoft\Windows\History]
09/05/2010  18:16    <JUNCTION>     Temporary Internet Files [C:\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Lorna\Documents
09/05/2010  18:16    <JUNCTION>     My Music [C:\Users\Lorna\Music]
09/05/2010  18:16    <JUNCTION>     My Pictures [C:\Users\Lorna\Pictures]
09/05/2010  18:16    <JUNCTION>     My Videos [C:\Users\Lorna\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile
06/09/2010  17:51    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
06/09/2010  17:51    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
06/09/2010  17:51    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
06/09/2010  17:51    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/09/2010  17:51    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/09/2010  17:51    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
06/09/2010  17:51    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
06/09/2010  17:51    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
06/09/2010  17:51    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local
06/09/2010  17:51    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
06/09/2010  17:51    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
06/09/2010  17:51    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\Documents
06/09/2010  17:51    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
06/09/2010  17:51    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
06/09/2010  17:51    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile
06/09/2010  17:51    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
06/09/2010  17:51    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
06/09/2010  17:51    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
06/09/2010  17:51    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/09/2010  17:51    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/09/2010  17:51    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
06/09/2010  17:51    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
06/09/2010  17:51    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
06/09/2010  17:51    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
06/09/2010  17:51    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
06/09/2010  17:51    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
06/09/2010  17:51    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
06/09/2010  17:51    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
06/09/2010  17:51    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
06/09/2010  17:51    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              79 Dir(s)  290,217,127,936 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/03/29 09:35:59 | 000,000,286 | -HS- | M] () -- C:\Users\Lorna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2012/02/23 14:27:21 | 000,000,221 | -HS- | M] () -- C:\Users\Lorna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
[2013/11/03 11:59:04 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Lorna\Desktop\aswMBR.exe
[2013/10/29 10:54:05 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Lorna\Desktop\HijackThis.exe
[2013/11/03 12:02:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lorna\Desktop\OTL.exe
[2013/11/03 11:58:42 | 000,891,184 | ---- | M] () -- C:\Users\Lorna\Desktop\SecurityCheck.exe
 
< %PROGRAMFILES%\Common Files\*.* >
[2009/02/10 19:23:42 | 000,192,484 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acer GameZone online.ico
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Base Services ==========
SRV:64bit: - [2009/07/14 01:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2009/07/14 01:40:01 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 01:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2009/07/14 01:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2009/07/14 01:40:10 | 000,703,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 07:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 01:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 01:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2009/07/14 01:40:13 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2009/07/14 01:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2009/07/14 01:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2009/07/14 01:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2009/07/14 01:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 01:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 06:17:10 | 000,182,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 01:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 01:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 01:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 01:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009/07/14 01:41:10 | 000,500,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/14 01:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 01:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 01:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 01:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 01:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2009/07/14 01:41:52 | 000,302,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 01:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 11:21:59 | 000,404,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2010/08/21 06:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 07:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 01:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2009/07/14 01:41:53 | 000,343,552 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2009/07/14 01:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2009/07/14 01:41:53 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 07:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2010/12/21 06:16:27 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/08/27 06:14:02 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2009/07/14 01:41:54 | 000,369,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/14 01:16:14 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/02 05:16:53 | 001,114,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2009/07/14 01:41:55 | 000,316,416 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 01:16:15 | 000,241,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 01:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/14 01:41:53 | 000,208,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2009/07/14 01:39:50 | 001,598,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2009/07/14 01:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2009/07/14 01:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2009/07/14 01:41:53 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:41:56 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2009/07/14 01:41:27 | 000,824,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2009/07/14 01:41:56 | 000,578,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2009/07/14 01:39:21 | 000,127,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2009/07/14 01:14:25 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 01:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 22:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2009/07/14 01:40:32 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 01:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2009/07/14 01:41:56 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HTS545050B9A300
Partitions: 4
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HTS545050B9A300
Partitions: 1
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 12.00GB
Starting Offset: 1048576
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 4.00GB
Starting Offset: 12583960576
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 16342056960
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #3
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 450.00GB
Starting Offset: 16446914560
Hidden sectors: 0
 
 
DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 466.00GB
Starting Offset: 32256
Hidden sectors: 0
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\wordchart1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\WM0270.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Weave-ItBkTwo.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Weave-ItBkThree.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\vintage_knitting_tips.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\vintage_knitting_tips.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\vertigo-source.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\vertigo-logo-source.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\vertigo-footer-source.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Valsaddress.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\tyroknit.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\TheWeave-ItBook.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\testpdf.PDF:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\TechniqueColoredPencil.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\sv_028.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\surveys.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\stitchy.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\steampunk-bug.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\star_template.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\stamford-artisans-guild-logo.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Spool221.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\showcase-source.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Sea%20Breeze%20Angelina%20instructions.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\SAGE INVOICES.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\replicant2-source.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\PRESS RELEASEoldword.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\press release vic hall lorna.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\pic for payperhour.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\pdftedst.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\paper doll maryjane.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\office10beta.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\OFFICE PROFESSIONAL KEY.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\mywatchmanual.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Mysnowflakes.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Mysnowflakes.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Microsoft Word - r conboy webvert march 08.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\m names.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\linked in us search.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\len and nell page 11 i think cmyk.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\LayoutTool - Legacy.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\JumpingJacks.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\JumpingJacks(1).pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\joomla_15_quickstart.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\jemjoker.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\jemcvnewtxtonly.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\jem cv.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\jem cv new.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\jem coverletterbarclays.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\IS SHAKESPEARE DEAD.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\invite square copy.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Inside Front Cover.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\inside back cover cmyk.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\High-Raw-Kevin-Gianni.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\hhswholething.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\heartsnflowerspng.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\HEARTSfinal layout2up.docx.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\HEARTSfinal layout.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Hearts.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Heart_templates.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\googlebase-ezlibris-200806231005.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\googlebase-ezlibris-200806230956.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\front cover cmyk.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\From the time I was a little girl.pps:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\fox2crop.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\flowersp.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\flower_template.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\flower.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\floralpeyote v2.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\floral1peyote1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\floral1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\floral1 peyote1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\farm1a.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\ETSToysB.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\ETSToysA.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Elfic_doll.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\dvlalicenceapp.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\CTMJanFeb08 FINAL.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\CTFEB07CrochetFroggyHatCheerioEssentials.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\cs5serial.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\COURIER.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\CorelDRAW Graphics Suite X3.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\copyrightnotice.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\copyrightnotice.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\cctreescrop.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\cash_book_pro_v2.0.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Card07.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Card06.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Card04.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\calendar_organizer_months.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\broadsheetsteampunk.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\BABYmocsBtys.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\B023_ebook.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\amclassical_silent_night.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\alicewivbaby.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\aglaciercrop.JPG:Roxio EMC Stream
@Alternate Data Stream - 452 bytes -> C:\Users\Lorna\Documents\vichallflyerfinal.ppp:SummaryInformation
@Alternate Data Stream - 436 bytes -> C:\xcards.ppp:SummaryInformation
@Alternate Data Stream - 432 bytes -> C:\Users\Lorna\Documents\alice1.ppp:SummaryInformation
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:BC3DB898
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:2B11E0DF

< End of report >

EXTRAS.txt:

 

OTL Extras logfile created on: 03/11/2013 12:30:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lorna\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
4.00 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 62.33% Memory free
7.99 Gb Paging File | 6.07 Gb Available in Paging File | 76.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.44 Gb Total Space | 268.88 Gb Free Space | 59.69% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 246.55 Gb Free Space | 52.93% Space Free | Partition Type: NTFS
Drive E: | 254.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: LORNA-PC | User Name: Lorna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Value error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FB98A1-7AF9-46DA-870E-B3E179CE55A5}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0A37EBFD-4C01-4323-BBD7-D212EB87C91B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0D23B282-2882-4D6B-B34C-C809FBDB29EB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0E8B587E-8654-49E1-ADD9-5A6126327F9C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{109092A7-9655-42A4-BE06-1E4293F9D2BC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{175CC621-2FC3-4E9A-8A3B-8688346CBA8F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1AB91F7A-C8C3-4F1B-90E2-0DF59D760C39}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2456651F-140F-41DB-AE77-FD4C437211B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{285DA852-E50B-4CD6-A2AF-A67C16058365}" = rport=445 | protocol=6 | dir=out | app=system |
"{2F22710D-5CDC-42CB-8492-66DE3A6C1D8D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{327F1DA6-D344-4488-B593-D5455C2CC737}" = rport=10243 | protocol=6 | dir=out | app=system |
"{36B71C93-50A9-4F48-BF8E-7569CFD30A5C}" = rport=2869 | protocol=6 | dir=out | app=system |
"{40D98898-C72B-48A9-9001-AA1EA67D641E}" = lport=137 | protocol=17 | dir=in | app=system |
"{6B75E5BC-8C35-4758-A8B9-670E1F4D590B}" = rport=138 | protocol=17 | dir=out | app=system |
"{6CD889C3-ADC0-4253-A003-13D5A86433E1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E491A19-0544-4E98-8CCB-FEDFDAC391BA}" = lport=445 | protocol=6 | dir=in | app=system |
"{8F3FDE23-CB59-40E2-99DC-248E18C6AD35}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8F63FA6D-D92E-43F1-9736-08F1DA4C0ED6}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{990019A1-389A-4131-8ED1-75C68E987E3B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{999B8C11-E1E9-48B0-B131-51BF04F48763}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AAA4096A-8218-492F-867B-6DBBFF09D244}" = lport=139 | protocol=6 | dir=in | app=system |
"{AFDF5C9D-EF74-429B-9DDA-9E4A52576469}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B4D7A118-7027-45E5-82C6-7DDA4005F457}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B8ACFC35-CE78-4145-97F9-3CBB5905ACA3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C242A725-DF66-4D6B-A25D-B69DFEC85D60}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C5299320-4AFA-44FD-A254-D0ACE41376CF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D00F6322-F81F-48FE-A42C-689480474DF6}" = lport=138 | protocol=17 | dir=in | app=system |
"{D60C093C-775D-44FB-AA6D-5FAA2E4AB678}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DADE18E9-DEFD-4BE3-AFCF-7D5B3440B6FA}" = rport=137 | protocol=17 | dir=out | app=system |
"{DD1C5633-85CA-4F5D-9761-7C44D8785AB1}" = rport=139 | protocol=6 | dir=out | app=system |
"{EC3E75AD-21E1-4969-9906-E6FFDDE263DE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E663DF1-5CC7-49F9-B4F2-DE4EC2CDF538}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0F9493B2-954A-45C2-A962-D64D963598B1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0FE74F0C-38DE-4447-9C5F-A7F1C895A49C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{17355C71-1C6A-4F7A-8DCB-76D5074EC64E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{19B926AF-F118-4E2D-A0D5-C54FC4933C29}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{24F886AC-2564-49A6-89B6-1C9DA4C959E8}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{3439C0E9-1858-4AFC-B720-4D3F0F01045D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{35CDDABE-97DD-4AD8-821E-EEEB6CEF9103}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3FBBCB08-A755-4D39-A53F-895873691A91}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{4316C09F-0F43-489A-B7F3-8E3B9B5A77CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{439578B7-4ED0-4CF8-8AB8-880B24B1A4F0}" = protocol=17 | dir=in | app=c:\windows\temp\cmc_dragon\restart_helper.exe |
"{4C0574E3-F9E2-453F-977D-3571B658121D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4FF09CFE-451B-44A1-94E3-5D177B5026A7}" = protocol=17 | dir=in | app=c:\users\lorna\appdata\roaming\dropbox\bin\dropbox.exe |
"{5AE9766C-EC17-454E-8FAA-3F3A5806AE5F}" = protocol=6 | dir=in | app=c:\users\lorna\appdata\roaming\dropbox\bin\dropbox.exe |
"{64FAC652-19ED-4637-86F6-E87D29048500}" = protocol=6 | dir=out | app=system |
"{65189FD5-E420-4929-89DC-C2432B37F088}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{658D211A-36E4-456B-9DE6-B38E6BF5B7E1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6756D2C8-D447-4C27-992D-1671AB2C3B21}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\comodo\tvnserver.exe |
"{69C7DF42-A0B7-4CBF-BFD9-C5402896D6E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E739B8C-F5DE-44CC-8156-3C2DC7FBF9E3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{727199DC-71F7-4C6F-9C5A-F2D8EBFFBFC0}" = protocol=6 | dir=in | app=c:\windows\temp\cmc_dragon\restart_helper.exe |
"{7928CA9C-B0CE-4A93-92AC-D6D67FF39CD8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7AC87AB6-F04D-4E76-A450-665B8B5DDD80}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{7D537CD3-E95A-48C2-92C2-0362143919F4}" = protocol=6 | dir=in | app=c:\users\lorna\appdata\roaming\dropbox\bin\dropbox.exe |
"{9C1B4A8A-2198-4CB1-8A6A-233778D9C76E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A2D0DBED-F7DE-49E0-98DB-F40E792C4A74}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AD7E18DA-5144-4307-BA47-6F910D52F525}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AE1F3226-FB2F-458F-863C-92CE34467DBD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BF5AE95C-5779-49FC-A95F-A19EB426F5D2}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C38F1B2D-5541-4443-B546-983E13B9D4FF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C4F6DDF6-0527-4A4C-86DB-FD1661B27A3B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C97E426B-9C46-428A-BA44-247A11D73F7C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CB269071-FD26-4B3D-A1F0-ED82D4F8FF34}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{CE7E3F2C-374E-434B-8097-6F85E818F921}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\comodo\tvnserver.exe |
"{D8442974-63BC-40C7-9F42-2A2EB91307D4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DF1E12D1-625A-434C-8AF2-ADBACA066882}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EA239201-9796-4433-8FAD-6D2F7FBC6256}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{EEE8BE16-4EBD-4E1F-BC9F-8CDFD7739918}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EF398F74-BF9D-4889-A8D1-65612570EE45}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F512C44E-C797-4A64-852D-559A86C114ED}" = protocol=17 | dir=in | app=c:\users\lorna\appdata\roaming\dropbox\bin\dropbox.exe |
"{FECBDD97-A918-4925-8F49-4671A74E4771}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{108A39BF-4ED1-4293-B11A-06BD521FB8F7}" = FreeOCR 3.0
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A9E695CB-A6AA-4B4C-9754-BA3CFF1C3B00}" = HP Officejet Pro 8000 A809 Series
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"A5B98551C6BA1C24D2FDDFB2E1764339D449F74D" = Windows Driver Package - Intel (NETw5v64) net  (09/15/2009 13.0.0.107)
"B540836D57069F83653778772EE56C5408F1B192" = Windows Driver Package - Intel (NETw5s64) net  (09/15/2009 13.0.0.107)
"DesktopIconAmazon" = Desktop Icon für Amazon
"Free PDF to Word Converter_is1" = Free PDF to Word Converter 4.2.3.183
"GIMP-2_is1" = GIMP 2.6.12
"HitmanPro37" = HitmanPro 3.7
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"novaPDF Pro v5_is1" = novaPDF Pro v5 (novaPDF Professional Desktop 5.5  printer)
"NVIDIA Drivers" = NVIDIA Drivers
"PDFtypewriter Printer Driver" = PDFtypewriter Printer Driver
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FAEAEC8-F458-4AE2-89B8-BF680FD245D5}" = 8000A809_eDocs
"{1000ACF5-0BCF-4FC0-B4F5-F044317F9155}" = ProductContext
"{10B1D4F7-6568-48F7-92FD-74D616CD061E}" = Serif CraftArtist Wedding Days Collection
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1439B98F-681E-4D51-BB90-D04474E4C6EA}" = Serif Digital Scrapbook Artist 2
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15879CF1-46AD-4A19-B362-E3A939C65BA9}" = DaisyTrail Summer Fun Digikit
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BB1AF9-981C-4539-9113-D2F88F031C1D}" = GeekBuddy
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2189194E-35E0-4597-BC93-63DC40EB9258}" = Serif Digital Scrapbook Artist Photobook, Basic
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{25015AF4-F435-4605-A06F-BA91C0BF6087}" = Serif CraftArtist Scrapbooks Collection
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{26F8F39E-C228-4E3C-93A5-061FCCBFC914}" = Serif PagePlus Essentials
"{27996809-446F-7261-6C69-6B654C656F6E}" =
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{312F775B-EF9B-4456-83C8-4B4596677C13}" = Serif CraftArtist Baby Photos Collection
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{366584A4-1D35-49B2-97B3-C803DDFCC543}" = myPrintMileage (Officejet Pro 8000 A809)
"{3AD783E5-1DC6-4FDF-B913-C371657B7A6B}" = Acer Arcade Instant On
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EC9C9AB-28DA-411D-8EFE-E31AFAFA038A}" = Karen Gover, Turkish Delight Digikit
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{565A39D6-4FB0-4F35-A2AC-0DC66ACC3520}" = Fingerprint Solution
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5ED5BC4D-CADC-4705-A230-D1FC80882252}" = PhotoTools 2.6.3 Free
"{5F9DDC8F-5D4D-4D63-BDB5-8DB3EE1432E4}" = Serif PagePlus Essentials Bonus Content Pack
"{61B3CAF9-0C8A-4390-AE72-D6B90FB71C17}" = Serif CraftArtist Professional
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63CA71FE-85AB-49AE-8668-26951FBD95DC}" = Kaleidoscope Kreator 3
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{761E061F-FB8E-BBB4-69A4-B1DEF3640DB7}" = Zinio Reader 4
"{76E2A1A0-CE72-48A0-8D8E-767A1B0C2191}" = PhotoFrame 4.6.3 Free
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C08721F-AC43-4198-A35B-93442DD10A26}" = Serif CraftArtist Greeting Cards Collection
"{7D336C6B-1C91-4AD4-B168-F1E1AC08D737}" = PDFtypewriter with PDF Printer Driver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}" = Star Defender 4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92975DF9-EA36-4F36-A9AC-D412BC1D709E}" = Nuvoton EC Generic HID Driver
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A8BCCBD-07F6-4B3E-9463-FA556619744E}" = eBaitor
"{9ADE9794-F65D-11BE-051B-B6E52B5CDD04}" = Adobe Community Help
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FB13038-240D-427E-B27E-1796E5C0FA1A}" = DaisyTrail Vintage Sideshow Digikit
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{B9830694-3D4A-40CC-AB27-5A8C9E160200}" = BPDSoftware
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BDE7CE44-145A-47E3-9A75-9FBD49D9B46B}" = 8000A809
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C5F7045B-193F-418C-A4DE-27F76F28841E}" = BPDSoftware_Ini
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF255306-5B68-401F-87BA-AA62BEA6888C}" = 8000A809_Help
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12EBB4E-CF21-496D-979F-89D9DE58C5B8}" = PDFill PDF Tools (FREE)
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3F42516-EC12-4ECF-A3C3-5A79CD3CB5F5}" = Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D575FBAA-D6D6-4221-A2C4-67541DB7AB5E}_is1" = Device Doctor 1.0.0.1
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12F5FD8-3C24-4594-9730-3F89C04A45AA}" = eCraftShop Pro
"{E2B31B67-9795-4EF9-9AC6-B683E7B11BE6}_is1" = FotoFusion v4
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFEDD205-43FE-4208-B682-0937E803E19E}_is1" = NexusFont 2.5 (ver 2.5.7.1562)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F840E2F3-138C-4307-83F7-D0A5DD75B6CE}" = Samsung SCX-4100 Series (TWAIN)
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aniMate 2 DS3 2.0.0.7" = aniMate 2 DS3
"avast" = avast! Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Comodo Dragon" = Comodo Dragon
"DAZ 3D Install Manager 1 1.0.1.90" = DAZ 3D Install Manager 1
"DAZ Content Management Service 4.8.1.7" = DAZ Content Management Service
"DAZ Studio 3 3.1.2.32" = DAZ Studio 3
"Dazzling Reflections PE (Trial Version)_is1" = Dazzling Reflections PE v2.1
"DirPrintOK" = DirPrintOK
"DreamSuite Bonus" = Uninstall DreamSuite Bonus
"EaseUS Todo Backup Free 4.0_is1" = EaseUS Todo Backup Free 4.0
"Echoes_is1" = PhotoEchoes 3.1.004
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressBurn" = Express Burn Disc Burning Software
"Filter Forge Freepack 1 - Metals_is1" = Filter Forge Freepack 1 - Metals 2.009
"Filter Forge Freepack 2 - Photo Effects_is1" = Filter Forge Freepack 2 - Photo Effects 2.009
"Filter Forge Freepack 3 - Frames_is1" = Filter Forge Freepack 3 - Frames 2.009
"Filter Forge Freepack 4 - Distortions_is1" = Filter Forge Freepack 4 - Distortions 1.015
"Filter Forge Freepack 5 - Hearts_is1" = Filter Forge Freepack 5 - Hearts 2.009
"Filter Forge Freepack 6 - Patterns_is1" = Filter Forge Freepack 6 - Patterns 2.009
"FrameFun_is1" = FrameFun 2.0.0.7
"FrameMaster" = FrameMaster 2.14
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"GPL Ghostscript 8.57" = GPL Ghostscript 8.57
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"GridMagic_is1" = GridMagic 3.3.0.201
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"Identity Card" = Identity Card
"IE Kaleidoscope" = IE Kaleidoscope
"Inkscape" = Inkscape 0.48.2
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{565A39D6-4FB0-4F35-A2AC-0DC66ACC3520}" = Acer Bio Protection
"Instant Eyedropper_is1" = Instant Eyedropper 1.75
"Kaleider_is1" = Kaleider 4.8.1
"LManager" = Launch Manager
"Make The Cut!" = Make The Cut!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Maxthon2" = Maxthon2
"Mozilla Firefox 24.0 (x86 en-GB)" = Mozilla Firefox 24.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Pattaizer_is1" = Pattaizer v1.3
"Picasa 3" = Picasa 3
"Plugin Commander Light 1.61_is1" = Plugin Commander Light 1.61
"Poser Debut_is1" = Poser Debut
"Rapport_msi" = Rapport
"Samsung SCX-4100 Series" = Samsung SCX-4100 Series
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"SpywareBlaster_is1" = SpywareBlaster 4.4
"TabletDriver" = Trust Tablet Driver
"Ulead ArtTexture.Plugin 1.0" = Ulead ArtTexture.Plugin 1.0
"Ulead FantasyWarp.Plugin 1.0" = Ulead FantasyWarp.Plugin 1.0
"VertusPlayWithPictures" = Vertus Play With Pictures 1.0.9
"WinLiveSuite" = Windows Live Essentials
"Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free
"XnView_is1" = XnView 1.96.1
"Yandex Toolbar Removal Tool_is1" = Yandex Toolbar Removal Tool
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dashlane" = Dashlane
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spoon Sandbox Manager 3.32" = Spoon Sandbox Manager 3.32
"WinDirStat" = WinDirStat 1.1.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21/08/2011 14:51:35 | Computer Name = Lorna-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wbengine.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bc537  Faulting module name: ntdll.dll, version: 6.1.7600.16695,
time stamp: 0x4cc7b325  Exception code: 0xc0000005  Fault offset: 0x000000000004c8f4
Faulting
 process id: 0x227c  Faulting application start time: 0x01cc602cfa36a747  Faulting application
 path: C:\Windows\system32\wbengine.exe  Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
 Id: 978b0a96-cc26-11e0-87ba-ab44c7e5e56f
 
Error - 25/08/2011 14:40:11 | Computer Name = Lorna-PC | Source = MSSOAP | ID = 16
Description = Soap error: XML Parser failed at linenumber 0, lineposition 0, reason
 is: The system cannot locate the resource specified.  .
 
Error - 25/08/2011 14:40:11 | Computer Name = Lorna-PC | Source = MSSOAP | ID = 16
Description = Soap error: Loading of the WSDL file failed.
 
Error - 25/08/2011 14:40:11 | Computer Name = Lorna-PC | Source = MSSOAP | ID = 16
Description = Soap error: One of the parameters supplied is invalid..
 
Error - 26/08/2011 08:40:41 | Computer Name = Lorna-PC | Source = Application Hang | ID = 1002
Description = The program CraftArtist.exe version 1.0.4.40 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1fb4    Start
 Time: 01cc63d406a2153c    Termination Time: 0    Application Path: C:\Program Files (x86)\Serif\CraftArtist\1.0\Program\CraftArtist.exe

Report
 Id: 860975a6-cfe0-11e0-87ba-ab44c7e5e56f  
 
Error - 27/08/2011 18:46:38 | Computer Name = Lorna-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
 Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value
 "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
 "version" in element "assemblyIdentity" is invalid.
 
Error - 28/08/2011 07:28:10 | Computer Name = Lorna-PC | Source = System Restore | ID = 8210
Description =
 
Error - 28/08/2011 16:38:41 | Computer Name = Lorna-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16768,
time stamp: 0x4d688122  Faulting module name: wucltux.dll, version: 7.3.7600.16385,
 time stamp: 0x4a5be09e  Exception code: 0xc0000005  Fault offset: 0x0000000000054f1d
Faulting
 process id: 0x46c  Faulting application start time: 0x01cc65795e54bcd5  Faulting application
 path: C:\Windows\Explorer.EXE  Faulting module path: C:\Windows\system32\wucltux.dll
Report
 Id: b67d2884-d1b5-11e0-859f-ea060eeb6d6c
 
Error - 28/08/2011 16:42:33 | Computer Name = Lorna-PC | Source = Application Hang | ID = 1002
Description = The program Photoshop.exe version 12.0.0.0 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: d28    Start
 Time: 01cc65c14a159d76    Termination Time: 835    Application Path: C:\Program Files\Adobe\Adobe
 Photoshop CS5 (64 Bit)\Photoshop.exe    Report Id:   
 
Error - 01/09/2011 14:20:39 | Computer Name = Lorna-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
 Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value
 "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
 "version" in element "assemblyIdentity" is invalid.
 
[ System Events ]
Error - 01/11/2013 14:25:58 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 01/11/2013 14:26:03 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 01/11/2013 14:26:17 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 01/11/2013 14:26:26 | Computer Name = Lorna-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Google
 Software Updater service to connect.
 
Error - 01/11/2013 14:26:26 | Computer Name = Lorna-PC | Source = DCOM | ID = 10005
Description =
 
Error - 03/11/2013 07:51:00 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 03/11/2013 07:51:10 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 03/11/2013 07:51:40 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 03/11/2013 09:31:42 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 03/11/2013 09:31:44 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
 
 
< End of report >



 



#7 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 03 November 2013 - 07:46 AM

Here are the results of the scans

 

SECURITY CHECK:

 

 Results of screen317's Security Check version 0.99.76  
 Windows 7  x64 (UAC is enabled)  
 Out of date service pack!!
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Lavasoft Ad-Watch Live! Anti-Virus   
avast! Antivirus                     
COMODO Antivirus                     
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Ad-Aware
 MVPS Hosts File  
 Out of date HijackThis  installed!
 SpywareBlaster 4.4    
 Spybot - Search & Destroy 2
 Malwarebytes Anti-Malware version 1.75.0.1300  
 HijackThis 2.0.2    
 Java™ 6 Update 20  
 Java version out of Date!
 Adobe Flash Player 11.9.900.117  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox 24.0 Firefox out of Date!  
 Google Chrome 31.0.1650.34  
````````Process Check: objlist.exe by Laurent````````  
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 Spybot Teatimer.exe is disabled!
 Comodo Firewall cmdagent.exe
 Comodo Firewall cfp.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

AswMBR: NOTE; ONLY ONE FILE SAVED, SO CANNOT ATTACH THE OTHER ONE IT SHOULD HAVE GENERATED ... AND THIS ERROR MESSAGE APPEARED PRIOR TO DOWNLOADING VIRUS DEF'S AND ALSO AFTER DOWNLOADING VIRUS DEFINITIONS:

 

The procedure entry point aswscnGetVirusID could not be located in the dydnamic link library aswScan.dll

 

 

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-03 12:20:07
-----------------------------
12:20:07.096    OS Version: Windows x64 6.1.7600
12:20:07.096    Number of processors: 2 586 0x170A
12:20:07.098    ComputerName: LORNA-PC  UserName: Lorna
12:20:11.765    Initialize success
12:26:04.558    AVAST engine error: 2
12:27:53.465    The log file has been saved successfully to "C:\Users\Lorna\Desktop\aswMBR.txt"

 

OTL:

 

OTL logfile created on: 03/11/2013 12:30:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lorna\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
4.00 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 62.33% Memory free
7.99 Gb Paging File | 6.07 Gb Available in Paging File | 76.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.44 Gb Total Space | 268.88 Gb Free Space | 59.69% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 246.55 Gb Free Space | 52.93% Space Free | Partition Type: NTFS
Drive E: | 254.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: LORNA-PC | User Name: Lorna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Lorna\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Lorna\AppData\Roaming\Dashlane\Dashlane.exe ()
PRC - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
PRC - C:\Users\Lorna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe (Comodo Security Solutions Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe (GlavSoft LLC.)
PRC - C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SpeedBit Ltd.)
PRC - C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\WTClient.exe (Tablet Driver)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - c:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
PRC - c:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\Dashlane.exe ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.2.2.1.47394.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.2.2.1.47394.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.2.2.1.47394.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.2.2.1.47394.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.2.2.1.47394.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.2.2.1.47394.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.2.2.1.47394.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Windows\SysWOW64\WinTab32.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (DAZContentManagementService) -- C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe ()
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinTabService) -- C:\Windows\SysNative\drivers\WTSrv.exe (Tablet Driver)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (DragonUpdater) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
SRV - (CLPSLauncher) -- C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe (Comodo Security Solutions Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (tvnserver) -- C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe (GlavSoft LLC.)
SRV - (Guard Agent) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (EaseUS Agent) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (VideoAcceleratorService) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SpeedBit Ltd.)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (IGBASVC) -- c:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (CFRMD) -- C:\Windows\SysNative\drivers\CFRMD.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (EUFDDISK) -- C:\Windows\SysNative\drivers\EuFdDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV:64bit: - (EUBKMON) -- C:\Windows\SysNative\drivers\EUBKMON.sys ()
DRV:64bit: - (EUDSKACS) -- C:\Windows\SysNative\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV:64bit: - (EUBAKUP) -- C:\Windows\SysNative\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (silabser) -- C:\Windows\SysNative\drivers\silabser.sys (Silicon Laboratories)
DRV:64bit: - (silabenm) -- C:\Windows\SysNative\drivers\silabenm.sys (Silicon Laboratories)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\drivers\uim_vimx64.sys (Paragon)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows ® 2000 DDK provider)
DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\drivers\RapportKE64.sys (Trusteer Ltd.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (FPSensor) -- C:\Windows\SysNative\drivers\FPSensor.sys (Egistec)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (hidshim) -- C:\Windows\SysNative\drivers\hidshim.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (nuvotonhidgeneric) -- C:\Windows\SysNative\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (UCTblHid) -- C:\Windows\SysNative\drivers\UCTblHid.sys (Tablet Driver)
DRV:64bit: - (TClass2k) -- C:\Windows\SysNative\drivers\TClass2k.sys (Tablet Driver)
DRV:64bit: - (PTSimHid) -- C:\Windows\SysNative\drivers\PTSimHid.sys (PenTablet Driver)
DRV:64bit: - (PTSimBus) -- C:\Windows\SysNative\drivers\PTSimBus.sys (PenTablet Driver)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV - (cleanhlp) -- C:\EEK\Run\cleanhlp64.sys (Emsisoft GmbH)
DRV - (RapportCerberus_43926) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys ()
DRV - (CFRMD) -- C:\Windows\SysWOW64\drivers\CFRMD.sys (Windows ® Win 7 DDK provider)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.)
DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.)
DRV - (usbscan) -- C:\Windows\SysWOW64\drivers\USBSCAN.SYS (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...c8z185t5701w78n
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = Yandex
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...EC-3F8345330960
IE - HKCU\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...AW_enGB378GB379
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://yandex.ru/yan...t={searchTerms}
IE - HKCU\..\SearchScopes\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}: "URL" = http://ws.infospace....=7?_IceUrl=true
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\Moikrug: "URL" = http://moikrug.ru/pe...ms}&submitted=1
IE - HKCU\..\SearchScopes\Yandex: "URL" = http://www.google.co...AW_enGB378GB379
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.32: C:\Users\Lorna\AppData\Local\Spoon\3.32.2.12\npMozillaSpoonPlugin.dll (Code Systems Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lorna\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lorna\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/01 08:40:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/02 13:09:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/20 14:20:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/01 08:40:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}: C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} [2013/10/21 09:17:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/20 14:20:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/02/10 13:34:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lorna\AppData\Roaming\Mozilla\Extensions
[2013/10/27 10:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lorna\AppData\Roaming\Mozilla\Firefox\Profiles\nlrnclme.default-1382870013963\extensions
[2013/10/20 14:20:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/10/20 14:20:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/20 14:20:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/10/21 09:17:25 | 000,000,000 | ---D | M] (Dashlane) -- C:\USERS\LORNA\APPDATA\ROAMING\DASHLANE\2.2.1.47394\BIN\FIREFOX_EXTENSION\{442718D9-475E-452A-B3E1-FB1EE16B8E9F}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.addthis.c...n3&clickbacks=1
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lorna\AppData\Local\Google\Chrome\Application\31.0.1650.34\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lorna\AppData\Local\Google\Chrome\Application\31.0.1650.34\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lorna\AppData\Local\Google\Chrome\Application\31.0.1650.34\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Chrome SVD extension (Enabled) = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.4_0\lib/npdownloaderchrome.dll
CHR - plugin: Chrome DAP extension (Enabled) = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.6_0\lib/npdapchrome.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RockMelt Update (Enabled) = C:\Users\Lorna\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll
CHR - plugin: Spoon Plugin (Enabled) = C:\Users\Lorna\AppData\Local\Spoon\3.32.2.12\npMozillaSpoonPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Google Translate = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0\
CHR - Extension: Spybot - Search & Destroy = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmcccagmbagkpbdgpammblejlmiempb\2.0.6.819_0\
CHR - Extension: YouTube = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
CHR - Extension: Google Search = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SpeedBit Video Downloader = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.4_0\
CHR - Extension: avast! WebRep = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Disconnect = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.10.0_0\
CHR - Extension: SpeedBit Search Predict = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea\2.0.2_0\
CHR - Extension: Window Close Protector = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnpifgapnmpninomacbhdlconlpikdai\2.2_0\
CHR - Extension: Dashlane = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjojgglmmcghgaiknnpgjgldgaocjfd\2.2.1.47394_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.2_0\
CHR - Extension: Short URL = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\obbdcmhkndhionekooeeiilbicfdkhml\1.0_0\
CHR - Extension: Instagram for Chrome = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\4.9.1_0\
CHR - Extension: Instagram for Chrome = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\4.9.2_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.3_0\
CHR - Extension: Gmail = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012/08/17 07:48:50 | 000,443,169 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts:     127.0.0.1 activate.adobe.com
O1 - Hosts:     127.0.0.1 practivate.adobe.com
O1 - Hosts:     127.0.0.1 ereg.adobe.com
O1 - Hosts:     127.0.0.1 activate.wip3.adobe.com
O1 - Hosts:     127.0.0.1 wip3.adobe.com
O1 - Hosts:     127.0.0.1 3dns-3.adobe.com
O1 - Hosts:     127.0.0.1 3dns-2.adobe.com
O1 - Hosts:     127.0.0.1 adobe-dns.adobe.com
O1 - Hosts:     127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts:     127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts:     127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts:     127.0.0.1 activate-sea.adobe.com
O1 - Hosts:     127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts:     127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts:     127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 15224 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files (x86)\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (Dashlane BHO) - {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - C:\Users\Lorna\AppData\Roaming\Dashlane\ie\Dashlanei.dll (Dashlane)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (SBCONVERT Class) - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU4E\tbcore3.dll ()
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU4E\Grabber.dll (SpeedBit)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU4E\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU4E\tbcore3.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKCU..\Run: [Dashlane] C:\Users\Lorna\AppData\Roaming\Dashlane\Dashlane.exe ()
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O4 - Startup: C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lorna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: fellfromgrace.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{143FF0DD-2870-4386-A8BB-C8C13DD9AC08}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{454243BE-109D-452A-96DD-5779CAC699AD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{454243BE-109D-452A-96DD-5779CAC699AD}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Value error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/03 12:02:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lorna\Desktop\OTL.exe
[2013/11/03 11:58:56 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Lorna\Desktop\aswMBR.exe
[2013/10/29 10:54:07 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Lorna\Desktop\HijackThis.exe
[2013/10/27 10:52:51 | 000,000,000 | ---D | C] -- C:\Users\Lorna\AppData\Roaming\DesktopIconForAmazon
[2013/10/27 10:49:03 | 000,000,000 | ---D | C] -- C:\EEK
[2013/10/27 10:34:01 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Desktop\Old Firefox Data
[2013/10/25 18:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Nevercenter
[2013/10/25 17:58:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CameraBag 2
[2013/10/25 15:15:28 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\My Collages
[2013/10/24 21:26:29 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2013/10/24 21:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/10/24 16:43:58 | 000,000,000 | ---D | C] -- C:\3a3f13d26556370d06bc1f
[2013/10/24 16:20:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/10/22 11:33:01 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\word docs
[2013/10/22 11:32:20 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\pageplus stuff
[2013/10/22 11:31:21 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\robfossett
[2013/10/22 11:22:34 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\ie6 only
[2013/10/22 11:22:34 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\IE Kaleidoscope
[2013/10/22 11:22:21 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\Font Groups
[2013/10/22 11:22:21 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\flipphotos
[2013/10/22 11:22:20 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\files
[2013/10/22 11:18:40 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\data
[2013/10/22 11:18:36 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\com.nevercenter.camerabag2
[2013/10/22 11:15:43 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\Arcade Deluxe
[2013/10/22 11:15:43 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\application forms
[2013/10/22 11:15:43 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\Anvsoft
[2013/10/22 11:15:42 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\Amazon MP3
[2013/10/22 11:15:24 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\accounts excel
[2013/10/22 11:15:19 | 000,530,528 | ---- | C] (Yahoo! Inc.) -- C:\Users\Lorna\Documents\yahoo_installer.exe
[2013/10/22 11:15:12 | 002,500,664 | ---- | C] (CyberDefender Corp.) -- C:\Users\Lorna\Documents\toolbar_v2toolbarsite.exe
[2013/10/22 11:15:07 | 022,690,600 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Lorna\Documents\SkypeSetup.exe
[2013/10/22 11:14:59 | 018,649,560 | ---- | C] (eBay                                                        ) -- C:\Users\Lorna\Documents\setupUK.exe
[2013/10/22 11:14:57 | 006,798,200 | ---- | C] (Brajusta Publishing, Inc.                                   ) -- C:\Users\Lorna\Documents\setup.exe
[2013/10/22 11:14:31 | 005,911,719 | ---- | C] (Free-Software-Forever.com) -- C:\Users\Lorna\Documents\googlein24.exe
[2013/10/22 11:14:25 | 011,028,800 | ---- | C] (Flock) -- C:\Users\Lorna\Documents\flock-2.0b2.en-US.win32.exe
[2013/10/21 17:33:07 | 000,000,000 | ---D | C] -- C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
[2013/10/21 17:31:50 | 000,000,000 | ---D | C] -- C:\Users\Lorna\AppData\Roaming\Dashlane
[2013/10/20 14:20:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/10/19 12:33:25 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\DAZ 3D
[2013/10/19 12:24:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My DAZ 3D Library
[2013/10/19 12:18:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAZ 3D
[2013/10/19 12:03:05 | 000,000,000 | ---D | C] -- C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
[2013/10/19 12:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\DAZ 3D
[2013/10/19 12:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\DAZ 3D
[2013/10/19 10:26:16 | 000,057,096 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2009/08/22 08:44:20 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[1 C:\Users\Lorna\Documents\*.tmp files -> C:\Users\Lorna\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/03 12:50:52 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/11/03 12:34:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/03 12:34:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1062119836-663356838-3640058548-1001UA.job
[2013/11/03 12:06:41 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1062119836-663356838-3640058548-1001Core.job
[2013/11/03 12:06:27 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/03 12:06:27 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/03 12:04:14 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/03 12:03:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/03 12:02:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lorna\Desktop\OTL.exe
[2013/11/03 11:59:04 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Lorna\Desktop\aswMBR.exe
[2013/11/03 11:58:42 | 000,891,184 | ---- | M] () -- C:\Users\Lorna\Desktop\SecurityCheck.exe
[2013/11/03 11:51:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/01 18:27:47 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/10/30 18:42:27 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2013/10/30 18:42:27 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2013/10/30 18:35:39 | 000,000,436 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013/10/30 18:34:17 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/10/30 18:33:51 | 3217,235,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/30 18:33:49 | 576,721,544 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/10/29 10:54:05 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Lorna\Desktop\HijackThis.exe
[2013/10/29 10:10:58 | 000,797,238 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/29 10:10:58 | 000,677,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/29 10:10:58 | 000,130,846 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/28 10:52:02 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\Paragon Archive name arc_080112231151836.job
[2013/10/27 15:49:48 | 000,002,145 | ---- | M] () -- C:\Users\Lorna\Desktop\avast! Free Antivirus 8.0.1489 Setup.lnk
[2013/10/27 14:46:41 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/27 10:55:07 | 000,002,370 | ---- | M] () -- C:\Users\Lorna\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/27 10:55:07 | 000,002,368 | ---- | M] () -- C:\Users\Lorna\Desktop\Google Chrome.lnk
[2013/10/27 10:52:52 | 000,001,482 | ---- | M] () -- C:\Users\Lorna\Desktop\Amazon.lnk
[2013/10/27 10:52:52 | 000,001,482 | ---- | M] () -- C:\Users\Lorna\Application Data\Microsoft\Internet Explorer\Quick Launch\Amazon.lnk
[2013/10/27 10:50:45 | 000,000,586 | ---- | M] () -- C:\Users\Lorna\Desktop\Emsisoft Emergency Kit.lnk
[2013/10/24 16:37:01 | 000,783,150 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/21 19:25:52 | 000,032,399 | ---- | M] () -- C:\Windows\Q-Dir.ini
[2013/10/21 19:21:24 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2013/10/21 17:33:07 | 000,002,019 | ---- | M] () -- C:\Users\Lorna\Desktop\Dashlane.lnk
[2013/10/20 18:59:46 | 000,002,087 | ---- | M] () -- C:\Users\Lorna\Desktop\DAZ 3D Install Manager 1.lnk
[2013/10/19 12:24:31 | 000,000,974 | ---- | M] () -- C:\Users\Lorna\Desktop\DAZ Studio 4.6 (64-bit).lnk
[2013/10/19 11:03:56 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/19 11:03:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/19 10:26:23 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2013/10/19 10:26:16 | 000,057,096 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2013/10/15 23:07:31 | 000,033,184 | ---- | M] () -- C:\Users\Lorna\Documents\cc_20131016_000724.reg
[1 C:\Users\Lorna\Documents\*.tmp files -> C:\Users\Lorna\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/11/03 11:58:44 | 000,891,184 | ---- | C] () -- C:\Users\Lorna\Desktop\SecurityCheck.exe
[2013/10/27 15:49:47 | 000,002,145 | ---- | C] () -- C:\Users\Lorna\Desktop\avast! Free Antivirus 8.0.1489 Setup.lnk
[2013/10/27 14:46:41 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/27 10:55:07 | 000,002,368 | ---- | C] () -- C:\Users\Lorna\Desktop\Google Chrome.lnk
[2013/10/27 10:52:52 | 000,001,482 | ---- | C] () -- C:\Users\Lorna\Desktop\Amazon.lnk
[2013/10/27 10:52:52 | 000,001,482 | ---- | C] () -- C:\Users\Lorna\Application Data\Microsoft\Internet Explorer\Quick Launch\Amazon.lnk
[2013/10/27 10:49:58 | 000,000,586 | ---- | C] () -- C:\Users\Lorna\Desktop\Emsisoft Emergency Kit.lnk
[2013/10/25 17:58:48 | 000,002,991 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CameraBag 2.lnk
[2013/10/22 11:15:20 | 005,505,155 | ---- | C] () -- C:\Users\Lorna\Documents\ZinioReader4.air
[2013/10/22 11:15:19 | 000,006,195 | ---- | C] () -- C:\Users\Lorna\Documents\xmas2012.html
[2013/10/22 11:15:18 | 007,919,073 | ---- | C] () -- C:\Users\Lorna\Documents\Weave-ItBkTwo.pdf
[2013/10/22 11:15:18 | 003,956,220 | ---- | C] (                                                            ) -- C:\Users\Lorna\Documents\webgobbler126_setup.exe
[2013/10/22 11:15:18 | 000,256,521 | ---- | C] () -- C:\Users\Lorna\Documents\Winged Pig Crochet Pattern - Flying Pigs Crochet Pattern.mht
[2013/10/22 11:15:18 | 000,111,060 | ---- | C] () -- C:\Users\Lorna\Documents\WM0270.pdf
[2013/10/22 11:15:18 | 000,032,159 | ---- | C] () -- C:\Users\Lorna\Documents\Welcome to.png
[2013/10/22 11:15:18 | 000,008,500 | ---- | C] () -- C:\Users\Lorna\Documents\wordchart1.pdf
[2013/10/22 11:15:17 | 008,679,978 | ---- | C] () -- C:\Users\Lorna\Documents\Weave-ItBkThree.pdf
[2013/10/22 11:15:16 | 000,786,846 | ---- | C] () -- C:\Users\Lorna\Documents\vintage_knitting_tips.pdf
[2013/10/22 11:15:14 | 007,850,491 | ---- | C] () -- C:\Users\Lorna\Documents\vichallflyerfinal.ppp
[2013/10/22 11:15:14 | 006,729,331 | ---- | C] () -- C:\Users\Lorna\Documents\vertigo-source.png
[2013/10/22 11:15:14 | 000,145,212 | ---- | C] () -- C:\Users\Lorna\Documents\vertigo-logo-source.png
[2013/10/22 11:15:13 | 001,323,805 | ---- | C] () -- C:\Users\Lorna\Documents\tyroknit.pdf
[2013/10/22 11:15:13 | 000,852,185 | ---- | C] () -- C:\Users\Lorna\Documents\vertigo-footer-source.png
[2013/10/22 11:15:13 | 000,086,999 | ---- | C] () -- C:\Users\Lorna\Documents\Untitled-2.ai
[2013/10/22 11:15:13 | 000,006,219 | ---- | C] () -- C:\Users\Lorna\Documents\Untitled.htm
[2013/10/22 11:15:13 | 000,000,652 | ---- | C] () -- C:\Users\Lorna\Documents\Untitled-1.ai
[2013/10/22 11:15:11 | 007,070,390 | ---- | C] () -- C:\Users\Lorna\Documents\TheWeave-ItBook.pdf
[2013/10/22 11:15:11 | 000,000,163 | ---- | C] () -- C:\Users\Lorna\Documents\timesheet_20090216.csv
[2013/10/22 11:15:10 | 002,809,683 | ---- | C] () -- C:\Users\Lorna\Documents\testpdf.PDF
[2013/10/22 11:15:10 | 000,080,482 | ---- | C] () -- C:\Users\Lorna\Documents\tgest.xps
[2013/10/22 11:15:10 | 000,000,096 | ---- | C] () -- C:\Users\Lorna\Documents\test.key.prepare
[2013/10/22 11:15:09 | 003,761,664 | ---- | C] () -- C:\Users\Lorna\Documents\test.exe
[2013/10/22 11:15:09 | 000,001,207 | ---- | C] () -- C:\Users\Lorna\Documents\test.ebp
[2013/10/22 11:15:09 | 000,000,096 | ---- | C] () -- C:\Users\Lorna\Documents\test.key
[2013/10/22 11:15:08 | 001,690,966 | ---- | C] () -- C:\Users\Lorna\Documents\surveys.pdf
[2013/10/22 11:15:08 | 000,650,583 | ---- | C] () -- C:\Users\Lorna\Documents\TechniqueColoredPencil.pdf
[2013/10/22 11:15:08 | 000,557,191 | ---- | C] () -- C:\Users\Lorna\Documents\stitchy.pdf
[2013/10/22 11:15:08 | 000,364,234 | ---- | C] () -- C:\Users\Lorna\Documents\steampunkflier.png
[2013/10/22 11:15:08 | 000,329,320 | ---- | C] () -- C:\Users\Lorna\Documents\steamunkflier2.png
[2013/10/22 11:15:08 | 000,056,028 | ---- | C] () -- C:\Users\Lorna\Documents\sv_028.jpg
[2013/10/22 11:15:08 | 000,025,574 | ---- | C] () -- C:\Users\Lorna\Documents\swfobject.js
[2013/10/22 11:15:08 | 000,015,263 | ---- | C] () -- C:\Users\Lorna\Documents\steamstam tables.svg
[2013/10/22 11:15:08 | 000,011,906 | ---- | C] () -- C:\Users\Lorna\Documents\steamstam tables.pdf
[2013/10/22 11:15:07 | 003,144,125 | ---- | C] () -- C:\Users\Lorna\Documents\Spool221.pdf
[2013/10/22 11:15:07 | 002,196,497 | ---- | C] () -- C:\Users\Lorna\Documents\steampunk-bug.pdf
[2013/10/22 11:15:07 | 000,060,235 | ---- | C] () -- C:\Users\Lorna\Documents\stamford-artisans-guild-logo.jpg
[2013/10/22 11:15:07 | 000,009,469 | ---- | C] () -- C:\Users\Lorna\Documents\star_template.pdf
[2013/10/22 11:15:00 | 011,973,628 | ---- | C] () -- C:\Users\Lorna\Documents\showcase-source.png
[2013/10/22 11:15:00 | 000,055,038 | ---- | C] () -- C:\Users\Lorna\Documents\shkdd10.zip
[2013/10/22 11:14:56 | 000,103,326 | ---- | C] () -- C:\Users\Lorna\Documents\Sea%20Breeze%20Angelina%20instructions.pdf
[2013/10/22 11:14:56 | 000,034,959 | ---- | C] () -- C:\Users\Lorna\Documents\SEASCAPEPEYOTE.png
[2013/10/22 11:14:56 | 000,029,223 | ---- | C] () -- C:\Users\Lorna\Documents\SEASCAPELOOM.png
[2013/10/22 11:14:55 | 001,769,648 | ---- | C] () -- C:\Users\Lorna\Documents\saSetup.exe
[2013/10/22 11:14:54 | 001,252,686 | ---- | C] () -- C:\Users\Lorna\Documents\SAGEBACK010508.002
[2013/10/22 11:14:53 | 001,651,183 | ---- | C] () -- C:\Users\Lorna\Documents\rt_infuse_j15.tgz
[2013/10/22 11:14:53 | 001,561,078 | ---- | C] () -- C:\Users\Lorna\Documents\rt_vertigo_j15.tgz
[2013/10/22 11:14:52 | 001,190,402 | ---- | C] () -- C:\Users\Lorna\Documents\rt_affinity_j15.tgz
[2013/10/22 11:14:52 | 000,193,534 | ---- | C] () -- C:\Users\Lorna\Documents\replicant2-source.png
[2013/10/22 11:14:52 | 000,142,251 | ---- | C] () -- C:\Users\Lorna\Documents\Render 1.png
[2013/10/22 11:14:52 | 000,007,834 | ---- | C] () -- C:\Users\Lorna\Documents\rabbit2.png
[2013/10/22 11:14:51 | 000,114,202 | ---- | C] () -- C:\Users\Lorna\Documents\phtos unusul.nri
[2013/10/22 11:14:51 | 000,042,836 | ---- | C] () -- C:\Users\Lorna\Documents\PIXL_E.zip
[2013/10/22 11:14:51 | 000,014,915 | ---- | C] () -- C:\Users\Lorna\Documents\pic for payperhour.gif
[2013/10/22 11:14:50 | 006,213,246 | ---- | C] () -- C:\Users\Lorna\Documents\Photo Album.wmv
[2013/10/22 11:14:50 | 000,043,319 | ---- | C] () -- C:\Users\Lorna\Documents\penguin peyote.png
[2013/10/22 11:14:50 | 000,035,309 | ---- | C] () -- C:\Users\Lorna\Documents\penguin loom.png
[2013/10/22 11:14:50 | 000,026,816 | ---- | C] () -- C:\Users\Lorna\Documents\pdftedst.pdf
[2013/10/22 11:14:50 | 000,000,257 | R--- | C] () -- C:\Users\Lorna\Documents\PC Support.url
[2013/10/22 11:14:50 | 000,000,000 | ---- | C] () -- C:\Users\Lorna\Documents\PDFVistaPort
[2013/10/22 11:14:49 | 007,364,137 | ---- | C] () -- C:\Users\Lorna\Documents\orwell145b.exe
[2013/10/22 11:14:49 | 000,083,305 | ---- | C] () -- C:\Users\Lorna\Documents\paper doll maryjane.jpg
[2013/10/22 11:14:49 | 000,075,404 | R--- | C] () -- C:\Users\Lorna\Documents\Order-10527301-Docs-090326maggi.pdf
[2013/10/22 11:14:48 | 000,195,703 | R--- | C] () -- C:\Users\Lorna\Documents\Omotchama.rar
[2013/10/22 11:14:48 | 000,074,773 | R--- | C] () -- C:\Users\Lorna\Documents\Order-10520030-Docs-120335 Katrina .pdf
[2013/10/22 11:14:48 | 000,042,943 | ---- | C] () -- C:\Users\Lorna\Documents\oldtimeladypeyote.png
[2013/10/22 11:14:48 | 000,035,888 | ---- | C] () -- C:\Users\Lorna\Documents\oldtimeladyloom.png
[2013/10/22 11:14:46 | 058,615,296 | ---- | C] () -- C:\Users\Lorna\Documents\NOF-Essentials.exe
[2013/10/22 11:14:46 | 000,139,356 | ---- | C] () -- C:\Users\Lorna\Documents\NLP.zip
[2013/10/22 11:14:45 | 000,699,591 | ---- | C] () -- C:\Users\Lorna\Documents\Mysnowflakes.rtf
[2013/10/22 11:14:45 | 000,694,574 | ---- | C] () -- C:\Users\Lorna\Documents\nettie.png
[2013/10/22 11:14:45 | 000,351,585 | ---- | C] () -- C:\Users\Lorna\Documents\Mysnowflakes.pdf
[2013/10/22 11:14:45 | 000,187,007 | ---- | C] () -- C:\Users\Lorna\Documents\mysignature.png
[2013/10/22 11:14:45 | 000,161,621 | ---- | C] () -- C:\Users\Lorna\Documents\mywatchmanual.pdf
[2013/10/22 11:14:45 | 000,037,445 | ---- | C] () -- C:\Users\Lorna\Documents\MyMicroBalance2006.mmb
[2013/10/22 11:14:45 | 000,037,426 | ---- | C] () -- C:\Users\Lorna\Documents\MyMicroBalance2006.mmb.backup2
[2013/10/22 11:14:45 | 000,030,600 | ---- | C] () -- C:\Users\Lorna\Documents\MyMicroBalance2006.mmb.backup1
[2013/10/22 11:14:45 | 000,028,283 | ---- | C] () -- C:\Users\Lorna\Documents\MyMicroBalance2007.mmb
[2013/10/22 11:14:45 | 000,000,559 | ---- | C] () -- C:\Users\Lorna\Documents\My Sharing Folders.lnk
[2013/10/22 11:14:44 | 007,268,458 | ---- | C] () -- C:\Users\Lorna\Documents\Migrated Documents Report.csv
[2013/10/22 11:14:44 | 000,062,535 | ---- | C] () -- C:\Users\Lorna\Documents\modules-source.png
[2013/10/22 11:14:44 | 000,041,462 | ---- | C] () -- C:\Users\Lorna\Documents\Microsoft Word - r conboy webvert march 08.pdf
[2013/10/22 11:14:43 | 020,029,198 | ---- | C] () -- C:\Users\Lorna\Documents\Merry Christmas2.wmv
[2013/10/22 11:14:42 | 012,845,162 | ---- | C] () -- C:\Users\Lorna\Documents\Merry Christmas.wmv
[2013/10/22 11:14:42 | 000,182,928 | ---- | C] () -- C:\Users\Lorna\Documents\Making Wool Felt Booties.mht
[2013/10/22 11:14:42 | 000,140,974 | ---- | C] () -- C:\Users\Lorna\Documents\magicbutton.zip
[2013/10/22 11:14:42 | 000,103,521 | ---- | C] () -- C:\Users\Lorna\Documents\lv pl airInsurancePdf_2012.pdf
[2013/10/22 11:14:42 | 000,054,102 | ---- | C] () -- C:\Users\Lorna\Documents\menu-dropdown-source.png
[2013/10/22 11:14:42 | 000,023,034 | ---- | C] () -- C:\Users\Lorna\Documents\lv signature.png
[2013/10/22 11:14:40 | 002,171,605 | ---- | C] () -- C:\Users\Lorna\Documents\LoaderBackup-(2012-07-13)-3.bbb
[2013/10/22 11:14:40 | 002,169,420 | ---- | C] () -- C:\Users\Lorna\Documents\LoaderBackup-(2012-07-13)-2.bbb
[2013/10/22 11:14:40 | 002,169,411 | ---- | C] () -- C:\Users\Lorna\Documents\LoaderBackup-(2012-07-13).bbb
[2013/10/22 11:14:40 | 000,010,826 | ---- | C] () -- C:\Users\Lorna\Documents\logo.png
[2013/10/22 11:14:40 | 000,006,433 | ---- | C] () -- C:\Users\Lorna\Documents\logo1.gif
[2013/10/22 11:14:40 | 000,005,437 | ---- | C] () -- C:\Users\Lorna\Documents\logo-alt.png
[2013/10/22 11:14:40 | 000,000,681 | ---- | C] () -- C:\Users\Lorna\Documents\Lorna - Shortcut.lnk
[2013/10/22 11:14:39 | 007,108,414 | ---- | C] () -- C:\Users\Lorna\Documents\lasvegas.craft
[2013/10/22 11:14:39 | 002,169,408 | ---- | C] () -- C:\Users\Lorna\Documents\LoaderBackup-(2012-07-13)-1.bbb
[2013/10/22 11:14:39 | 002,125,788 | ---- | C] () -- C:\Users\Lorna\Documents\len and nell page 11 i think cmyk.pdf
[2013/10/22 11:14:39 | 000,202,368 | ---- | C] () -- C:\Users\Lorna\Documents\LayoutTool - Legacy.pdf
[2013/10/22 11:14:39 | 000,024,551 | ---- | C] () -- C:\Users\Lorna\Documents\lasvegaslv.jpg
[2013/10/22 11:14:38 | 010,469,136 | ---- | C] () -- C:\Users\Lorna\Documents\largexmas2011.craft
[2013/10/22 11:14:38 | 004,280,249 | ---- | C] () -- C:\Users\Lorna\Documents\joomla_15_quickstart.pdf
[2013/10/22 11:14:38 | 000,489,432 | ---- | C] () -- C:\Users\Lorna\Documents\IS SHAKESPEARE DEAD.pdf
[2013/10/22 11:14:38 | 000,122,285 | ---- | C] () -- C:\Users\Lorna\Documents\jemjoker.png
[2013/10/22 11:14:38 | 000,025,102 | ---- | C] () -- C:\Users\Lorna\Documents\JumpingJacks.pdf
[2013/10/22 11:14:38 | 000,011,379 | ---- | C] () -- C:\Users\Lorna\Documents\JumpingJacks(1).pdf
[2013/10/22 11:14:36 | 001,755,757 | ---- | C] () -- C:\Users\Lorna\Documents\Inside Front Cover.pdf
[2013/10/22 11:14:36 | 000,271,884 | ---- | C] () -- C:\Users\Lorna\Documents\invite square copy.jpg
[2013/10/22 11:14:36 | 000,083,274 | ---- | C] () -- C:\Users\Lorna\Documents\install_7-zip_.exe
[2013/10/22 11:14:35 | 002,019,964 | ---- | C] () -- C:\Users\Lorna\Documents\inside back cover cmyk.pdf
[2013/10/22 11:14:35 | 000,804,036 | ---- | C] () -- C:\Users\Lorna\Documents\Image3.psp
[2013/10/22 11:14:34 | 038,197,265 | ---- | C] () -- C:\Users\Lorna\Documents\hhswholething.pdf
[2013/10/22 11:14:34 | 001,669,393 | ---- | C] () -- C:\Users\Lorna\Documents\High-Raw-Kevin-Gianni.pdf
[2013/10/22 11:14:34 | 000,001,361 | ---- | C] () -- C:\Users\Lorna\Documents\hosts
[2013/10/22 11:14:31 | 000,513,317 | ---- | C] () -- C:\Users\Lorna\Documents\heartsnflowerspng.png
[2013/10/22 11:14:31 | 000,186,339 | ---- | C] () -- C:\Users\Lorna\Documents\Hearts.pdf
[2013/10/22 11:14:31 | 000,121,673 | ---- | C] () -- C:\Users\Lorna\Documents\HEARTSfinal layout.pdf
[2013/10/22 11:14:31 | 000,020,769 | ---- | C] () -- C:\Users\Lorna\Documents\Heart_templates.pdf
[2013/10/22 11:14:28 | 000,695,282 | ---- | C] () -- C:\Users\Lorna\Documents\GoogleAdwordsProduct.zip
[2013/10/22 11:14:28 | 000,324,804 | ---- | C] () -- C:\Users\Lorna\Documents\front cover cmyk.pdf
[2013/10/22 11:14:28 | 000,045,708 | ---- | C] () -- C:\Users\Lorna\Documents\girl1lpey.png
[2013/10/22 11:14:28 | 000,037,505 | ---- | C] () -- C:\Users\Lorna\Documents\girl1loom.png
[2013/10/22 11:14:28 | 000,002,390 | ---- | C] () -- C:\Users\Lorna\Documents\glutole.hottnote
[2013/10/22 11:14:27 | 015,425,536 | ---- | C] () -- C:\Users\Lorna\Documents\From the time I was a little girl.pps
[2013/10/22 11:14:25 | 001,313,030 | ---- | C] () -- C:\Users\Lorna\Documents\flowersp.bmp
[2013/10/22 11:14:25 | 000,202,368 | ---- | C] () -- C:\Users\Lorna\Documents\flower.pdf
[2013/10/22 11:14:25 | 000,201,436 | ---- | C] () -- C:\Users\Lorna\Documents\floral1peyote1.pdf
[2013/10/22 11:14:25 | 000,196,909 | ---- | C] () -- C:\Users\Lorna\Documents\flower1
[2013/10/22 11:14:25 | 000,113,685 | ---- | C] () -- C:\Users\Lorna\Documents\fox2crop.JPG
[2013/10/22 11:14:25 | 000,104,770 | ---- | C] () -- C:\Users\Lorna\Documents\floralpeyote v2.pdf
[2013/10/22 11:14:25 | 000,100,773 | ---- | C] () -- C:\Users\Lorna\Documents\floral1 peyote1.pdf
[2013/10/22 11:14:25 | 000,100,692 | ---- | C] () -- C:\Users\Lorna\Documents\floral1.pdf
[2013/10/22 11:14:25 | 000,009,948 | ---- | C] () -- C:\Users\Lorna\Documents\flower_template.pdf
[2013/10/22 11:14:24 | 000,215,381 | ---- | C] () -- C:\Users\Lorna\Documents\FlipBook3DMain.swf
[2013/10/22 11:14:24 | 000,138,468 | ---- | C] () -- C:\Users\Lorna\Documents\farm1a.JPG
[2013/10/22 11:14:23 | 000,089,180 | ---- | C] () -- C:\Users\Lorna\Documents\Fact Find 2 TESTGeneral.pdf
[2013/10/22 11:14:23 | 000,068,240 | ---- | C] () -- C:\Users\Lorna\Documents\Fact Find 2test1l.pdf
[2013/10/22 11:14:22 | 004,868,248 | ---- | C] () -- C:\Users\Lorna\Documents\ETSToysA.pdf
[2013/10/22 11:14:22 | 002,717,291 | ---- | C] () -- C:\Users\Lorna\Documents\ETSToysB.pdf
[2013/10/22 11:14:22 | 000,606,891 | ---- | C] () -- C:\Users\Lorna\Documents\Elfic_doll.pdf
[2013/10/22 11:14:22 | 000,334,132 | ---- | C] () -- C:\Users\Lorna\Documents\Etsy  sylver  Sylver Designs.mht
[2013/10/22 11:14:21 | 000,925,138 | ---- | C] () -- C:\Users\Lorna\Documents\edge.xps
[2013/10/22 11:14:21 | 000,112,236 | ---- | C] () -- C:\Users\Lorna\Documents\DVLA Vehicle Licensing Online  Apply for a tax disc NOW.mht
[2013/10/22 11:14:21 | 000,034,652 | ---- | C] () -- C:\Users\Lorna\Documents\earlylady1peyote.png
[2013/10/22 11:14:21 | 000,029,265 | ---- | C] () -- C:\Users\Lorna\Documents\earlylady1loom.png
[2013/10/22 11:14:21 | 000,016,137 | ---- | C] () -- C:\Users\Lorna\Documents\decoladypeyote.png
[2013/10/22 11:14:21 | 000,013,977 | ---- | C] () -- C:\Users\Lorna\Documents\decoladyloom.png
[2013/10/22 11:14:21 | 000,013,396 | ---- | C] () -- C:\Users\Lorna\Documents\dvlalicenceapp.pdf
[2013/10/22 11:14:21 | 000,002,322 | ---- | C] () -- C:\Users\Lorna\Documents\Document2.wpd
[2013/10/22 11:14:20 | 004,017,882 | ---- | C] () -- C:\Users\Lorna\Documents\CTMJanFeb08 FINAL.pdf
[2013/10/22 11:14:20 | 000,002,859 | ---- | C] () -- C:\Users\Lorna\Documents\dddd.csv
[2013/10/22 11:14:19 | 000,023,005 | ---- | C] () -- C:\Users\Lorna\Documents\CTFEB07CrochetFroggyHatCheerioEssentials.pdf
[2013/10/22 11:14:18 | 000,292,350 | ---- | C] () -- C:\Users\Lorna\Documents\Crocheted Frog Treasure Pocket.mht
[2013/10/22 11:14:17 | 000,166,321 | ---- | C] () -- C:\Users\Lorna\Documents\copyrightnotice.pdf
[2013/10/22 11:14:16 | 003,559,424 | ---- | C] () -- C:\Users\Lorna\Documents\Charitable contributions.accdb
[2013/10/22 11:14:14 | 043,144,704 | ---- | C] () -- C:\Users\Lorna\Documents\CGSX3SP2.msp
[2013/10/22 11:14:14 | 029,478,912 | ---- | C] () -- C:\Users\Lorna\Documents\CGSX3SP1.msp
[2013/10/22 11:14:07 | 001,107,100 | ---- | C] () -- C:\Users\Lorna\Documents\CD30 BUTTERFLY KINETIC SWING CA.svg
[2013/10/22 11:14:06 | 000,480,086 | ---- | C] () -- C:\Users\Lorna\Documents\Card07.pdf
[2013/10/22 11:14:06 | 000,319,332 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20130614_200931.reg
[2013/10/22 11:14:06 | 000,101,094 | ---- | C] () -- C:\Users\Lorna\Documents\CD30 BUTTERFLY KINETIC SWING CA.pdf
[2013/10/22 11:14:06 | 000,094,760 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20130717_222003.reg
[2013/10/22 11:14:06 | 000,062,746 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20130614_202503.reg
[2013/10/22 11:14:06 | 000,050,750 | ---- | C] () -- C:\Users\Lorna\Documents\cctreescrop.JPG
[2013/10/22 11:14:06 | 000,033,184 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20131016_000724.reg
[2013/10/22 11:14:06 | 000,030,030 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20111214_181813.reg
[2013/10/22 11:14:06 | 000,018,942 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20130902_153501.reg
[2013/10/22 11:14:06 | 000,007,302 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20120108_154432.reg
[2013/10/22 11:14:06 | 000,005,750 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20130614_203430.reg
[2013/10/22 11:14:05 | 001,998,134 | ---- | C] () -- C:\Users\Lorna\Documents\broadsheetsteampunk.pdf
[2013/10/22 11:14:05 | 000,467,168 | ---- | C] () -- C:\Users\Lorna\Documents\Card06.pdf
[2013/10/22 11:14:05 | 000,315,773 | ---- | C] () -- C:\Users\Lorna\Documents\Card04.pdf
[2013/10/22 11:14:05 | 000,138,078 | ---- | C] () -- C:\Users\Lorna\Documents\bookmarks_10_02_2012.html
[2013/10/22 11:14:05 | 000,100,676 | ---- | C] () -- C:\Users\Lorna\Documents\Bulk_Certificate_Posting_Signature.pdf
[2013/10/22 11:14:05 | 000,036,419 | ---- | C] () -- C:\Users\Lorna\Documents\calendar_organizer_months.pdf
[2013/10/22 11:14:05 | 000,036,385 | ---- | C] () -- C:\Users\Lorna\Documents\Bulk_Certificate_Posting_Standard.pdf
[2013/10/22 11:14:04 | 011,721,211 | ---- | C] () -- C:\Users\Lorna\Documents\bigbadges.craft
[2013/10/22 11:14:04 | 001,581,606 | ---- | C] () -- C:\Users\Lorna\Documents\Bookkeeping
[2013/10/22 11:14:03 | 002,807,643 | ---- | C] () -- C:\Users\Lorna\Documents\BABYmocsBtys.pdf
[2013/10/22 11:14:03 | 000,305,408 | ---- | C] () -- C:\Users\Lorna\Documents\banner.png
[2013/10/22 11:14:02 | 010,676,572 | ---- | C] () -- C:\Users\Lorna\Documents\auctamerpro.exe
[2013/10/22 11:14:02 | 000,161,621 | ---- | C] () -- C:\Users\Lorna\Documents\B023_ebook.pdf
[2013/10/22 11:14:01 | 010,676,572 | ---- | C] () -- C:\Users\Lorna\Documents\auctamerpro(1).exe
[2013/10/22 11:14:00 | 002,355,200 | ---- | C] () -- C:\Users\Lorna\Documents\amclassical_silent_night.mp3
[2013/10/22 11:14:00 | 000,511,137 | ---- | C] () -- C:\Users\Lorna\Documents\AmazonDealProduct.zip
[2013/10/22 11:13:59 | 004,844,131 | R--- | C] () -- C:\Users\Lorna\Documents\Alien_Blaster_PePaKuRa_File_by_billybob884.rar
[2013/10/22 11:13:59 | 003,533,600 | ---- | C] () -- C:\Users\Lorna\Documents\alice1.ppp
[2013/10/22 11:13:59 | 001,231,224 | ---- | C] () -- C:\Users\Lorna\Documents\agendusstd_ota_en.prc
[2013/10/22 11:13:59 | 000,161,278 | ---- | C] () -- C:\Users\Lorna\Documents\aglaciercrop.JPG
[2013/10/22 11:13:59 | 000,109,943 | ---- | C] () -- C:\Users\Lorna\Documents\alicewivbaby.jpg
[2013/10/22 11:13:59 | 000,059,844 | ---- | C] () -- C:\Users\Lorna\Documents\Absolut_Pro_Bold.otf
[2013/10/22 11:13:59 | 000,000,406 | ---- | C] () -- C:\Users\Lorna\Documents\348059.vcf
[2013/10/22 11:13:59 | 000,000,081 | ---- | C] () -- C:\Users\Lorna\Documents\1Click.cfg
[2013/10/22 11:13:58 | 004,485,072 | ---- | C] () -- C:\Users\Lorna\Documents\1940sxmas2.craft
[2013/10/22 11:13:58 | 000,000,364 | ---- | C] () -- C:\Users\Lorna\Documents\08-10-30.sv
[2013/10/21 19:21:23 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2013/10/21 17:33:07 | 000,002,019 | ---- | C] () -- C:\Users\Lorna\Desktop\Dashlane.lnk
[2013/10/20 18:59:46 | 000,002,087 | ---- | C] () -- C:\Users\Lorna\Desktop\DAZ 3D Install Manager 1.lnk
[2013/10/19 12:24:31 | 000,000,974 | ---- | C] () -- C:\Users\Lorna\Desktop\DAZ Studio 4.6 (64-bit).lnk
[2012/05/24 20:24:55 | 000,001,269 | ---- | C] () -- C:\Users\Lorna\.recently-used.xbel
[2012/05/08 18:29:44 | 000,000,132 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2012/03/19 00:24:05 | 000,006,168 | ---- | C] () -- C:\Users\Lorna\AppData\Local\recently-used.xbel
[2012/03/07 20:12:53 | 000,035,328 | ---- | C] () -- C:\Windows\INETWH32.DLL
[2012/03/07 20:12:53 | 000,009,136 | ---- | C] () -- C:\Windows\INETWH16.DLL
[2012/03/07 20:12:53 | 000,004,528 | ---- | C] () -- C:\Windows\SETBROWS.EXE
[2012/03/07 20:06:35 | 000,044,544 | ---- | C] () -- C:\Windows\AWuninstall.exe
[2012/03/04 15:54:23 | 000,002,800 | ---- | C] () -- C:\Users\Lorna\2px-80percentransparencyblack.png
[2012/02/27 21:48:53 | 000,111,661 | ---- | C] () -- C:\Users\Lorna\Image2.jpg
[2012/02/26 17:49:45 | 000,000,084 | ---- | C] () -- C:\Users\Lorna\pathinfo.php
[2012/02/15 14:23:05 | 000,000,092 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2012/02/15 14:18:01 | 000,212,233 | ---- | C] () -- C:\Windows\Photo Pos Pro Uninstaller.exe.bak
[2012/02/12 20:44:55 | 000,172,032 | ---- | C] () -- C:\Users\Lorna\abrViewer.NET.exe
[2012/01/08 15:21:55 | 000,004,800 | ---- | C] () -- C:\ProgramData\NTIRegistry.REG
[2011/12/23 23:32:32 | 000,000,989 | ---- | C] () -- C:\Windows\wininit.ini
[2011/11/21 18:44:45 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/11/21 18:44:45 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/11/05 17:12:38 | 000,543,531 | ---- | C] () -- C:\Users\Lorna\New document 1.2011_11_05_17_12_38.0.svg
[2011/06/22 08:08:33 | 000,000,000 | ---- | C] () -- C:\Users\Lorna\AppData\Local\{5975D6E1-F7BB-4A5D-AD55-1634EB9C6B35}
[2011/06/13 15:12:39 | 000,000,000 | ---- | C] () -- C:\Users\Lorna\AppData\Local\{0DBB6458-1470-4D4F-9753-7EAB03AE0100}
[2011/03/04 12:56:48 | 000,040,907 | ---- | C] () -- C:\Users\Lorna\kitty_headbang.gif
[2011/01/14 22:53:58 | 000,000,132 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/12/19 23:48:49 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/04 21:58:22 | 000,000,837 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\FrameFun.ini
[2010/10/03 16:26:15 | 000,001,456 | ---- | C] () -- C:\Users\Lorna\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/10/03 10:44:53 | 000,006,144 | ---- | C] () -- C:\Users\Lorna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/01 20:42:00 | 000,000,036 | ---- | C] () -- C:\Users\Lorna\AppData\Local\housecall.guid.cache
[2010/09/22 08:57:37 | 000,033,134 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\UserTile.png
[2010/09/13 08:10:50 | 000,149,504 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\SharedSettings.ccs
[2010/08/27 16:51:33 | 000,000,132 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/08/17 11:14:46 | 002,064,206 | ---- | C] () -- C:\Users\Lorna\vichallflyerfinal.pdf
[2010/06/30 16:48:41 | 000,004,943 | ---- | C] () -- C:\ProgramData\pyknfeyt.slj
[2010/06/21 08:25:44 | 000,000,104 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\wklnhst.dat
[2010/05/10 08:55:47 | 000,135,441 | ---- | C] () -- C:\Program Files\VH1946-09.jpg
[2008/01/18 21:23:30 | 000,031,766 | ---- | C] () -- C:\Users\Lorna\20067.tdb
[2008/01/18 21:22:33 | 000,000,407 | ---- | C] () -- C:\Users\Lorna\tbook.properties
 
========== ZeroAccess Check ==========
 
[2009/08/19 09:40:19 | 000,054,458 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1062119836-663356838-3640058548-1001\$R819B5X\My Downloaded Artwork\Metallic Alphabet\L.png
[2009/08/19 09:40:42 | 000,077,456 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1062119836-663356838-3640058548-1001\$R819B5X\My Downloaded Artwork\Metallic Alphabet\N.png
[2009/08/19 09:42:00 | 000,069,609 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1062119836-663356838-3640058548-1001\$R819B5X\My Downloaded Artwork\Metallic Alphabet\U.png
[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 09:59:19 | 014,164,480 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 09:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/02/10 12:09:24 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Avant Downloader
[2012/04/02 13:09:02 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Azureus
[2012/04/02 13:09:02 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\BeadTool
[2012/08/15 20:17:46 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Canon
[2010/07/23 20:43:03 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/02 13:08:04 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Chrysanth
[2010/09/15 20:26:58 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\CoffeeCup Software
[2010/07/27 15:55:43 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/05/10 16:24:20 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Craftwell Inc
[2012/04/02 13:08:05 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\CTdeveloping
[2010/06/18 21:52:46 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\CustomBrushesMini
[2013/10/25 21:57:50 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Dashlane
[2013/10/19 12:33:25 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\DAZ 3D
[2013/10/27 10:52:52 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\DesktopIconForAmazon
[2010/08/11 09:06:07 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\DeviceDoctorSoftware
[2013/11/01 18:26:37 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Dropbox
[2012/05/10 17:06:29 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\eCraftShop Pro
[2012/03/28 20:37:07 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\ExpressFiles
[2010/08/30 19:35:45 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Filter Forge Freepack 3 - Frames
[2012/04/02 13:09:03 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\gtk-2.0
[2011/01/21 23:19:58 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\inkscape
[2011/09/15 15:10:27 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Kaleider
[2012/03/19 20:29:22 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\LumaPix
[2012/04/02 13:09:04 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Maxthon2
[2012/05/02 18:03:16 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\NexusFont
[2010/06/07 01:01:05 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Nuance
[2012/04/05 16:02:11 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\onOne Software
[2012/04/02 13:08:22 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Opera
[2010/09/07 10:00:26 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\PC Suite
[2010/09/22 08:57:36 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\PeerNetworking
[2010/07/19 11:06:22 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\PhotoEchoes
[2012/04/02 13:08:22 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Poser Debut
[2012/04/02 13:09:05 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\PowerCinema
[2012/04/02 13:09:05 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Q-Dir
[2012/04/02 13:08:37 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Serif
[2012/04/02 13:09:06 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\SoftDMA
[2011/09/14 15:34:38 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\SPE
[2010/07/27 20:43:06 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/06/21 08:25:51 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Template
[2012/04/02 13:08:39 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Trusteer
[2012/05/04 20:52:46 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\XnView
[2012/03/30 17:03:32 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Yandex
[2012/04/02 13:08:40 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Zeon
[2011/11/03 10:59:55 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.ADML  >
[2009/07/14 02:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2009/06/10 20:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 06:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/26 06:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 06:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/10/05 15:46:38 | 003,167,656 | ---- | M] (Safer-Networking Ltd.) MD5=0AB68BFCE1579A61C36B79CAAFDCE992 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
[2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 05:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 06:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 12:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 06:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 06:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 05:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 13:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 06:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 05:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 01:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 06:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 06:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 06:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2009/07/14 02:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/14 02:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/14 02:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/14 02:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui
 
< MD5 for: EXPLORER.EXE-03C49D11.PF  >
[2013/10/29 10:56:31 | 000,166,552 | ---- | M] () MD5=3BE6A2DBBA0CE08B15B2285379E9B130 -- C:\Windows\Prefetch\EXPLORER.EXE-03C49D11.pf
 
< MD5 for: IEXPLORE.EXE  >
[2011/11/05 05:28:03 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=0377589BF14A6E5667B730D6D6DB59B4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16912_none_0fae4f323e42a646\iexplore.exe
[2010/09/08 04:36:39 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=14803EA3E5DD7CB37CB446C74CFDA38F -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_1a39121b8bff3c23\iexplore.exe
[2011/04/22 20:15:52 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=281C23EC5BCB1853A5D571F1A6E52FB1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_101e7c5957724e1d\iexplore.exe
[2009/07/14 01:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2011/12/16 08:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=38668C6CADABC9487C683FADD3D165D0 -- C:\Windows\SoftwareDistribution\Download\b0feba321cfd1099562f871d1ce948a1\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16930_none_19eb591872b56d75\iexplore.exe
[2011/08/20 04:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=41FE5E37EFE0B587A688BA0E4FA41288 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_19d3ea0872c5a830\iexplore.exe
[2011/11/05 05:34:31 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=441C397A9ECF07747920F7F5E40B419B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21085_none_0fef13a357968bc7\iexplore.exe
[2010/09/08 05:37:57 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=4879CB864E290BED38C5BDB641144B1B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_0fe467c9579e7a28\iexplore.exe
[2010/09/08 05:49:01 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=498035ABCCF1ED47AE6791D239187587 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_0f6c69ae3e743d20\iexplore.exe
[2010/11/04 05:54:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=58CF468D3FF4CF830339FE5E45356355 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_1a0bc510729d1f54\iexplore.exe
[2010/09/08 04:31:24 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=61EDBCE47ADF3E52AB0B9F49EE4AEBB8 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_19c1140072d4ff1b\iexplore.exe
[2011/04/22 19:29:16 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=64EFAF916C4009F1B84153D0BB491FB0 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_1a0bc6f6729d1c7b\iexplore.exe
[2010/11/04 05:54:59 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6B2258FF6D2332073FE9E90122FA4168 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1a75f2618bd22c48\iexplore.exe
[2011/06/21 06:14:22 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=6B2383EDA3956983E3219A62D8408DAB -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_0fe16ab757a12871\iexplore.exe
[2011/06/21 05:25:30 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6BB506124872ACDFAC5BD912CA1334CE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_1a3615098c01ea6c\iexplore.exe
[2010/12/18 06:17:48 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=700B40EA39DFB25517A81032F03D6D20 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_0fa37b7a3e4ac7e9\iexplore.exe
[2010/11/20 13:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2010/12/18 06:11:10 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=8C6C32E4AF8A3D7155656F5897C504E0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1000d84b5789be20\iexplore.exe
[2011/11/05 04:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=8ED7C19AEFA3673AADB0D6864B03FBCE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16912_none_1a02f98472a36841\iexplore.exe
[2012/02/20 10:18:11 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2012/02/20 10:18:11 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
[2010/12/18 05:32:25 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=9321CF0D023528C71E3645F8433C86C8 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1a55829d8bea801b\iexplore.exe
[2011/06/21 05:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=A3AB0A260049BE22AB52E302D9220A92 -- C:\Windows\ERDNT\cache86\iexplore.exe
[2011/06/21 05:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=A3AB0A260049BE22AB52E302D9220A92 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_19f459cc72ad545d\iexplore.exe
[2011/12/16 08:45:57 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=A3F56CED7B94A30BE8954387F0E2B5D2 -- C:\Windows\SoftwareDistribution\Download\b0feba321cfd1099562f871d1ce948a1\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16930_none_0f96aec63e54ab7a\iexplore.exe
[2011/11/05 04:39:45 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=A8A14CD0CB499B80412F75D53996AE29 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21085_none_1a43bdf58bf74dc2\iexplore.exe
[2010/12/18 05:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AA08B68EF4E35EFA170CF85A44B23B70 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_19f825cc72ab89e4\iexplore.exe
[2011/02/24 05:45:11 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AB2BB40A5FE49AD236791AC22BD08869 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1a9d66118bb386fd\iexplore.exe
[2011/08/20 05:46:07 | 000,696,576 | ---- | M] (Microsoft Corporation) MD5=AC1CC7CD5CBE60EFF105BB3C0DC199C5 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_0f7f3fb63e64e635\iexplore.exe
[2011/06/21 06:21:24 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=B38DE184AC135A4B0AE7D286476FA33F -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_0f9faf7a3e4c9262\iexplore.exe
[2011/02/24 06:29:19 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=B4881B8F6EDB48CABD44BCC9FB5475C4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1048bbbf5752c502\iexplore.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2011/12/16 08:42:35 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=C152529FD67ABB61F0609EF5A299794C -- C:\Windows\SoftwareDistribution\Download\b0feba321cfd1099562f871d1ce948a1\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21108_none_104895c75752f56b\iexplore.exe
[2011/12/16 09:19:51 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=C53E41F92B19EC97D987F968403BEC49 -- C:\Windows\SoftwareDistribution\Download\b0feba321cfd1099562f871d1ce948a1\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21108_none_1a9d40198bb3b766\iexplore.exe
[2010/11/20 12:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2011/02/24 05:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C6697A46554E36541E81182B258A19D6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_19d0e74472c85f04\iexplore.exe
[2011/08/20 05:42:38 | 000,696,576 | ---- | M] (Microsoft Corporation) MD5=C66C8BF791F9DB974022506265518EE0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_102322ab576fcd64\iexplore.exe
[2011/04/22 20:16:25 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=D6F57A9ECB4606076FB9519D1698FCBA -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_0fb71ca43e3c5a80\iexplore.exe
[2010/11/04 06:37:41 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=D8E00EA671A1EFE95C69C7566C505AD4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_0fb71abe3e3c5d59\iexplore.exe
[2011/02/24 06:32:09 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=E1BBDE0F187194D4B08335234A4B9FC7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_0f7c3cf23e679d09\iexplore.exe
[2010/11/04 06:42:22 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=E220FB009F54AAF649C6A278A5156764 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1021480f57716a4d\iexplore.exe
[2012/02/20 10:18:00 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Program Files\Internet Explorer\iexplore.exe
[2012/02/20 10:18:00 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe
[2009/07/14 01:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
[2011/04/22 19:11:29 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=F94877A94996B3C12BB31AD722840457 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_1a7326ab8bd31018\iexplore.exe
[2011/08/20 04:32:44 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=FA623BE79902A7B49FF4F21117B63C83 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_1a77ccfd8bd08f5f\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2012/02/20 10:18:01 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2012/02/20 10:18:01 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2012/02/20 10:18:15 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2012/02/20 10:18:15 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2009/07/14 02:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui
[2009/07/14 02:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/14 02:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui
[2009/07/14 02:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui
 
< MD5 for: SERVICES  >
[2009/06/10 21:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.DTD  >
[2012/03/28 20:40:18 | 000,007,693 | ---- | M] () MD5=0167EEA0CD182E558850B3E3BF241D88 -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{06990470-8417-465F-8B58-A3008B344A95}\locale\ru\services.dtd
[2012/03/28 20:40:18 | 000,007,080 | ---- | M] () MD5=5ED0DE2E8771F3061E8A5EA7E83858C4 -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{06990470-8417-465F-8B58-A3008B344A95}\locale\en\services.dtd
[2012/03/28 20:40:18 | 000,007,679 | ---- | M] () MD5=6F349841B35825885251E27954AC2F43 -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{06990470-8417-465F-8B58-A3008B344A95}\locale\be\services.dtd
[2012/03/28 20:40:18 | 000,007,109 | ---- | M] () MD5=863C33EF25373CD8D1103ECEDF027D6F -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{06990470-8417-465F-8B58-A3008B344A95}\locale\cs\services.dtd
[2012/03/28 20:40:18 | 000,007,701 | ---- | M] () MD5=B0758798DEEF23E1D7EF07112D281FCA -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{06990470-8417-465F-8B58-A3008B344A95}\locale\uk\services.dtd
[2012/03/28 20:40:18 | 000,007,859 | ---- | M] () MD5=ECD85452EF5E94D66560797B64751E28 -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{06990470-8417-465F-8B58-A3008B344A95}\locale\kk\services.dtd
[2012/03/28 20:40:18 | 000,007,088 | ---- | M] () MD5=F2F23D6C79AF6CE288C9CC71A99A8C59 -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{06990470-8417-465F-8B58-A3008B344A95}\locale\tr\services.dtd
 
< MD5 for: SERVICES.EXE  >
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2009/07/14 02:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/14 02:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.JS  >
[2013/10/19 11:09:43 | 000,005,711 | ---- | M] () MD5=92C58E360CF2E2E364275DB15E9D0289 -- C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.10.0_0\scripts\services.js
 
< MD5 for: SERVICES.LNK  >
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 20:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 20:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/07/14 02:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 20:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/14 02:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/14 02:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 20:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/14 02:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 20:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 20:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SERVICES.SBS  >
[2011/03/01 09:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy 2\Includes\Services.sbs
 
< MD5 for: SERVICES.XML  >
[2012/03/28 20:40:29 | 000,018,507 | ---- | M] () MD5=C4950F1359292A158B143327D6AEB90B -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\packages\{D02A3D80-B37F-4DB7-8B7A-3E07D5239D7F}\services\services.xml
 
< MD5 for: WINLOGON.ADML  >
[2009/07/14 02:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2009/06/10 21:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 13:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 01:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 07:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 06:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009/10/28 06:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 06:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2010/11/20 13:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
[2009/07/14 02:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2009/07/14 02:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui
 
< MD5 for: WINLOGON.MFL  >
[2009/07/14 02:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/14 02:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2009/07/13 20:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 20:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2013/10/30 18:33:49 | 000,028,220 | ---- | M] () -- C:\aaw7boot.log
[2013/10/27 10:54:50 | 000,000,002 | ---- | M] () -- C:\AvastSetup.log
[2009/07/14 01:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/07/27 20:40:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/07/02 08:51:00 | 000,013,757 | ---- | M] () -- C:\CDAVFSuser.log
[2010/07/01 09:01:47 | 000,017,570 | ---- | M] () -- C:\CDAVFSuserBackup.log
[2011/10/09 12:17:21 | 000,045,546 | ---- | M] () -- C:\ComboFix.txt
[2008/10/27 13:19:23 | 000,064,883 | ---- | M] () -- C:\converterv_mzr64rr1.jar
[2008/10/08 11:48:50 | 000,075,174 | ---- | M] () -- C:\CybDefInstallInfo.log
[2008/10/27 13:30:51 | 000,132,104 | ---- | M] () -- C:\dap050015_ciqqkzpv.jar
[2012/05/01 23:21:53 | 000,000,089 | ---- | M] () -- C:\data
[2002/07/28 23:40:00 | 001,059,840 | ---- | M] (Auto FX Software) -- C:\DS_Bonus_Plugin.8bf
[2012/01/09 18:10:47 | 000,461,824 | -HS- | M] () -- C:\EUMONBMP.SYS
[2010/01/03 00:00:36 | 000,004,047 | ---- | M] () -- C:\EyeCandyLog.txt
[2009/01/04 07:40:46 | 000,003,275 | ---- | M] () -- C:\flpalbm.opf
[2008/10/27 13:17:57 | 000,060,114 | ---- | M] () -- C:\gintris_u77v9ril.jar
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2008/10/27 13:08:33 | 000,051,408 | ---- | M] () -- C:\greatertha_bhihclc7.jar
[2005/01/21 04:12:14 | 000,000,011 | ---- | M] () -- C:\H07542EN.tag
[2013/10/30 18:33:51 | 3217,235,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/29 10:39:32 | 000,016,629 | ---- | M] () -- C:\hijackthis.log
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2010/02/25 09:20:32 | 000,000,490 | ---- | M] () -- C:\INSTALL.LOG
[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2012/01/19 16:57:49 | 000,000,863 | ---- | M] () -- C:\InstallHelper.log
[2010/03/22 18:11:13 | 000,696,747 | ---- | M] () -- C:\jemshorthair1.jpg
[2010/03/22 18:11:33 | 001,754,727 | ---- | M] () -- C:\jemshorthair2.jpg
[2010/03/22 18:12:13 | 000,650,199 | ---- | M] () -- C:\jemshorthair3.jpg
[2010/03/22 18:13:01 | 000,916,381 | ---- | M] () -- C:\jemshorthair4.jpg
[2010/03/22 18:13:42 | 001,051,683 | ---- | M] () -- C:\jemshorthair6.jpg
[2010/03/22 18:14:35 | 000,761,656 | ---- | M] () -- C:\jemshorthair7.jpg
[2010/03/22 18:15:11 | 000,838,946 | ---- | M] () -- C:\jemshorthair8.jpg
[2009/03/23 21:26:52 | 000,047,183 | ---- | M] () -- C:\me.jpg
[2010/03/22 18:07:55 | 001,293,737 | ---- | M] () -- C:\merlinlas4t.jpg
[2010/03/22 18:00:47 | 000,654,981 | ---- | M] () -- C:\merlinlast1.jpg
[2010/03/22 18:01:29 | 000,709,909 | ---- | M] () -- C:\merlinlast2.jpg
[2010/03/22 18:02:11 | 000,833,637 | ---- | M] () -- C:\merlinlast3.jpg
[2010/03/22 18:08:37 | 000,599,749 | ---- | M] () -- C:\merlinlast5.jpg
[2010/03/22 18:09:28 | 000,565,526 | ---- | M] () -- C:\merlinlast6.jpg
[2010/03/22 18:10:08 | 000,596,533 | ---- | M] () -- C:\merlinlast7.jpg
[2000/05/21 23:00:00 | 000,115,920 | ---- | M] (Microsoft Corporation) -- C:\Msinet.ocx
[2002/01/05 02:38:38 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\msvci70.dll
[2013/10/30 18:33:54 | 4289,650,688 | -HS- | M] () -- C:\pagefile.sys
[2009/09/04 16:15:12 | 000,003,011 | RHS- | M] () -- C:\Patch.rev
[2010/05/09 18:16:33 | 000,000,218 | RHS- | M] () -- C:\Preload.rev
[2009/04/23 19:46:30 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\psapi.dll
[2007/03/07 16:40:40 | 000,000,345 | ---- | M] () -- C:\RHDSetup (1).log
[2010/05/09 18:25:31 | 000,001,989 | ---- | M] () -- C:\RHDSetup.log
[2008/05/15 15:04:28 | 000,000,479 | ---- | M] () -- C:\sghmmail.ECF
[2009/09/12 22:17:37 | 000,115,224 | ---- | M] () -- C:\snp2sxp-001.raw
[2007/06/11 10:28:58 | 000,000,600 | -H-- | M] () -- C:\SWSTAMP.TXT
[2009/10/26 21:46:58 | 000,005,966 | ---- | M] () -- C:\SyncTraceFile.txt
[2011/04/28 09:07:54 | 000,067,488 | ---- | M] () -- C:\TDSSKiller.2.4.3.0_28.04.2011_10.04.28_log.txt
[2011/10/09 13:26:05 | 000,000,414 | ---- | M] () -- C:\TDSSKiller.2.5.22.0_09.10.2011_14.25.57_log.txt
[2011/09/14 15:30:40 | 000,074,170 | ---- | M] () -- C:\TDSSKiller.2.5.22.0_14.09.2011_16.29.14_log.txt
[2011/10/09 13:30:57 | 000,171,428 | ---- | M] () -- C:\TDSSKiller.2.6.6.0_09.10.2011_14.28.05_log.txt
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/10/05 15:13:30 | 000,470,582 | ---- | M] () -- C:\vcredist_x86.log
[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2008/10/27 13:09:33 | 000,000,839 | ---- | M] () -- C:\worms08_kz4me3av.jad
[2010/11/06 15:56:03 | 003,656,870 | ---- | M] () -- C:\xcards.ppp
[2008/06/04 11:37:03 | 000,000,162 | ---- | M] () -- C:\YServer.txt
[2008/10/27 13:05:41 | 000,269,414 | ---- | M] () -- C:\zuma_mp7zxmpq.jar
[2012/01/09 19:17:22 | 000,004,096 | -HS- | M] () -- C:\{37CC1B76-A9E8-4D00-8A60-DE2D72F75C1D}.CBM
 
< %systemroot%\Fonts\*.com >
[2009/07/14 05:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 05:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 05:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 05:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 20:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2011/11/28 18:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2009/09/22 16:15:26 | 000,220,672 | ---- | M] (Juan Trujillo Tarradas; http://www.jttsoft.com) -- C:\Windows\PhotoEchoes.scr
[2010/11/10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009/07/14 04:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is ACER
 Volume Serial Number is 046D-856D
 Directory of C:\
14/07/2009  05:08    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
14/07/2009  05:08    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
14/07/2009  05:08    <SYMLINKD>     All Users [C:\ProgramData]
14/07/2009  05:08    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
14/07/2009  05:08    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009  05:08    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     My Documents [C:\Users\Default\Documents]
14/07/2009  05:08    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009  05:08    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009  05:08    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009  05:08    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Users\Default\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Lorna
09/05/2010  18:16    <JUNCTION>     Application Data [C:\Users\Lorna\AppData\Roaming]
09/05/2010  18:16    <JUNCTION>     Cookies [C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Cookies]
09/05/2010  18:16    <JUNCTION>     Local Settings [C:\Users\Lorna\AppData\Local]
09/05/2010  18:16    <JUNCTION>     My Documents [C:\Users\Lorna\Documents]
09/05/2010  18:16    <JUNCTION>     NetHood [C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/05/2010  18:16    <JUNCTION>     PrintHood [C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/05/2010  18:16    <JUNCTION>     Recent [C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Recent]
09/05/2010  18:16    <JUNCTION>     SendTo [C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\SendTo]
09/05/2010  18:16    <JUNCTION>     Start Menu [C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Start Menu]
09/05/2010  18:16    <JUNCTION>     Templates [C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Lorna\AppData\Local
09/05/2010  18:16    <JUNCTION>     Application Data [C:\Users\Lorna\AppData\Local]
09/05/2010  18:16    <JUNCTION>     History [C:\Users\Lorna\AppData\Local\Microsoft\Windows\History]
09/05/2010  18:16    <JUNCTION>     Temporary Internet Files [C:\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Lorna\Documents
09/05/2010  18:16    <JUNCTION>     My Music [C:\Users\Lorna\Music]
09/05/2010  18:16    <JUNCTION>     My Pictures [C:\Users\Lorna\Pictures]
09/05/2010  18:16    <JUNCTION>     My Videos [C:\Users\Lorna\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile
06/09/2010  17:51    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
06/09/2010  17:51    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
06/09/2010  17:51    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
06/09/2010  17:51    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/09/2010  17:51    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/09/2010  17:51    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
06/09/2010  17:51    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
06/09/2010  17:51    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
06/09/2010  17:51    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local
06/09/2010  17:51    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
06/09/2010  17:51    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
06/09/2010  17:51    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\Documents
06/09/2010  17:51    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
06/09/2010  17:51    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
06/09/2010  17:51    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile
06/09/2010  17:51    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
06/09/2010  17:51    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
06/09/2010  17:51    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
06/09/2010  17:51    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/09/2010  17:51    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/09/2010  17:51    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
06/09/2010  17:51    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
06/09/2010  17:51    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
06/09/2010  17:51    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
06/09/2010  17:51    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
06/09/2010  17:51    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
06/09/2010  17:51    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
06/09/2010  17:51    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
06/09/2010  17:51    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
06/09/2010  17:51    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              79 Dir(s)  290,217,127,936 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/03/29 09:35:59 | 000,000,286 | -HS- | M] () -- C:\Users\Lorna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2012/02/23 14:27:21 | 000,000,221 | -HS- | M] () -- C:\Users\Lorna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
[2013/11/03 11:59:04 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Lorna\Desktop\aswMBR.exe
[2013/10/29 10:54:05 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Lorna\Desktop\HijackThis.exe
[2013/11/03 12:02:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lorna\Desktop\OTL.exe
[2013/11/03 11:58:42 | 000,891,184 | ---- | M] () -- C:\Users\Lorna\Desktop\SecurityCheck.exe
 
< %PROGRAMFILES%\Common Files\*.* >
[2009/02/10 19:23:42 | 000,192,484 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acer GameZone online.ico
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Base Services ==========
SRV:64bit: - [2009/07/14 01:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2009/07/14 01:40:01 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 01:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2009/07/14 01:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2009/07/14 01:40:10 | 000,703,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 07:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 01:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 01:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2009/07/14 01:40:13 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2009/07/14 01:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2009/07/14 01:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2009/07/14 01:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2009/07/14 01:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 01:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 06:17:10 | 000,182,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 01:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 01:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 01:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 01:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009/07/14 01:41:10 | 000,500,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/14 01:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 01:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 01:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 01:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 01:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2009/07/14 01:41:52 | 000,302,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 01:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 11:21:59 | 000,404,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2010/08/21 06:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 07:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 01:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2009/07/14 01:41:53 | 000,343,552 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2009/07/14 01:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2009/07/14 01:41:53 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 07:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2010/12/21 06:16:27 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/08/27 06:14:02 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2009/07/14 01:41:54 | 000,369,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/14 01:16:14 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/02 05:16:53 | 001,114,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2009/07/14 01:41:55 | 000,316,416 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 01:16:15 | 000,241,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 01:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/14 01:41:53 | 000,208,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2009/07/14 01:39:50 | 001,598,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2009/07/14 01:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2009/07/14 01:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2009/07/14 01:41:53 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:41:56 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2009/07/14 01:41:27 | 000,824,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2009/07/14 01:41:56 | 000,578,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2009/07/14 01:39:21 | 000,127,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2009/07/14 01:14:25 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 01:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 22:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2009/07/14 01:40:32 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 01:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2009/07/14 01:41:56 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HTS545050B9A300
Partitions: 4
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HTS545050B9A300
Partitions: 1
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 12.00GB
Starting Offset: 1048576
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 4.00GB
Starting Offset: 12583960576
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 16342056960
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #3
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 450.00GB
Starting Offset: 16446914560
Hidden sectors: 0
 
 
DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 466.00GB
Starting Offset: 32256
Hidden sectors: 0
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\wordchart1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\WM0270.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Weave-ItBkTwo.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Weave-ItBkThree.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\vintage_knitting_tips.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\vintage_knitting_tips.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\vertigo-source.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\vertigo-logo-source.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\vertigo-footer-source.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Valsaddress.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\tyroknit.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\TheWeave-ItBook.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\testpdf.PDF:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\TechniqueColoredPencil.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\sv_028.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\surveys.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\stitchy.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\steampunk-bug.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\star_template.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\stamford-artisans-guild-logo.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Spool221.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\showcase-source.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Sea%20Breeze%20Angelina%20instructions.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\SAGE INVOICES.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\replicant2-source.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\PRESS RELEASEoldword.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\press release vic hall lorna.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\pic for payperhour.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\pdftedst.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\paper doll maryjane.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\office10beta.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\OFFICE PROFESSIONAL KEY.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\mywatchmanual.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Mysnowflakes.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Mysnowflakes.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Microsoft Word - r conboy webvert march 08.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\m names.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\linked in us search.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\len and nell page 11 i think cmyk.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\LayoutTool - Legacy.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\JumpingJacks.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\JumpingJacks(1).pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\joomla_15_quickstart.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\jemjoker.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\jemcvnewtxtonly.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\jem cv.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\jem cv new.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\jem coverletterbarclays.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\IS SHAKESPEARE DEAD.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\invite square copy.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Inside Front Cover.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\inside back cover cmyk.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\High-Raw-Kevin-Gianni.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\hhswholething.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\heartsnflowerspng.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\HEARTSfinal layout2up.docx.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\HEARTSfinal layout.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Hearts.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Heart_templates.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\googlebase-ezlibris-200806231005.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\googlebase-ezlibris-200806230956.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\front cover cmyk.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\From the time I was a little girl.pps:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\fox2crop.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\flowersp.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\flower_template.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\flower.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\floralpeyote v2.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\floral1peyote1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\floral1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\floral1 peyote1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\farm1a.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\ETSToysB.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\ETSToysA.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Elfic_doll.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\dvlalicenceapp.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\CTMJanFeb08 FINAL.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\CTFEB07CrochetFroggyHatCheerioEssentials.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\cs5serial.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\COURIER.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\CorelDRAW Graphics Suite X3.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\copyrightnotice.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\copyrightnotice.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\cctreescrop.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\cash_book_pro_v2.0.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Card07.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Card06.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Card04.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\calendar_organizer_months.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\broadsheetsteampunk.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\BABYmocsBtys.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\B023_ebook.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\amclassical_silent_night.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\alicewivbaby.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\aglaciercrop.JPG:Roxio EMC Stream
@Alternate Data Stream - 452 bytes -> C:\Users\Lorna\Documents\vichallflyerfinal.ppp:SummaryInformation
@Alternate Data Stream - 436 bytes -> C:\xcards.ppp:SummaryInformation
@Alternate Data Stream - 432 bytes -> C:\Users\Lorna\Documents\alice1.ppp:SummaryInformation
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:BC3DB898
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:2B11E0DF

< End of report >

EXTRAS.txt:

 

OTL Extras logfile created on: 03/11/2013 12:30:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lorna\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
4.00 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 62.33% Memory free
7.99 Gb Paging File | 6.07 Gb Available in Paging File | 76.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.44 Gb Total Space | 268.88 Gb Free Space | 59.69% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 246.55 Gb Free Space | 52.93% Space Free | Partition Type: NTFS
Drive E: | 254.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: LORNA-PC | User Name: Lorna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Value error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FB98A1-7AF9-46DA-870E-B3E179CE55A5}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0A37EBFD-4C01-4323-BBD7-D212EB87C91B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0D23B282-2882-4D6B-B34C-C809FBDB29EB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0E8B587E-8654-49E1-ADD9-5A6126327F9C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{109092A7-9655-42A4-BE06-1E4293F9D2BC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{175CC621-2FC3-4E9A-8A3B-8688346CBA8F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1AB91F7A-C8C3-4F1B-90E2-0DF59D760C39}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2456651F-140F-41DB-AE77-FD4C437211B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{285DA852-E50B-4CD6-A2AF-A67C16058365}" = rport=445 | protocol=6 | dir=out | app=system |
"{2F22710D-5CDC-42CB-8492-66DE3A6C1D8D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{327F1DA6-D344-4488-B593-D5455C2CC737}" = rport=10243 | protocol=6 | dir=out | app=system |
"{36B71C93-50A9-4F48-BF8E-7569CFD30A5C}" = rport=2869 | protocol=6 | dir=out | app=system |
"{40D98898-C72B-48A9-9001-AA1EA67D641E}" = lport=137 | protocol=17 | dir=in | app=system |
"{6B75E5BC-8C35-4758-A8B9-670E1F4D590B}" = rport=138 | protocol=17 | dir=out | app=system |
"{6CD889C3-ADC0-4253-A003-13D5A86433E1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E491A19-0544-4E98-8CCB-FEDFDAC391BA}" = lport=445 | protocol=6 | dir=in | app=system |
"{8F3FDE23-CB59-40E2-99DC-248E18C6AD35}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8F63FA6D-D92E-43F1-9736-08F1DA4C0ED6}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{990019A1-389A-4131-8ED1-75C68E987E3B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{999B8C11-E1E9-48B0-B131-51BF04F48763}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AAA4096A-8218-492F-867B-6DBBFF09D244}" = lport=139 | protocol=6 | dir=in | app=system |
"{AFDF5C9D-EF74-429B-9DDA-9E4A52576469}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B4D7A118-7027-45E5-82C6-7DDA4005F457}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B8ACFC35-CE78-4145-97F9-3CBB5905ACA3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C242A725-DF66-4D6B-A25D-B69DFEC85D60}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C5299320-4AFA-44FD-A254-D0ACE41376CF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D00F6322-F81F-48FE-A42C-689480474DF6}" = lport=138 | protocol=17 | dir=in | app=system |
"{D60C093C-775D-44FB-AA6D-5FAA2E4AB678}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DADE18E9-DEFD-4BE3-AFCF-7D5B3440B6FA}" = rport=137 | protocol=17 | dir=out | app=system |
"{DD1C5633-85CA-4F5D-9761-7C44D8785AB1}" = rport=139 | protocol=6 | dir=out | app=system |
"{EC3E75AD-21E1-4969-9906-E6FFDDE263DE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E663DF1-5CC7-49F9-B4F2-DE4EC2CDF538}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0F9493B2-954A-45C2-A962-D64D963598B1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0FE74F0C-38DE-4447-9C5F-A7F1C895A49C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{17355C71-1C6A-4F7A-8DCB-76D5074EC64E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{19B926AF-F118-4E2D-A0D5-C54FC4933C29}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{24F886AC-2564-49A6-89B6-1C9DA4C959E8}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{3439C0E9-1858-4AFC-B720-4D3F0F01045D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{35CDDABE-97DD-4AD8-821E-EEEB6CEF9103}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3FBBCB08-A755-4D39-A53F-895873691A91}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{4316C09F-0F43-489A-B7F3-8E3B9B5A77CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{439578B7-4ED0-4CF8-8AB8-880B24B1A4F0}" = protocol=17 | dir=in | app=c:\windows\temp\cmc_dragon\restart_helper.exe |
"{4C0574E3-F9E2-453F-977D-3571B658121D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4FF09CFE-451B-44A1-94E3-5D177B5026A7}" = protocol=17 | dir=in | app=c:\users\lorna\appdata\roaming\dropbox\bin\dropbox.exe |
"{5AE9766C-EC17-454E-8FAA-3F3A5806AE5F}" = protocol=6 | dir=in | app=c:\users\lorna\appdata\roaming\dropbox\bin\dropbox.exe |
"{64FAC652-19ED-4637-86F6-E87D29048500}" = protocol=6 | dir=out | app=system |
"{65189FD5-E420-4929-89DC-C2432B37F088}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{658D211A-36E4-456B-9DE6-B38E6BF5B7E1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6756D2C8-D447-4C27-992D-1671AB2C3B21}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\comodo\tvnserver.exe |
"{69C7DF42-A0B7-4CBF-BFD9-C5402896D6E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E739B8C-F5DE-44CC-8156-3C2DC7FBF9E3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{727199DC-71F7-4C6F-9C5A-F2D8EBFFBFC0}" = protocol=6 | dir=in | app=c:\windows\temp\cmc_dragon\restart_helper.exe |
"{7928CA9C-B0CE-4A93-92AC-D6D67FF39CD8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7AC87AB6-F04D-4E76-A450-665B8B5DDD80}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{7D537CD3-E95A-48C2-92C2-0362143919F4}" = protocol=6 | dir=in | app=c:\users\lorna\appdata\roaming\dropbox\bin\dropbox.exe |
"{9C1B4A8A-2198-4CB1-8A6A-233778D9C76E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A2D0DBED-F7DE-49E0-98DB-F40E792C4A74}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AD7E18DA-5144-4307-BA47-6F910D52F525}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AE1F3226-FB2F-458F-863C-92CE34467DBD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BF5AE95C-5779-49FC-A95F-A19EB426F5D2}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C38F1B2D-5541-4443-B546-983E13B9D4FF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C4F6DDF6-0527-4A4C-86DB-FD1661B27A3B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C97E426B-9C46-428A-BA44-247A11D73F7C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CB269071-FD26-4B3D-A1F0-ED82D4F8FF34}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{CE7E3F2C-374E-434B-8097-6F85E818F921}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\comodo\tvnserver.exe |
"{D8442974-63BC-40C7-9F42-2A2EB91307D4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DF1E12D1-625A-434C-8AF2-ADBACA066882}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EA239201-9796-4433-8FAD-6D2F7FBC6256}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{EEE8BE16-4EBD-4E1F-BC9F-8CDFD7739918}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EF398F74-BF9D-4889-A8D1-65612570EE45}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F512C44E-C797-4A64-852D-559A86C114ED}" = protocol=17 | dir=in | app=c:\users\lorna\appdata\roaming\dropbox\bin\dropbox.exe |
"{FECBDD97-A918-4925-8F49-4671A74E4771}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{108A39BF-4ED1-4293-B11A-06BD521FB8F7}" = FreeOCR 3.0
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A9E695CB-A6AA-4B4C-9754-BA3CFF1C3B00}" = HP Officejet Pro 8000 A809 Series
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"A5B98551C6BA1C24D2FDDFB2E1764339D449F74D" = Windows Driver Package - Intel (NETw5v64) net  (09/15/2009 13.0.0.107)
"B540836D57069F83653778772EE56C5408F1B192" = Windows Driver Package - Intel (NETw5s64) net  (09/15/2009 13.0.0.107)
"DesktopIconAmazon" = Desktop Icon für Amazon
"Free PDF to Word Converter_is1" = Free PDF to Word Converter 4.2.3.183
"GIMP-2_is1" = GIMP 2.6.12
"HitmanPro37" = HitmanPro 3.7
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"novaPDF Pro v5_is1" = novaPDF Pro v5 (novaPDF Professional Desktop 5.5  printer)
"NVIDIA Drivers" = NVIDIA Drivers
"PDFtypewriter Printer Driver" = PDFtypewriter Printer Driver
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FAEAEC8-F458-4AE2-89B8-BF680FD245D5}" = 8000A809_eDocs
"{1000ACF5-0BCF-4FC0-B4F5-F044317F9155}" = ProductContext
"{10B1D4F7-6568-48F7-92FD-74D616CD061E}" = Serif CraftArtist Wedding Days Collection
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1439B98F-681E-4D51-BB90-D04474E4C6EA}" = Serif Digital Scrapbook Artist 2
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15879CF1-46AD-4A19-B362-E3A939C65BA9}" = DaisyTrail Summer Fun Digikit
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BB1AF9-981C-4539-9113-D2F88F031C1D}" = GeekBuddy
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2189194E-35E0-4597-BC93-63DC40EB9258}" = Serif Digital Scrapbook Artist Photobook, Basic
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{25015AF4-F435-4605-A06F-BA91C0BF6087}" = Serif CraftArtist Scrapbooks Collection
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{26F8F39E-C228-4E3C-93A5-061FCCBFC914}" = Serif PagePlus Essentials
"{27996809-446F-7261-6C69-6B654C656F6E}" =
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{312F775B-EF9B-4456-83C8-4B4596677C13}" = Serif CraftArtist Baby Photos Collection
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{366584A4-1D35-49B2-97B3-C803DDFCC543}" = myPrintMileage (Officejet Pro 8000 A809)
"{3AD783E5-1DC6-4FDF-B913-C371657B7A6B}" = Acer Arcade Instant On
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EC9C9AB-28DA-411D-8EFE-E31AFAFA038A}" = Karen Gover, Turkish Delight Digikit
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{565A39D6-4FB0-4F35-A2AC-0DC66ACC3520}" = Fingerprint Solution
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5ED5BC4D-CADC-4705-A230-D1FC80882252}" = PhotoTools 2.6.3 Free
"{5F9DDC8F-5D4D-4D63-BDB5-8DB3EE1432E4}" = Serif PagePlus Essentials Bonus Content Pack
"{61B3CAF9-0C8A-4390-AE72-D6B90FB71C17}" = Serif CraftArtist Professional
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63CA71FE-85AB-49AE-8668-26951FBD95DC}" = Kaleidoscope Kreator 3
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{761E061F-FB8E-BBB4-69A4-B1DEF3640DB7}" = Zinio Reader 4
"{76E2A1A0-CE72-48A0-8D8E-767A1B0C2191}" = PhotoFrame 4.6.3 Free
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C08721F-AC43-4198-A35B-93442DD10A26}" = Serif CraftArtist Greeting Cards Collection
"{7D336C6B-1C91-4AD4-B168-F1E1AC08D737}" = PDFtypewriter with PDF Printer Driver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}" = Star Defender 4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92975DF9-EA36-4F36-A9AC-D412BC1D709E}" = Nuvoton EC Generic HID Driver
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A8BCCBD-07F6-4B3E-9463-FA556619744E}" = eBaitor
"{9ADE9794-F65D-11BE-051B-B6E52B5CDD04}" = Adobe Community Help
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FB13038-240D-427E-B27E-1796E5C0FA1A}" = DaisyTrail Vintage Sideshow Digikit
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{B9830694-3D4A-40CC-AB27-5A8C9E160200}" = BPDSoftware
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BDE7CE44-145A-47E3-9A75-9FBD49D9B46B}" = 8000A809
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C5F7045B-193F-418C-A4DE-27F76F28841E}" = BPDSoftware_Ini
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF255306-5B68-401F-87BA-AA62BEA6888C}" = 8000A809_Help
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12EBB4E-CF21-496D-979F-89D9DE58C5B8}" = PDFill PDF Tools (FREE)
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3F42516-EC12-4ECF-A3C3-5A79CD3CB5F5}" = Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D575FBAA-D6D6-4221-A2C4-67541DB7AB5E}_is1" = Device Doctor 1.0.0.1
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12F5FD8-3C24-4594-9730-3F89C04A45AA}" = eCraftShop Pro
"{E2B31B67-9795-4EF9-9AC6-B683E7B11BE6}_is1" = FotoFusion v4
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFEDD205-43FE-4208-B682-0937E803E19E}_is1" = NexusFont 2.5 (ver 2.5.7.1562)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F840E2F3-138C-4307-83F7-D0A5DD75B6CE}" = Samsung SCX-4100 Series (TWAIN)
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aniMate 2 DS3 2.0.0.7" = aniMate 2 DS3
"avast" = avast! Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Comodo Dragon" = Comodo Dragon
"DAZ 3D Install Manager 1 1.0.1.90" = DAZ 3D Install Manager 1
"DAZ Content Management Service 4.8.1.7" = DAZ Content Management Service
"DAZ Studio 3 3.1.2.32" = DAZ Studio 3
"Dazzling Reflections PE (Trial Version)_is1" = Dazzling Reflections PE v2.1
"DirPrintOK" = DirPrintOK
"DreamSuite Bonus" = Uninstall DreamSuite Bonus
"EaseUS Todo Backup Free 4.0_is1" = EaseUS Todo Backup Free 4.0
"Echoes_is1" = PhotoEchoes 3.1.004
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressBurn" = Express Burn Disc Burning Software
"Filter Forge Freepack 1 - Metals_is1" = Filter Forge Freepack 1 - Metals 2.009
"Filter Forge Freepack 2 - Photo Effects_is1" = Filter Forge Freepack 2 - Photo Effects 2.009
"Filter Forge Freepack 3 - Frames_is1" = Filter Forge Freepack 3 - Frames 2.009
"Filter Forge Freepack 4 - Distortions_is1" = Filter Forge Freepack 4 - Distortions 1.015
"Filter Forge Freepack 5 - Hearts_is1" = Filter Forge Freepack 5 - Hearts 2.009
"Filter Forge Freepack 6 - Patterns_is1" = Filter Forge Freepack 6 - Patterns 2.009
"FrameFun_is1" = FrameFun 2.0.0.7
"FrameMaster" = FrameMaster 2.14
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"GPL Ghostscript 8.57" = GPL Ghostscript 8.57
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"GridMagic_is1" = GridMagic 3.3.0.201
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"Identity Card" = Identity Card
"IE Kaleidoscope" = IE Kaleidoscope
"Inkscape" = Inkscape 0.48.2
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{565A39D6-4FB0-4F35-A2AC-0DC66ACC3520}" = Acer Bio Protection
"Instant Eyedropper_is1" = Instant Eyedropper 1.75
"Kaleider_is1" = Kaleider 4.8.1
"LManager" = Launch Manager
"Make The Cut!" = Make The Cut!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Maxthon2" = Maxthon2
"Mozilla Firefox 24.0 (x86 en-GB)" = Mozilla Firefox 24.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Pattaizer_is1" = Pattaizer v1.3
"Picasa 3" = Picasa 3
"Plugin Commander Light 1.61_is1" = Plugin Commander Light 1.61
"Poser Debut_is1" = Poser Debut
"Rapport_msi" = Rapport
"Samsung SCX-4100 Series" = Samsung SCX-4100 Series
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"SpywareBlaster_is1" = SpywareBlaster 4.4
"TabletDriver" = Trust Tablet Driver
"Ulead ArtTexture.Plugin 1.0" = Ulead ArtTexture.Plugin 1.0
"Ulead FantasyWarp.Plugin 1.0" = Ulead FantasyWarp.Plugin 1.0
"VertusPlayWithPictures" = Vertus Play With Pictures 1.0.9
"WinLiveSuite" = Windows Live Essentials
"Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free
"XnView_is1" = XnView 1.96.1
"Yandex Toolbar Removal Tool_is1" = Yandex Toolbar Removal Tool
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dashlane" = Dashlane
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spoon Sandbox Manager 3.32" = Spoon Sandbox Manager 3.32
"WinDirStat" = WinDirStat 1.1.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21/08/2011 14:51:35 | Computer Name = Lorna-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wbengine.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bc537  Faulting module name: ntdll.dll, version: 6.1.7600.16695,
time stamp: 0x4cc7b325  Exception code: 0xc0000005  Fault offset: 0x000000000004c8f4
Faulting
 process id: 0x227c  Faulting application start time: 0x01cc602cfa36a747  Faulting application
 path: C:\Windows\system32\wbengine.exe  Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
 Id: 978b0a96-cc26-11e0-87ba-ab44c7e5e56f
 
Error - 25/08/2011 14:40:11 | Computer Name = Lorna-PC | Source = MSSOAP | ID = 16
Description = Soap error: XML Parser failed at linenumber 0, lineposition 0, reason
 is: The system cannot locate the resource specified.  .
 
Error - 25/08/2011 14:40:11 | Computer Name = Lorna-PC | Source = MSSOAP | ID = 16
Description = Soap error: Loading of the WSDL file failed.
 
Error - 25/08/2011 14:40:11 | Computer Name = Lorna-PC | Source = MSSOAP | ID = 16
Description = Soap error: One of the parameters supplied is invalid..
 
Error - 26/08/2011 08:40:41 | Computer Name = Lorna-PC | Source = Application Hang | ID = 1002
Description = The program CraftArtist.exe version 1.0.4.40 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1fb4    Start
 Time: 01cc63d406a2153c    Termination Time: 0    Application Path: C:\Program Files (x86)\Serif\CraftArtist\1.0\Program\CraftArtist.exe

Report
 Id: 860975a6-cfe0-11e0-87ba-ab44c7e5e56f  
 
Error - 27/08/2011 18:46:38 | Computer Name = Lorna-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
 Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value
 "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
 "version" in element "assemblyIdentity" is invalid.
 
Error - 28/08/2011 07:28:10 | Computer Name = Lorna-PC | Source = System Restore | ID = 8210
Description =
 
Error - 28/08/2011 16:38:41 | Computer Name = Lorna-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16768,
time stamp: 0x4d688122  Faulting module name: wucltux.dll, version: 7.3.7600.16385,
 time stamp: 0x4a5be09e  Exception code: 0xc0000005  Fault offset: 0x0000000000054f1d
Faulting
 process id: 0x46c  Faulting application start time: 0x01cc65795e54bcd5  Faulting application
 path: C:\Windows\Explorer.EXE  Faulting module path: C:\Windows\system32\wucltux.dll
Report
 Id: b67d2884-d1b5-11e0-859f-ea060eeb6d6c
 
Error - 28/08/2011 16:42:33 | Computer Name = Lorna-PC | Source = Application Hang | ID = 1002
Description = The program Photoshop.exe version 12.0.0.0 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: d28    Start
 Time: 01cc65c14a159d76    Termination Time: 835    Application Path: C:\Program Files\Adobe\Adobe
 Photoshop CS5 (64 Bit)\Photoshop.exe    Report Id:   
 
Error - 01/09/2011 14:20:39 | Computer Name = Lorna-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
 Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value
 "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
 "version" in element "assemblyIdentity" is invalid.
 
[ System Events ]
Error - 01/11/2013 14:25:58 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 01/11/2013 14:26:03 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 01/11/2013 14:26:17 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 01/11/2013 14:26:26 | Computer Name = Lorna-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Google
 Software Updater service to connect.
 
Error - 01/11/2013 14:26:26 | Computer Name = Lorna-PC | Source = DCOM | ID = 10005
Description =
 
Error - 03/11/2013 07:51:00 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 03/11/2013 07:51:10 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 03/11/2013 07:51:40 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 03/11/2013 09:31:42 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 03/11/2013 09:31:44 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
 
 
< End of report >



 



#8 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 03 November 2013 - 12:47 PM

Hi fellfromgrace,

bullseye_zpse9eaf36e.gif Multiple Anti-Virus Programs Installed

I notice that you have multiple Anti-Virus programs installed at the same time. Having more than one antivirus program running at the same time can seriously degrade the performance of your system.
  • Lavasoft Ad-Watch Live! Anti-Virus
  • avast! Antivirus
  • COMODO Antivirus
Please uninstall any two (2) (which ever you prefer) using either the provided uninstall feature that is part of the antivirus program or through Add/Remove Programs (for Vista and Win 7 users to go to Programs and Features in the Control Panel). As a rule of thumb one should run one firewall, one antivirus program in memory, and one anti-spyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble.
  • Lavasoft Ad-Watch Live! Anti-Virus
  • avast! Antivirus
  • COMODO Antivirus
=========================

bullseye_zpse9eaf36e.gif Malwarebytes Anti-Rootkit
  • Download Malwarebytes Anti-Rootkit
  • Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
  • Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
  • Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
  • After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
  • Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
  • If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.
MBAMAnti-Rootkit1_zps4613be8c.png
  • Please click by the introduction screen on the Next button to continue.
MBAMAnti-Rootkit2update_zpsf85fca28.png
  • Next you will see the Update Database screen.
  • Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.
MBAMAnti-Rootkitupdatecomplete_zpscf9f4c
  • When the update has finished, click on the Next button.
MBAMAnti-Rootkitscan_zps9b346fe7.png
  • Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
  • Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.
MBAMAnti-Rootkitscan-results_zps9f0fdf8e
  • When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
  • Make sure everything is selected and that the option to create a restore point is checked.
  • Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
  • Click on Yes button to restart your computer.
  • There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
  • The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
    • For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
  • The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.
=========================

bullseye_zpse9eaf36e.gif AdwCleaner v3: Scan & Clean
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================

bullseye_zpse9eaf36e.gif Junkware Removal Tool

Download Junkware Removal Tool to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • =========================

    bullseye_zpse9eaf36e.gif Re-run OTL (it should be located on your desktop).
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
=========================

In your next post please provide the following:
  • Anti-Virus status
  • system-log.txt
  • AdwCleaner[S0].txt
  • JRT.txt
  • New OTL.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#9 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 03 November 2013 - 03:10 PM

Thanks for yiur speedy response. I will do all the above, but think this will take longer. (Last time I ran MalwareBytes I think it took several hours ...)



#10 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 03 November 2013 - 03:22 PM

Hi, I cannot uninstall Avast ... there is something wrong with this installation as I couldn't update or run it at all when I first got this problem, Now when I try to uninstal, I get the following message:

 

 

Error reading product data from "C\Program Files\Avast Sosftware\Avast\Setup\part-setup_ais-557.vpx". Setup cannot continue

 

 

Do not know what to do next so will await your instructions, thanks


    Advertisements

Register to Remove


#11 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 03 November 2013 - 03:24 PM

oops that should have read:

 

 

Error reading product data from "C\Program Files\Avast Software\Avast\Setup\part-setup_ais-557.vpx". Setup cannot continue



#12 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 03 November 2013 - 03:26 PM

Hi fellfromgrace,

bullseye_zpse9eaf36e.gif Revo Uninstaller Pro

Please download Revo Uninstaller Pro and save it to your desktop.
(This version is a fully functional, 30 day free trial)

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • From the list of programs click on
    Avast
  • Chose "Uninstall". When prompted click Yes.
  • Make sure the advanced option is checked... then click Next.
  • The program will run, when prompted... click Yes... then Next.
  • Once the program has searched for leftovers click Next.
  • Check ONLY the bolded items on the list then... click Next... then Yes.
  • When done click Finish.

=========================

Then continue with previously outlined steps


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#13 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 03 November 2013 - 03:50 PM

Thanks, will do



#14 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 03 November 2013 - 04:25 PM

Hi, thanks ... I've done that (uninstalled); had to force uninstall and got the same message but then it continued and I could delete the remnants. I've restarted and will probably report back tomorrow ... it's now nearly 10.30pm here and I think the other steps will take a few hours to run.



#15 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 04 November 2013 - 09:46 AM

I ran Revo and I now only have Comodo running as AV.

 

I have run MWBAR and it told me "Scan finished no malware found"

 

It did not produce ANY reports!

 

Then I ran Junkware removal ... twice.

first time it hung on Checking shortcuts. I waited half an hour or more on this subject, checked va Task Manager, which said it was running. Processes showed it running too but not using any cpu at all.

 

I restarted PC and started Junkware Removal again, Same thing happned. It ran for an hour and a half, an  hour of which was stuck on Checking Shortcuts. Again, TAsk manager showed it running, samre as before, no cpu usage. I stopped it as it seemed it wasn't doing anything and had hung again at the same point. I may be wrong here of course and it may take that long to check the shortcuts but it seems strange as it did not take that long to do all of the checks prior to that one.

 

So no report there either

 

Then I ran OTL, and here is the result:

OTL logfile created on: 04/11/2013 15:07:51 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lorna\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
4.00 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 61.21% Memory free
7.99 Gb Paging File | 6.26 Gb Available in Paging File | 78.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.44 Gb Total Space | 269.65 Gb Free Space | 59.86% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 246.48 Gb Free Space | 52.92% Space Free | Partition Type: NTFS
Drive E: | 254.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: LORNA-PC | User Name: Lorna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Lorna\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Lorna\AppData\Roaming\Dashlane\Dashlane.exe ()
PRC - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
PRC - C:\Users\Lorna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe (Comodo Security Solutions Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe (GlavSoft LLC.)
PRC - C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SpeedBit Ltd.)
PRC - C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\WTClient.exe (Tablet Driver)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - c:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
PRC - c:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\Dashlane.exe ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.2.2.1.47394.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.2.2.1.47394.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.2.2.1.47394.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.2.2.1.47394.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.2.2.1.47394.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.2.2.1.47394.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.2.2.1.47394.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Windows\SysWOW64\WinTab32.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (DAZContentManagementService) -- C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe ()
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinTabService) -- C:\Windows\SysNative\drivers\WTSrv.exe (Tablet Driver)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (DragonUpdater) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
SRV - (CLPSLauncher) -- C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe (Comodo Security Solutions Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (tvnserver) -- C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe (GlavSoft LLC.)
SRV - (Guard Agent) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (EaseUS Agent) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (VideoAcceleratorService) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SpeedBit Ltd.)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (IGBASVC) -- c:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (CFRMD) -- C:\Windows\SysNative\drivers\CFRMD.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (EUFDDISK) -- C:\Windows\SysNative\drivers\EuFdDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV:64bit: - (EUBKMON) -- C:\Windows\SysNative\drivers\EUBKMON.sys ()
DRV:64bit: - (EUDSKACS) -- C:\Windows\SysNative\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV:64bit: - (EUBAKUP) -- C:\Windows\SysNative\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (silabser) -- C:\Windows\SysNative\drivers\silabser.sys (Silicon Laboratories)
DRV:64bit: - (silabenm) -- C:\Windows\SysNative\drivers\silabenm.sys (Silicon Laboratories)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\drivers\uim_vimx64.sys (Paragon)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows ® 2000 DDK provider)
DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\drivers\RapportKE64.sys (Trusteer Ltd.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (FPSensor) -- C:\Windows\SysNative\drivers\FPSensor.sys (Egistec)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (hidshim) -- C:\Windows\SysNative\drivers\hidshim.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (nuvotonhidgeneric) -- C:\Windows\SysNative\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (UCTblHid) -- C:\Windows\SysNative\drivers\UCTblHid.sys (Tablet Driver)
DRV:64bit: - (TClass2k) -- C:\Windows\SysNative\drivers\TClass2k.sys (Tablet Driver)
DRV:64bit: - (PTSimHid) -- C:\Windows\SysNative\drivers\PTSimHid.sys (PenTablet Driver)
DRV:64bit: - (PTSimBus) -- C:\Windows\SysNative\drivers\PTSimBus.sys (PenTablet Driver)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV - (cleanhlp) -- C:\EEK\Run\cleanhlp64.sys (Emsisoft GmbH)
DRV - (RapportCerberus_43926) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys ()
DRV - (CFRMD) -- C:\Windows\SysWOW64\drivers\CFRMD.sys (Windows ® Win 7 DDK provider)
DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.)
DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.)
DRV - (usbscan) -- C:\Windows\SysWOW64\drivers\USBSCAN.SYS (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...c8z185t5701w78n
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = Yandex
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...AW_enGB378GB379
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://yandex.ru/yan...t={searchTerms}
IE - HKCU\..\SearchScopes\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}: "URL" = http://ws.infospace....=7?_IceUrl=true
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\Moikrug: "URL" = http://moikrug.ru/pe...ms}&submitted=1
IE - HKCU\..\SearchScopes\Yandex: "URL" = http://www.google.co...AW_enGB378GB379
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.32: C:\Users\Lorna\AppData\Local\Spoon\3.32.2.12\npMozillaSpoonPlugin.dll (Code Systems Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lorna\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lorna\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/01 08:40:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/02 13:09:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/20 14:20:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/01 08:40:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}: C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47394\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} [2013/10/21 09:17:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/20 14:20:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/02/10 13:34:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lorna\AppData\Roaming\Mozilla\Extensions
[2013/10/27 10:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lorna\AppData\Roaming\Mozilla\Firefox\Profiles\nlrnclme.default-1382870013963\extensions
[2013/10/20 14:20:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/10/20 14:20:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/20 14:20:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/10/21 09:17:25 | 000,000,000 | ---D | M] (Dashlane) -- C:\USERS\LORNA\APPDATA\ROAMING\DASHLANE\2.2.1.47394\BIN\FIREFOX_EXTENSION\{442718D9-475E-452A-B3E1-FB1EE16B8E9F}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.addthis.c...n3&clickbacks=1
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lorna\AppData\Local\Google\Chrome\Application\31.0.1650.34\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lorna\AppData\Local\Google\Chrome\Application\31.0.1650.34\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lorna\AppData\Local\Google\Chrome\Application\31.0.1650.34\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Chrome SVD extension (Enabled) = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.4_0\lib/npdownloaderchrome.dll
CHR - plugin: Chrome DAP extension (Enabled) = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.6_0\lib/npdapchrome.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RockMelt Update (Enabled) = C:\Users\Lorna\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll
CHR - plugin: Spoon Plugin (Enabled) = C:\Users\Lorna\AppData\Local\Spoon\3.32.2.12\npMozillaSpoonPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Google Translate = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0\
CHR - Extension: Spybot - Search & Destroy = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmcccagmbagkpbdgpammblejlmiempb\2.0.6.819_0\
CHR - Extension: YouTube = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
CHR - Extension: Google Search = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SpeedBit Video Downloader = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.4_0\
CHR - Extension: avast! WebRep = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Disconnect = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.10.0_0\
CHR - Extension: SpeedBit Search Predict = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ledcpigomgblcmofccnacobhmcdkpiea\2.0.2_0\
CHR - Extension: Window Close Protector = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnpifgapnmpninomacbhdlconlpikdai\2.2_0\
CHR - Extension: Dashlane = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjojgglmmcghgaiknnpgjgldgaocjfd\2.2.1.47394_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.2_0\
CHR - Extension: Short URL = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\obbdcmhkndhionekooeeiilbicfdkhml\1.0_0\
CHR - Extension: Instagram for Chrome = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\4.9.1_0\
CHR - Extension: Instagram for Chrome = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\4.9.2_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.3_0\
CHR - Extension: Gmail = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012/08/17 07:48:50 | 000,443,169 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts:     127.0.0.1 activate.adobe.com
O1 - Hosts:     127.0.0.1 practivate.adobe.com
O1 - Hosts:     127.0.0.1 ereg.adobe.com
O1 - Hosts:     127.0.0.1 activate.wip3.adobe.com
O1 - Hosts:     127.0.0.1 wip3.adobe.com
O1 - Hosts:     127.0.0.1 3dns-3.adobe.com
O1 - Hosts:     127.0.0.1 3dns-2.adobe.com
O1 - Hosts:     127.0.0.1 adobe-dns.adobe.com
O1 - Hosts:     127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts:     127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts:     127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts:     127.0.0.1 activate-sea.adobe.com
O1 - Hosts:     127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts:     127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts:     127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 15224 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files (x86)\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (Dashlane BHO) - {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - C:\Users\Lorna\AppData\Roaming\Dashlane\ie\Dashlanei.dll (Dashlane)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (SBCONVERT Class) - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU4E\tbcore3.dll ()
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU4E\Grabber.dll (SpeedBit)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU4E\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU4E\tbcore3.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKCU..\Run: [Dashlane] C:\Users\Lorna\AppData\Roaming\Dashlane\Dashlane.exe ()
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O4 - Startup: C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lorna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: fellfromgrace.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{454243BE-109D-452A-96DD-5779CAC699AD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{454243BE-109D-452A-96DD-5779CAC699AD}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Value error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/04 11:06:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/04 11:04:44 | 001,033,335 | ---- | C] (Thisisu) -- C:\Users\Lorna\Desktop\JRT.exe
[2013/11/03 22:38:59 | 000,116,440 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2013/11/03 22:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/11/03 22:37:18 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/11/03 22:35:41 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Desktop\mbar
[2013/11/03 22:26:29 | 012,576,792 | ---- | C] (Malwarebytes Corp.) -- C:\Users\Lorna\Desktop\mbar-1.07.0.1007.exe
[2013/11/03 21:52:44 | 000,000,000 | ---D | C] -- C:\Users\Lorna\AppData\Local\VS Revo Group
[2013/11/03 21:52:29 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2013/11/03 21:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/11/03 21:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/11/03 21:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/11/03 21:51:04 | 010,031,224 | ---- | C] (VS Revo Group                                               ) -- C:\Users\Lorna\Desktop\RevoUninProSetup.exe
[2013/11/03 12:02:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lorna\Desktop\OTL.exe
[2013/11/03 11:58:56 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Lorna\Desktop\aswMBR.exe
[2013/10/29 10:54:07 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Lorna\Desktop\HijackThis.exe
[2013/10/27 10:52:51 | 000,000,000 | ---D | C] -- C:\Users\Lorna\AppData\Roaming\DesktopIconForAmazon
[2013/10/27 10:49:03 | 000,000,000 | ---D | C] -- C:\EEK
[2013/10/27 10:34:01 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Desktop\Old Firefox Data
[2013/10/25 18:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Nevercenter
[2013/10/25 17:58:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CameraBag 2
[2013/10/25 15:15:28 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\My Collages
[2013/10/24 21:26:29 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2013/10/24 21:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/10/24 16:43:58 | 000,000,000 | ---D | C] -- C:\3a3f13d26556370d06bc1f
[2013/10/24 16:20:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/10/22 11:33:01 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\word docs
[2013/10/22 11:32:20 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\pageplus stuff
[2013/10/22 11:31:21 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\robfossett
[2013/10/22 11:22:34 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\ie6 only
[2013/10/22 11:22:34 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\IE Kaleidoscope
[2013/10/22 11:22:21 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\Font Groups
[2013/10/22 11:22:21 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\flipphotos
[2013/10/22 11:22:20 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\files
[2013/10/22 11:18:40 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\data
[2013/10/22 11:18:36 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\com.nevercenter.camerabag2
[2013/10/22 11:15:43 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\Arcade Deluxe
[2013/10/22 11:15:43 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\application forms
[2013/10/22 11:15:43 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\Anvsoft
[2013/10/22 11:15:42 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\Amazon MP3
[2013/10/22 11:15:24 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\accounts excel
[2013/10/22 11:15:19 | 000,530,528 | ---- | C] (Yahoo! Inc.) -- C:\Users\Lorna\Documents\yahoo_installer.exe
[2013/10/22 11:15:12 | 002,500,664 | ---- | C] (CyberDefender Corp.) -- C:\Users\Lorna\Documents\toolbar_v2toolbarsite.exe
[2013/10/22 11:15:07 | 022,690,600 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Lorna\Documents\SkypeSetup.exe
[2013/10/22 11:14:59 | 018,649,560 | ---- | C] (eBay                                                        ) -- C:\Users\Lorna\Documents\setupUK.exe
[2013/10/22 11:14:57 | 006,798,200 | ---- | C] (Brajusta Publishing, Inc.                                   ) -- C:\Users\Lorna\Documents\setup.exe
[2013/10/22 11:14:31 | 005,911,719 | ---- | C] (Free-Software-Forever.com) -- C:\Users\Lorna\Documents\googlein24.exe
[2013/10/22 11:14:25 | 011,028,800 | ---- | C] (Flock) -- C:\Users\Lorna\Documents\flock-2.0b2.en-US.win32.exe
[2013/10/21 17:33:07 | 000,000,000 | ---D | C] -- C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
[2013/10/21 17:31:50 | 000,000,000 | ---D | C] -- C:\Users\Lorna\AppData\Roaming\Dashlane
[2013/10/20 14:20:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/10/19 12:33:25 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\DAZ 3D
[2013/10/19 12:24:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My DAZ 3D Library
[2013/10/19 12:18:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAZ 3D
[2013/10/19 12:03:05 | 000,000,000 | ---D | C] -- C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
[2013/10/19 12:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\DAZ 3D
[2013/10/19 12:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\DAZ 3D
[2013/10/19 10:26:16 | 000,057,096 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2009/08/22 08:44:20 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[1 C:\Users\Lorna\Documents\*.tmp files -> C:\Users\Lorna\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/04 15:13:03 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/11/04 15:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/04 14:34:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1062119836-663356838-3640058548-1001UA.job
[2013/11/04 14:34:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/04 13:42:21 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/04 13:42:21 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/04 13:34:37 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/11/04 13:34:32 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/04 13:34:05 | 000,000,436 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013/11/04 13:33:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/04 13:33:25 | 3217,235,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/04 11:34:05 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1062119836-663356838-3640058548-1001Core.job
[2013/11/04 11:04:37 | 001,033,335 | ---- | M] (Thisisu) -- C:\Users\Lorna\Desktop\JRT.exe
[2013/11/04 11:04:01 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\Paragon Archive name arc_080112231151836.job
[2013/11/03 22:38:59 | 000,116,440 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2013/11/03 22:37:18 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/11/03 22:26:49 | 012,576,792 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Lorna\Desktop\mbar-1.07.0.1007.exe
[2013/11/03 21:52:31 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/11/03 21:51:16 | 010,031,224 | ---- | M] (VS Revo Group                                               ) -- C:\Users\Lorna\Desktop\RevoUninProSetup.exe
[2013/11/03 16:10:37 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2013/11/03 16:10:37 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2013/11/03 12:02:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lorna\Desktop\OTL.exe
[2013/11/03 11:59:04 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Lorna\Desktop\aswMBR.exe
[2013/11/03 11:58:42 | 000,891,184 | ---- | M] () -- C:\Users\Lorna\Desktop\SecurityCheck.exe
[2013/11/01 18:27:47 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/10/30 18:33:49 | 576,721,544 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/10/29 10:54:05 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Lorna\Desktop\HijackThis.exe
[2013/10/29 10:10:58 | 000,797,238 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/29 10:10:58 | 000,677,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/29 10:10:58 | 000,130,846 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/27 15:49:48 | 000,002,145 | ---- | M] () -- C:\Users\Lorna\Desktop\avast! Free Antivirus 8.0.1489 Setup.lnk
[2013/10/27 14:46:41 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/27 10:55:07 | 000,002,370 | ---- | M] () -- C:\Users\Lorna\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/27 10:55:07 | 000,002,368 | ---- | M] () -- C:\Users\Lorna\Desktop\Google Chrome.lnk
[2013/10/27 10:52:52 | 000,001,482 | ---- | M] () -- C:\Users\Lorna\Desktop\Amazon.lnk
[2013/10/27 10:52:52 | 000,001,482 | ---- | M] () -- C:\Users\Lorna\Application Data\Microsoft\Internet Explorer\Quick Launch\Amazon.lnk
[2013/10/27 10:50:45 | 000,000,586 | ---- | M] () -- C:\Users\Lorna\Desktop\Emsisoft Emergency Kit.lnk
[2013/10/24 16:37:01 | 000,783,150 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/21 19:25:52 | 000,032,399 | ---- | M] () -- C:\Windows\Q-Dir.ini
[2013/10/21 19:21:24 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2013/10/21 17:33:07 | 000,002,019 | ---- | M] () -- C:\Users\Lorna\Desktop\Dashlane.lnk
[2013/10/20 18:59:46 | 000,002,087 | ---- | M] () -- C:\Users\Lorna\Desktop\DAZ 3D Install Manager 1.lnk
[2013/10/19 12:24:31 | 000,000,974 | ---- | M] () -- C:\Users\Lorna\Desktop\DAZ Studio 4.6 (64-bit).lnk
[2013/10/19 11:03:56 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/19 11:03:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/19 10:26:23 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2013/10/19 10:26:16 | 000,057,096 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2013/10/15 23:07:31 | 000,033,184 | ---- | M] () -- C:\Users\Lorna\Documents\cc_20131016_000724.reg
[1 C:\Users\Lorna\Documents\*.tmp files -> C:\Users\Lorna\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/11/03 21:52:31 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/11/03 11:58:44 | 000,891,184 | ---- | C] () -- C:\Users\Lorna\Desktop\SecurityCheck.exe
[2013/10/27 15:49:47 | 000,002,145 | ---- | C] () -- C:\Users\Lorna\Desktop\avast! Free Antivirus 8.0.1489 Setup.lnk
[2013/10/27 14:46:41 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/27 10:55:07 | 000,002,368 | ---- | C] () -- C:\Users\Lorna\Desktop\Google Chrome.lnk
[2013/10/27 10:52:52 | 000,001,482 | ---- | C] () -- C:\Users\Lorna\Desktop\Amazon.lnk
[2013/10/27 10:52:52 | 000,001,482 | ---- | C] () -- C:\Users\Lorna\Application Data\Microsoft\Internet Explorer\Quick Launch\Amazon.lnk
[2013/10/27 10:49:58 | 000,000,586 | ---- | C] () -- C:\Users\Lorna\Desktop\Emsisoft Emergency Kit.lnk
[2013/10/25 17:58:48 | 000,002,991 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CameraBag 2.lnk
[2013/10/22 11:15:20 | 005,505,155 | ---- | C] () -- C:\Users\Lorna\Documents\ZinioReader4.air
[2013/10/22 11:15:19 | 000,006,195 | ---- | C] () -- C:\Users\Lorna\Documents\xmas2012.html
[2013/10/22 11:15:18 | 007,919,073 | ---- | C] () -- C:\Users\Lorna\Documents\Weave-ItBkTwo.pdf
[2013/10/22 11:15:18 | 003,956,220 | ---- | C] (                                                            ) -- C:\Users\Lorna\Documents\webgobbler126_setup.exe
[2013/10/22 11:15:18 | 000,256,521 | ---- | C] () -- C:\Users\Lorna\Documents\Winged Pig Crochet Pattern - Flying Pigs Crochet Pattern.mht
[2013/10/22 11:15:18 | 000,111,060 | ---- | C] () -- C:\Users\Lorna\Documents\WM0270.pdf
[2013/10/22 11:15:18 | 000,032,159 | ---- | C] () -- C:\Users\Lorna\Documents\Welcome to.png
[2013/10/22 11:15:18 | 000,008,500 | ---- | C] () -- C:\Users\Lorna\Documents\wordchart1.pdf
[2013/10/22 11:15:17 | 008,679,978 | ---- | C] () -- C:\Users\Lorna\Documents\Weave-ItBkThree.pdf
[2013/10/22 11:15:16 | 000,786,846 | ---- | C] () -- C:\Users\Lorna\Documents\vintage_knitting_tips.pdf
[2013/10/22 11:15:14 | 007,850,491 | ---- | C] () -- C:\Users\Lorna\Documents\vichallflyerfinal.ppp
[2013/10/22 11:15:14 | 006,729,331 | ---- | C] () -- C:\Users\Lorna\Documents\vertigo-source.png
[2013/10/22 11:15:14 | 000,145,212 | ---- | C] () -- C:\Users\Lorna\Documents\vertigo-logo-source.png
[2013/10/22 11:15:13 | 001,323,805 | ---- | C] () -- C:\Users\Lorna\Documents\tyroknit.pdf
[2013/10/22 11:15:13 | 000,852,185 | ---- | C] () -- C:\Users\Lorna\Documents\vertigo-footer-source.png
[2013/10/22 11:15:13 | 000,086,999 | ---- | C] () -- C:\Users\Lorna\Documents\Untitled-2.ai
[2013/10/22 11:15:13 | 000,006,219 | ---- | C] () -- C:\Users\Lorna\Documents\Untitled.htm
[2013/10/22 11:15:13 | 000,000,652 | ---- | C] () -- C:\Users\Lorna\Documents\Untitled-1.ai
[2013/10/22 11:15:11 | 007,070,390 | ---- | C] () -- C:\Users\Lorna\Documents\TheWeave-ItBook.pdf
[2013/10/22 11:15:11 | 000,000,163 | ---- | C] () -- C:\Users\Lorna\Documents\timesheet_20090216.csv
[2013/10/22 11:15:10 | 002,809,683 | ---- | C] () -- C:\Users\Lorna\Documents\testpdf.PDF
[2013/10/22 11:15:10 | 000,080,482 | ---- | C] () -- C:\Users\Lorna\Documents\tgest.xps
[2013/10/22 11:15:10 | 000,000,096 | ---- | C] () -- C:\Users\Lorna\Documents\test.key.prepare
[2013/10/22 11:15:09 | 003,761,664 | ---- | C] () -- C:\Users\Lorna\Documents\test.exe
[2013/10/22 11:15:09 | 000,001,207 | ---- | C] () -- C:\Users\Lorna\Documents\test.ebp
[2013/10/22 11:15:09 | 000,000,096 | ---- | C] () -- C:\Users\Lorna\Documents\test.key
[2013/10/22 11:15:08 | 001,690,966 | ---- | C] () -- C:\Users\Lorna\Documents\surveys.pdf
[2013/10/22 11:15:08 | 000,650,583 | ---- | C] () -- C:\Users\Lorna\Documents\TechniqueColoredPencil.pdf
[2013/10/22 11:15:08 | 000,557,191 | ---- | C] () -- C:\Users\Lorna\Documents\stitchy.pdf
[2013/10/22 11:15:08 | 000,364,234 | ---- | C] () -- C:\Users\Lorna\Documents\steampunkflier.png
[2013/10/22 11:15:08 | 000,329,320 | ---- | C] () -- C:\Users\Lorna\Documents\steamunkflier2.png
[2013/10/22 11:15:08 | 000,056,028 | ---- | C] () -- C:\Users\Lorna\Documents\sv_028.jpg
[2013/10/22 11:15:08 | 000,025,574 | ---- | C] () -- C:\Users\Lorna\Documents\swfobject.js
[2013/10/22 11:15:08 | 000,015,263 | ---- | C] () -- C:\Users\Lorna\Documents\steamstam tables.svg
[2013/10/22 11:15:08 | 000,011,906 | ---- | C] () -- C:\Users\Lorna\Documents\steamstam tables.pdf
[2013/10/22 11:15:07 | 003,144,125 | ---- | C] () -- C:\Users\Lorna\Documents\Spool221.pdf
[2013/10/22 11:15:07 | 002,196,497 | ---- | C] () -- C:\Users\Lorna\Documents\steampunk-bug.pdf
[2013/10/22 11:15:07 | 000,060,235 | ---- | C] () -- C:\Users\Lorna\Documents\stamford-artisans-guild-logo.jpg
[2013/10/22 11:15:07 | 000,009,469 | ---- | C] () -- C:\Users\Lorna\Documents\star_template.pdf
[2013/10/22 11:15:00 | 011,973,628 | ---- | C] () -- C:\Users\Lorna\Documents\showcase-source.png
[2013/10/22 11:15:00 | 000,055,038 | ---- | C] () -- C:\Users\Lorna\Documents\shkdd10.zip
[2013/10/22 11:14:56 | 000,103,326 | ---- | C] () -- C:\Users\Lorna\Documents\Sea%20Breeze%20Angelina%20instructions.pdf
[2013/10/22 11:14:56 | 000,034,959 | ---- | C] () -- C:\Users\Lorna\Documents\SEASCAPEPEYOTE.png
[2013/10/22 11:14:56 | 000,029,223 | ---- | C] () -- C:\Users\Lorna\Documents\SEASCAPELOOM.png
[2013/10/22 11:14:55 | 001,769,648 | ---- | C] () -- C:\Users\Lorna\Documents\saSetup.exe
[2013/10/22 11:14:54 | 001,252,686 | ---- | C] () -- C:\Users\Lorna\Documents\SAGEBACK010508.002
[2013/10/22 11:14:53 | 001,651,183 | ---- | C] () -- C:\Users\Lorna\Documents\rt_infuse_j15.tgz
[2013/10/22 11:14:53 | 001,561,078 | ---- | C] () -- C:\Users\Lorna\Documents\rt_vertigo_j15.tgz
[2013/10/22 11:14:52 | 001,190,402 | ---- | C] () -- C:\Users\Lorna\Documents\rt_affinity_j15.tgz
[2013/10/22 11:14:52 | 000,193,534 | ---- | C] () -- C:\Users\Lorna\Documents\replicant2-source.png
[2013/10/22 11:14:52 | 000,142,251 | ---- | C] () -- C:\Users\Lorna\Documents\Render 1.png
[2013/10/22 11:14:52 | 000,007,834 | ---- | C] () -- C:\Users\Lorna\Documents\rabbit2.png
[2013/10/22 11:14:51 | 000,114,202 | ---- | C] () -- C:\Users\Lorna\Documents\phtos unusul.nri
[2013/10/22 11:14:51 | 000,042,836 | ---- | C] () -- C:\Users\Lorna\Documents\PIXL_E.zip
[2013/10/22 11:14:51 | 000,014,915 | ---- | C] () -- C:\Users\Lorna\Documents\pic for payperhour.gif
[2013/10/22 11:14:50 | 006,213,246 | ---- | C] () -- C:\Users\Lorna\Documents\Photo Album.wmv
[2013/10/22 11:14:50 | 000,043,319 | ---- | C] () -- C:\Users\Lorna\Documents\penguin peyote.png
[2013/10/22 11:14:50 | 000,035,309 | ---- | C] () -- C:\Users\Lorna\Documents\penguin loom.png
[2013/10/22 11:14:50 | 000,026,816 | ---- | C] () -- C:\Users\Lorna\Documents\pdftedst.pdf
[2013/10/22 11:14:50 | 000,000,257 | R--- | C] () -- C:\Users\Lorna\Documents\PC Support.url
[2013/10/22 11:14:50 | 000,000,000 | ---- | C] () -- C:\Users\Lorna\Documents\PDFVistaPort
[2013/10/22 11:14:49 | 007,364,137 | ---- | C] () -- C:\Users\Lorna\Documents\orwell145b.exe
[2013/10/22 11:14:49 | 000,083,305 | ---- | C] () -- C:\Users\Lorna\Documents\paper doll maryjane.jpg
[2013/10/22 11:14:49 | 000,075,404 | R--- | C] () -- C:\Users\Lorna\Documents\Order-10527301-Docs-090326maggi.pdf
[2013/10/22 11:14:48 | 000,195,703 | R--- | C] () -- C:\Users\Lorna\Documents\Omotchama.rar
[2013/10/22 11:14:48 | 000,074,773 | R--- | C] () -- C:\Users\Lorna\Documents\Order-10520030-Docs-120335 Katrina .pdf
[2013/10/22 11:14:48 | 000,042,943 | ---- | C] () -- C:\Users\Lorna\Documents\oldtimeladypeyote.png
[2013/10/22 11:14:48 | 000,035,888 | ---- | C] () -- C:\Users\Lorna\Documents\oldtimeladyloom.png
[2013/10/22 11:14:46 | 058,615,296 | ---- | C] () -- C:\Users\Lorna\Documents\NOF-Essentials.exe
[2013/10/22 11:14:46 | 000,139,356 | ---- | C] () -- C:\Users\Lorna\Documents\NLP.zip
[2013/10/22 11:14:45 | 000,699,591 | ---- | C] () -- C:\Users\Lorna\Documents\Mysnowflakes.rtf
[2013/10/22 11:14:45 | 000,694,574 | ---- | C] () -- C:\Users\Lorna\Documents\nettie.png
[2013/10/22 11:14:45 | 000,351,585 | ---- | C] () -- C:\Users\Lorna\Documents\Mysnowflakes.pdf
[2013/10/22 11:14:45 | 000,187,007 | ---- | C] () -- C:\Users\Lorna\Documents\mysignature.png
[2013/10/22 11:14:45 | 000,161,621 | ---- | C] () -- C:\Users\Lorna\Documents\mywatchmanual.pdf
[2013/10/22 11:14:45 | 000,037,445 | ---- | C] () -- C:\Users\Lorna\Documents\MyMicroBalance2006.mmb
[2013/10/22 11:14:45 | 000,037,426 | ---- | C] () -- C:\Users\Lorna\Documents\MyMicroBalance2006.mmb.backup2
[2013/10/22 11:14:45 | 000,030,600 | ---- | C] () -- C:\Users\Lorna\Documents\MyMicroBalance2006.mmb.backup1
[2013/10/22 11:14:45 | 000,028,283 | ---- | C] () -- C:\Users\Lorna\Documents\MyMicroBalance2007.mmb
[2013/10/22 11:14:45 | 000,000,559 | ---- | C] () -- C:\Users\Lorna\Documents\My Sharing Folders.lnk
[2013/10/22 11:14:44 | 007,268,458 | ---- | C] () -- C:\Users\Lorna\Documents\Migrated Documents Report.csv
[2013/10/22 11:14:44 | 000,062,535 | ---- | C] () -- C:\Users\Lorna\Documents\modules-source.png
[2013/10/22 11:14:44 | 000,041,462 | ---- | C] () -- C:\Users\Lorna\Documents\Microsoft Word - r conboy webvert march 08.pdf
[2013/10/22 11:14:43 | 020,029,198 | ---- | C] () -- C:\Users\Lorna\Documents\Merry Christmas2.wmv
[2013/10/22 11:14:42 | 012,845,162 | ---- | C] () -- C:\Users\Lorna\Documents\Merry Christmas.wmv
[2013/10/22 11:14:42 | 000,182,928 | ---- | C] () -- C:\Users\Lorna\Documents\Making Wool Felt Booties.mht
[2013/10/22 11:14:42 | 000,140,974 | ---- | C] () -- C:\Users\Lorna\Documents\magicbutton.zip
[2013/10/22 11:14:42 | 000,103,521 | ---- | C] () -- C:\Users\Lorna\Documents\lv pl airInsurancePdf_2012.pdf
[2013/10/22 11:14:42 | 000,054,102 | ---- | C] () -- C:\Users\Lorna\Documents\menu-dropdown-source.png
[2013/10/22 11:14:42 | 000,023,034 | ---- | C] () -- C:\Users\Lorna\Documents\lv signature.png
[2013/10/22 11:14:40 | 002,171,605 | ---- | C] () -- C:\Users\Lorna\Documents\LoaderBackup-(2012-07-13)-3.bbb
[2013/10/22 11:14:40 | 002,169,420 | ---- | C] () -- C:\Users\Lorna\Documents\LoaderBackup-(2012-07-13)-2.bbb
[2013/10/22 11:14:40 | 002,169,411 | ---- | C] () -- C:\Users\Lorna\Documents\LoaderBackup-(2012-07-13).bbb
[2013/10/22 11:14:40 | 000,010,826 | ---- | C] () -- C:\Users\Lorna\Documents\logo.png
[2013/10/22 11:14:40 | 000,006,433 | ---- | C] () -- C:\Users\Lorna\Documents\logo1.gif
[2013/10/22 11:14:40 | 000,005,437 | ---- | C] () -- C:\Users\Lorna\Documents\logo-alt.png
[2013/10/22 11:14:40 | 000,000,681 | ---- | C] () -- C:\Users\Lorna\Documents\Lorna - Shortcut.lnk
[2013/10/22 11:14:39 | 007,108,414 | ---- | C] () -- C:\Users\Lorna\Documents\lasvegas.craft
[2013/10/22 11:14:39 | 002,169,408 | ---- | C] () -- C:\Users\Lorna\Documents\LoaderBackup-(2012-07-13)-1.bbb
[2013/10/22 11:14:39 | 002,125,788 | ---- | C] () -- C:\Users\Lorna\Documents\len and nell page 11 i think cmyk.pdf
[2013/10/22 11:14:39 | 000,202,368 | ---- | C] () -- C:\Users\Lorna\Documents\LayoutTool - Legacy.pdf
[2013/10/22 11:14:39 | 000,024,551 | ---- | C] () -- C:\Users\Lorna\Documents\lasvegaslv.jpg
[2013/10/22 11:14:38 | 010,469,136 | ---- | C] () -- C:\Users\Lorna\Documents\largexmas2011.craft
[2013/10/22 11:14:38 | 004,280,249 | ---- | C] () -- C:\Users\Lorna\Documents\joomla_15_quickstart.pdf
[2013/10/22 11:14:38 | 000,489,432 | ---- | C] () -- C:\Users\Lorna\Documents\IS SHAKESPEARE DEAD.pdf
[2013/10/22 11:14:38 | 000,122,285 | ---- | C] () -- C:\Users\Lorna\Documents\jemjoker.png
[2013/10/22 11:14:38 | 000,025,102 | ---- | C] () -- C:\Users\Lorna\Documents\JumpingJacks.pdf
[2013/10/22 11:14:38 | 000,011,379 | ---- | C] () -- C:\Users\Lorna\Documents\JumpingJacks(1).pdf
[2013/10/22 11:14:36 | 001,755,757 | ---- | C] () -- C:\Users\Lorna\Documents\Inside Front Cover.pdf
[2013/10/22 11:14:36 | 000,271,884 | ---- | C] () -- C:\Users\Lorna\Documents\invite square copy.jpg
[2013/10/22 11:14:36 | 000,083,274 | ---- | C] () -- C:\Users\Lorna\Documents\install_7-zip_.exe
[2013/10/22 11:14:35 | 002,019,964 | ---- | C] () -- C:\Users\Lorna\Documents\inside back cover cmyk.pdf
[2013/10/22 11:14:35 | 000,804,036 | ---- | C] () -- C:\Users\Lorna\Documents\Image3.psp
[2013/10/22 11:14:34 | 038,197,265 | ---- | C] () -- C:\Users\Lorna\Documents\hhswholething.pdf
[2013/10/22 11:14:34 | 001,669,393 | ---- | C] () -- C:\Users\Lorna\Documents\High-Raw-Kevin-Gianni.pdf
[2013/10/22 11:14:34 | 000,001,361 | ---- | C] () -- C:\Users\Lorna\Documents\hosts
[2013/10/22 11:14:31 | 000,513,317 | ---- | C] () -- C:\Users\Lorna\Documents\heartsnflowerspng.png
[2013/10/22 11:14:31 | 000,186,339 | ---- | C] () -- C:\Users\Lorna\Documents\Hearts.pdf
[2013/10/22 11:14:31 | 000,121,673 | ---- | C] () -- C:\Users\Lorna\Documents\HEARTSfinal layout.pdf
[2013/10/22 11:14:31 | 000,020,769 | ---- | C] () -- C:\Users\Lorna\Documents\Heart_templates.pdf
[2013/10/22 11:14:28 | 000,695,282 | ---- | C] () -- C:\Users\Lorna\Documents\GoogleAdwordsProduct.zip
[2013/10/22 11:14:28 | 000,324,804 | ---- | C] () -- C:\Users\Lorna\Documents\front cover cmyk.pdf
[2013/10/22 11:14:28 | 000,045,708 | ---- | C] () -- C:\Users\Lorna\Documents\girl1lpey.png
[2013/10/22 11:14:28 | 000,037,505 | ---- | C] () -- C:\Users\Lorna\Documents\girl1loom.png
[2013/10/22 11:14:28 | 000,002,390 | ---- | C] () -- C:\Users\Lorna\Documents\glutole.hottnote
[2013/10/22 11:14:27 | 015,425,536 | ---- | C] () -- C:\Users\Lorna\Documents\From the time I was a little girl.pps
[2013/10/22 11:14:25 | 001,313,030 | ---- | C] () -- C:\Users\Lorna\Documents\flowersp.bmp
[2013/10/22 11:14:25 | 000,202,368 | ---- | C] () -- C:\Users\Lorna\Documents\flower.pdf
[2013/10/22 11:14:25 | 000,201,436 | ---- | C] () -- C:\Users\Lorna\Documents\floral1peyote1.pdf
[2013/10/22 11:14:25 | 000,196,909 | ---- | C] () -- C:\Users\Lorna\Documents\flower1
[2013/10/22 11:14:25 | 000,113,685 | ---- | C] () -- C:\Users\Lorna\Documents\fox2crop.JPG
[2013/10/22 11:14:25 | 000,104,770 | ---- | C] () -- C:\Users\Lorna\Documents\floralpeyote v2.pdf
[2013/10/22 11:14:25 | 000,100,773 | ---- | C] () -- C:\Users\Lorna\Documents\floral1 peyote1.pdf
[2013/10/22 11:14:25 | 000,100,692 | ---- | C] () -- C:\Users\Lorna\Documents\floral1.pdf
[2013/10/22 11:14:25 | 000,009,948 | ---- | C] () -- C:\Users\Lorna\Documents\flower_template.pdf
[2013/10/22 11:14:24 | 000,215,381 | ---- | C] () -- C:\Users\Lorna\Documents\FlipBook3DMain.swf
[2013/10/22 11:14:24 | 000,138,468 | ---- | C] () -- C:\Users\Lorna\Documents\farm1a.JPG
[2013/10/22 11:14:23 | 000,089,180 | ---- | C] () -- C:\Users\Lorna\Documents\Fact Find 2 TESTGeneral.pdf
[2013/10/22 11:14:23 | 000,068,240 | ---- | C] () -- C:\Users\Lorna\Documents\Fact Find 2test1l.pdf
[2013/10/22 11:14:22 | 004,868,248 | ---- | C] () -- C:\Users\Lorna\Documents\ETSToysA.pdf
[2013/10/22 11:14:22 | 002,717,291 | ---- | C] () -- C:\Users\Lorna\Documents\ETSToysB.pdf
[2013/10/22 11:14:22 | 000,606,891 | ---- | C] () -- C:\Users\Lorna\Documents\Elfic_doll.pdf
[2013/10/22 11:14:22 | 000,334,132 | ---- | C] () -- C:\Users\Lorna\Documents\Etsy  sylver  Sylver Designs.mht
[2013/10/22 11:14:21 | 000,925,138 | ---- | C] () -- C:\Users\Lorna\Documents\edge.xps
[2013/10/22 11:14:21 | 000,112,236 | ---- | C] () -- C:\Users\Lorna\Documents\DVLA Vehicle Licensing Online  Apply for a tax disc NOW.mht
[2013/10/22 11:14:21 | 000,034,652 | ---- | C] () -- C:\Users\Lorna\Documents\earlylady1peyote.png
[2013/10/22 11:14:21 | 000,029,265 | ---- | C] () -- C:\Users\Lorna\Documents\earlylady1loom.png
[2013/10/22 11:14:21 | 000,016,137 | ---- | C] () -- C:\Users\Lorna\Documents\decoladypeyote.png
[2013/10/22 11:14:21 | 000,013,977 | ---- | C] () -- C:\Users\Lorna\Documents\decoladyloom.png
[2013/10/22 11:14:21 | 000,013,396 | ---- | C] () -- C:\Users\Lorna\Documents\dvlalicenceapp.pdf
[2013/10/22 11:14:21 | 000,002,322 | ---- | C] () -- C:\Users\Lorna\Documents\Document2.wpd
[2013/10/22 11:14:20 | 004,017,882 | ---- | C] () -- C:\Users\Lorna\Documents\CTMJanFeb08 FINAL.pdf
[2013/10/22 11:14:20 | 000,002,859 | ---- | C] () -- C:\Users\Lorna\Documents\dddd.csv
[2013/10/22 11:14:19 | 000,023,005 | ---- | C] () -- C:\Users\Lorna\Documents\CTFEB07CrochetFroggyHatCheerioEssentials.pdf
[2013/10/22 11:14:18 | 000,292,350 | ---- | C] () -- C:\Users\Lorna\Documents\Crocheted Frog Treasure Pocket.mht
[2013/10/22 11:14:17 | 000,166,321 | ---- | C] () -- C:\Users\Lorna\Documents\copyrightnotice.pdf
[2013/10/22 11:14:16 | 003,559,424 | ---- | C] () -- C:\Users\Lorna\Documents\Charitable contributions.accdb
[2013/10/22 11:14:14 | 043,144,704 | ---- | C] () -- C:\Users\Lorna\Documents\CGSX3SP2.msp
[2013/10/22 11:14:14 | 029,478,912 | ---- | C] () -- C:\Users\Lorna\Documents\CGSX3SP1.msp
[2013/10/22 11:14:07 | 001,107,100 | ---- | C] () -- C:\Users\Lorna\Documents\CD30 BUTTERFLY KINETIC SWING CA.svg
[2013/10/22 11:14:06 | 000,480,086 | ---- | C] () -- C:\Users\Lorna\Documents\Card07.pdf
[2013/10/22 11:14:06 | 000,319,332 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20130614_200931.reg
[2013/10/22 11:14:06 | 000,101,094 | ---- | C] () -- C:\Users\Lorna\Documents\CD30 BUTTERFLY KINETIC SWING CA.pdf
[2013/10/22 11:14:06 | 000,094,760 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20130717_222003.reg
[2013/10/22 11:14:06 | 000,062,746 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20130614_202503.reg
[2013/10/22 11:14:06 | 000,050,750 | ---- | C] () -- C:\Users\Lorna\Documents\cctreescrop.JPG
[2013/10/22 11:14:06 | 000,033,184 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20131016_000724.reg
[2013/10/22 11:14:06 | 000,030,030 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20111214_181813.reg
[2013/10/22 11:14:06 | 000,018,942 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20130902_153501.reg
[2013/10/22 11:14:06 | 000,007,302 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20120108_154432.reg
[2013/10/22 11:14:06 | 000,005,750 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20130614_203430.reg
[2013/10/22 11:14:05 | 001,998,134 | ---- | C] () -- C:\Users\Lorna\Documents\broadsheetsteampunk.pdf
[2013/10/22 11:14:05 | 000,467,168 | ---- | C] () -- C:\Users\Lorna\Documents\Card06.pdf
[2013/10/22 11:14:05 | 000,315,773 | ---- | C] () -- C:\Users\Lorna\Documents\Card04.pdf
[2013/10/22 11:14:05 | 000,138,078 | ---- | C] () -- C:\Users\Lorna\Documents\bookmarks_10_02_2012.html
[2013/10/22 11:14:05 | 000,100,676 | ---- | C] () -- C:\Users\Lorna\Documents\Bulk_Certificate_Posting_Signature.pdf
[2013/10/22 11:14:05 | 000,036,419 | ---- | C] () -- C:\Users\Lorna\Documents\calendar_organizer_months.pdf
[2013/10/22 11:14:05 | 000,036,385 | ---- | C] () -- C:\Users\Lorna\Documents\Bulk_Certificate_Posting_Standard.pdf
[2013/10/22 11:14:04 | 011,721,211 | ---- | C] () -- C:\Users\Lorna\Documents\bigbadges.craft
[2013/10/22 11:14:04 | 001,581,606 | ---- | C] () -- C:\Users\Lorna\Documents\Bookkeeping
[2013/10/22 11:14:03 | 002,807,643 | ---- | C] () -- C:\Users\Lorna\Documents\BABYmocsBtys.pdf
[2013/10/22 11:14:03 | 000,305,408 | ---- | C] () -- C:\Users\Lorna\Documents\banner.png
[2013/10/22 11:14:02 | 010,676,572 | ---- | C] () -- C:\Users\Lorna\Documents\auctamerpro.exe
[2013/10/22 11:14:02 | 000,161,621 | ---- | C] () -- C:\Users\Lorna\Documents\B023_ebook.pdf
[2013/10/22 11:14:01 | 010,676,572 | ---- | C] () -- C:\Users\Lorna\Documents\auctamerpro(1).exe
[2013/10/22 11:14:00 | 002,355,200 | ---- | C] () -- C:\Users\Lorna\Documents\amclassical_silent_night.mp3
[2013/10/22 11:14:00 | 000,511,137 | ---- | C] () -- C:\Users\Lorna\Documents\AmazonDealProduct.zip
[2013/10/22 11:13:59 | 004,844,131 | R--- | C] () -- C:\Users\Lorna\Documents\Alien_Blaster_PePaKuRa_File_by_billybob884.rar
[2013/10/22 11:13:59 | 003,533,600 | ---- | C] () -- C:\Users\Lorna\Documents\alice1.ppp
[2013/10/22 11:13:59 | 001,231,224 | ---- | C] () -- C:\Users\Lorna\Documents\agendusstd_ota_en.prc
[2013/10/22 11:13:59 | 000,161,278 | ---- | C] () -- C:\Users\Lorna\Documents\aglaciercrop.JPG
[2013/10/22 11:13:59 | 000,109,943 | ---- | C] () -- C:\Users\Lorna\Documents\alicewivbaby.jpg
[2013/10/22 11:13:59 | 000,059,844 | ---- | C] () -- C:\Users\Lorna\Documents\Absolut_Pro_Bold.otf
[2013/10/22 11:13:59 | 000,000,406 | ---- | C] () -- C:\Users\Lorna\Documents\348059.vcf
[2013/10/22 11:13:59 | 000,000,081 | ---- | C] () -- C:\Users\Lorna\Documents\1Click.cfg
[2013/10/22 11:13:58 | 004,485,072 | ---- | C] () -- C:\Users\Lorna\Documents\1940sxmas2.craft
[2013/10/22 11:13:58 | 000,000,364 | ---- | C] () -- C:\Users\Lorna\Documents\08-10-30.sv
[2013/10/21 19:21:23 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2013/10/21 17:33:07 | 000,002,019 | ---- | C] () -- C:\Users\Lorna\Desktop\Dashlane.lnk
[2013/10/20 18:59:46 | 000,002,087 | ---- | C] () -- C:\Users\Lorna\Desktop\DAZ 3D Install Manager 1.lnk
[2013/10/19 12:24:31 | 000,000,974 | ---- | C] () -- C:\Users\Lorna\Desktop\DAZ Studio 4.6 (64-bit).lnk
[2012/05/24 20:24:55 | 000,001,269 | ---- | C] () -- C:\Users\Lorna\.recently-used.xbel
[2012/05/08 18:29:44 | 000,000,132 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2012/03/19 00:24:05 | 000,006,168 | ---- | C] () -- C:\Users\Lorna\AppData\Local\recently-used.xbel
[2012/03/07 20:12:53 | 000,035,328 | ---- | C] () -- C:\Windows\INETWH32.DLL
[2012/03/07 20:12:53 | 000,009,136 | ---- | C] () -- C:\Windows\INETWH16.DLL
[2012/03/07 20:12:53 | 000,004,528 | ---- | C] () -- C:\Windows\SETBROWS.EXE
[2012/03/07 20:06:35 | 000,044,544 | ---- | C] () -- C:\Windows\AWuninstall.exe
[2012/03/04 15:54:23 | 000,002,800 | ---- | C] () -- C:\Users\Lorna\2px-80percentransparencyblack.png
[2012/02/27 21:48:53 | 000,111,661 | ---- | C] () -- C:\Users\Lorna\Image2.jpg
[2012/02/26 17:49:45 | 000,000,084 | ---- | C] () -- C:\Users\Lorna\pathinfo.php
[2012/02/15 14:23:05 | 000,000,092 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2012/02/15 14:18:01 | 000,212,233 | ---- | C] () -- C:\Windows\Photo Pos Pro Uninstaller.exe.bak
[2012/02/12 20:44:55 | 000,172,032 | ---- | C] () -- C:\Users\Lorna\abrViewer.NET.exe
[2012/01/08 15:21:55 | 000,004,800 | ---- | C] () -- C:\ProgramData\NTIRegistry.REG
[2011/12/23 23:32:32 | 000,000,989 | ---- | C] () -- C:\Windows\wininit.ini
[2011/11/21 18:44:45 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/11/21 18:44:45 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/11/05 17:12:38 | 000,543,531 | ---- | C] () -- C:\Users\Lorna\New document 1.2011_11_05_17_12_38.0.svg
[2011/06/22 08:08:33 | 000,000,000 | ---- | C] () -- C:\Users\Lorna\AppData\Local\{5975D6E1-F7BB-4A5D-AD55-1634EB9C6B35}
[2011/06/13 15:12:39 | 000,000,000 | ---- | C] () -- C:\Users\Lorna\AppData\Local\{0DBB6458-1470-4D4F-9753-7EAB03AE0100}
[2011/03/04 12:56:48 | 000,040,907 | ---- | C] () -- C:\Users\Lorna\kitty_headbang.gif
[2011/01/14 22:53:58 | 000,000,132 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/12/19 23:48:49 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/04 21:58:22 | 000,000,837 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\FrameFun.ini
[2010/10/03 16:26:15 | 000,001,456 | ---- | C] () -- C:\Users\Lorna\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/10/03 10:44:53 | 000,006,144 | ---- | C] () -- C:\Users\Lorna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/01 20:42:00 | 000,000,036 | ---- | C] () -- C:\Users\Lorna\AppData\Local\housecall.guid.cache
[2010/09/22 08:57:37 | 000,033,134 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\UserTile.png
[2010/09/13 08:10:50 | 000,149,504 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\SharedSettings.ccs
[2010/08/27 16:51:33 | 000,000,132 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/08/17 11:14:46 | 002,064,206 | ---- | C] () -- C:\Users\Lorna\vichallflyerfinal.pdf
[2010/06/30 16:48:41 | 000,004,943 | ---- | C] () -- C:\ProgramData\pyknfeyt.slj
[2010/06/21 08:25:44 | 000,000,104 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\wklnhst.dat
[2010/05/10 08:55:47 | 000,135,441 | ---- | C] () -- C:\Program Files\VH1946-09.jpg
[2008/01/18 21:23:30 | 000,031,766 | ---- | C] () -- C:\Users\Lorna\20067.tdb
[2008/01/18 21:22:33 | 000,000,407 | ---- | C] () -- C:\Users\Lorna\tbook.properties
 
========== ZeroAccess Check ==========
 
[2009/08/19 09:40:19 | 000,054,458 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1062119836-663356838-3640058548-1001\$R819B5X\My Downloaded Artwork\Metallic Alphabet\L.png
[2009/08/19 09:40:42 | 000,077,456 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1062119836-663356838-3640058548-1001\$R819B5X\My Downloaded Artwork\Metallic Alphabet\N.png
[2009/08/19 09:42:00 | 000,069,609 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1062119836-663356838-3640058548-1001\$R819B5X\My Downloaded Artwork\Metallic Alphabet\U.png
[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 09:59:19 | 014,164,480 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 09:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/02/10 12:09:24 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Avant Downloader
[2012/04/02 13:09:02 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Azureus
[2012/04/02 13:09:02 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\BeadTool
[2012/08/15 20:17:46 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Canon
[2010/07/23 20:43:03 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/02 13:08:04 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Chrysanth
[2010/09/15 20:26:58 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\CoffeeCup Software
[2010/07/27 15:55:43 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/05/10 16:24:20 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Craftwell Inc
[2012/04/02 13:08:05 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\CTdeveloping
[2010/06/18 21:52:46 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\CustomBrushesMini
[2013/10/25 21:57:50 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Dashlane
[2013/10/19 12:33:25 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\DAZ 3D
[2013/10/27 10:52:52 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\DesktopIconForAmazon
[2010/08/11 09:06:07 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\DeviceDoctorSoftware
[2013/11/04 13:36:56 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Dropbox
[2012/05/10 17:06:29 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\eCraftShop Pro
[2012/03/28 20:37:07 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\ExpressFiles
[2010/08/30 19:35:45 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Filter Forge Freepack 3 - Frames
[2012/04/02 13:09:03 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\gtk-2.0
[2011/01/21 23:19:58 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\inkscape
[2011/09/15 15:10:27 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Kaleider
[2012/03/19 20:29:22 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\LumaPix
[2012/04/02 13:09:04 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Maxthon2
[2012/05/02 18:03:16 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\NexusFont
[2010/06/07 01:01:05 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Nuance
[2012/04/05 16:02:11 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\onOne Software
[2012/04/02 13:08:22 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Opera
[2010/09/07 10:00:26 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\PC Suite
[2010/09/22 08:57:36 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\PeerNetworking
[2010/07/19 11:06:22 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\PhotoEchoes
[2012/04/02 13:08:22 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Poser Debut
[2012/04/02 13:09:05 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\PowerCinema
[2012/04/02 13:09:05 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Q-Dir
[2012/04/02 13:08:37 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Serif
[2012/04/02 13:09:06 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\SoftDMA
[2011/09/14 15:34:38 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\SPE
[2010/07/27 20:43:06 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/06/21 08:25:51 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Template
[2012/04/02 13:08:39 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Trusteer
[2012/05/04 20:52:46 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\XnView
[2012/03/30 17:03:32 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Yandex
[2012/04/02 13:08:40 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Zeon
[2011/11/03 10:59:55 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\wordchart1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\WM0270.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Weave-ItBkTwo.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Weave-ItBkThree.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\vintage_knitting_tips.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\vintage_knitting_tips.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\vertigo-source.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\vertigo-logo-source.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\vertigo-footer-source.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Valsaddress.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\tyroknit.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\TheWeave-ItBook.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\testpdf.PDF:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\TechniqueColoredPencil.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\sv_028.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\surveys.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\stitchy.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\steampunk-bug.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\star_template.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\stamford-artisans-guild-logo.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Spool221.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\showcase-source.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Sea%20Breeze%20Angelina%20instructions.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\SAGE INVOICES.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\replicant2-source.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\PRESS RELEASEoldword.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\press release vic hall lorna.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\pic for payperhour.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\pdftedst.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\paper doll maryjane.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\office10beta.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\OFFICE PROFESSIONAL KEY.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\mywatchmanual.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Mysnowflakes.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Mysnowflakes.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Microsoft Word - r conboy webvert march 08.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\m names.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\linked in us search.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\len and nell page 11 i think cmyk.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\LayoutTool - Legacy.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\JumpingJacks.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\JumpingJacks(1).pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\joomla_15_quickstart.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\jemjoker.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\jemcvnewtxtonly.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\jem cv.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\jem cv new.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\jem coverletterbarclays.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\IS SHAKESPEARE DEAD.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\invite square copy.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Inside Front Cover.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\inside back cover cmyk.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\High-Raw-Kevin-Gianni.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\hhswholething.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\heartsnflowerspng.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\HEARTSfinal layout2up.docx.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\HEARTSfinal layout.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Hearts.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Heart_templates.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\googlebase-ezlibris-200806231005.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\googlebase-ezlibris-200806230956.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\front cover cmyk.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\From the time I was a little girl.pps:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\fox2crop.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\flowersp.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\flower_template.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\flower.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\floralpeyote v2.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\floral1peyote1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\floral1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\floral1 peyote1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\farm1a.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\ETSToysB.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\ETSToysA.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Elfic_doll.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\dvlalicenceapp.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\CTMJanFeb08 FINAL.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\CTFEB07CrochetFroggyHatCheerioEssentials.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\cs5serial.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\COURIER.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\CorelDRAW Graphics Suite X3.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\copyrightnotice.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\copyrightnotice.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\cctreescrop.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\cash_book_pro_v2.0.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Card07.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Card06.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Card04.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\calendar_organizer_months.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\broadsheetsteampunk.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\BABYmocsBtys.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\B023_ebook.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\amclassical_silent_night.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\alicewivbaby.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\aglaciercrop.JPG:Roxio EMC Stream
@Alternate Data Stream - 452 bytes -> C:\Users\Lorna\Documents\vichallflyerfinal.ppp:SummaryInformation
@Alternate Data Stream - 436 bytes -> C:\xcards.ppp:SummaryInformation
@Alternate Data Stream - 432 bytes -> C:\Users\Lorna\Documents\alice1.ppp:SummaryInformation
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:BC3DB898
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:2B11E0DF

< End of report >

 


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users