Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91603 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

pc slows down to crawling pace [Solved]


  • This topic is locked This topic is locked
92 replies to this topic

#16 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 04 November 2013 - 10:13 AM

Hi fellfromgrace,

Is is important to run the scans as outlined in my posts. Subsequent tools may be requested to see if earlier entries have been removed.

Did you run AdwCleaner as you did not post a log for it?

If not please re-run AdwCleaner, then run OTL to get a fresh log.

In your next post please provide the following:

  • AdwCleaner[S0].txt
  • Fresh OTL.txt
  • How is the computer running?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#17 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 07 November 2013 - 09:22 AM

Hi fellfromgrace,

Just checking in to see if you still need help?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#18 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 07 November 2013 - 02:23 PM

Hi, yes please, sorry I didn't catch the earlier post. I don't know why I missed out the ADW so I will run that and then OTL again. Strangely, it doesn't seem to be running too bad but I haven't really done anything much on it, only a bit of online stuff. I did run DAZ 3d for a short while yesterday as a bit of a test and it ran ok (although of course slower on this than on my other one) but I only spent about 10 mins on it rather than a few hour session as I would normally do.

 

 am off to run the other tests now and will report back shortly.



#19 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 07 November 2013 - 04:08 PM

K here's the ADW scan:

 

# AdwCleaner v3.011 - Report created 07/11/2013 at 20:55:36
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : Lorna - LORNA-PC
# Running from : C:\Users\Lorna\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedbit Video Downloader
Folder Deleted : C:\Program Files (x86)\SearchPredict
Folder Deleted : C:\Program Files (x86)\Speedbit Video Downloader
Folder Deleted : C:\Users\Lorna\AppData\Local\Temp\OCS
Folder Deleted : C:\Users\Lorna\AppData\Roaming\DesktopIconForAmazon
Folder Deleted : C:\Users\Lorna\AppData\Roaming\ExpressFiles
Folder Deleted : C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjojgglmmcghgaiknnpgjgldgaocjfd

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\djcpfkccckpeeghiklnhienllljccglb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ledcpigomgblcmofccnacobhmcdkpiea
Key Deleted : HKCU\Software\Google\Chrome\Extensions\mkjojgglmmcghgaiknnpgjgldgaocjfd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\SBConvert
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v25.0 (en-GB)

[ File : C:\Users\Lorna\AppData\Roaming\Mozilla\Firefox\Profiles\nlrnclme.default-1382870013963\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8308 octets] - [07/11/2013 20:47:33]
AdwCleaner[S0].txt - [8213 octets] - [07/11/2013 20:55:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8273 octets] ##########
 

 

and now OTL:

 

OTL logfile created on: 07/11/2013 21:08:38 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lorna\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
4.00 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 51.22% Memory free
7.99 Gb Paging File | 5.87 Gb Available in Paging File | 73.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.44 Gb Total Space | 272.35 Gb Free Space | 60.46% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 246.48 Gb Free Space | 52.92% Space Free | Partition Type: NTFS
Drive E: | 254.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: LORNA-PC | User Name: Lorna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Lorna\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Lorna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\Lorna\AppData\Roaming\Dashlane\Dashlane.exe ()
PRC - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
PRC - C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe (Comodo Security Solutions Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe (GlavSoft LLC.)
PRC - C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SpeedBit Ltd.)
PRC - C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - c:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
PRC - c:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\Dashlane.exe ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47547\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.2.2.1.47547.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47547\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.2.2.1.47547.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47547\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.2.2.1.47547.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47547\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.2.2.1.47547.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47547\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.2.2.1.47547.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47547\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.2.2.1.47547.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dashlane\2.2.1.47547\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.2.2.1.47547.dll ()
MOD - C:\Users\Lorna\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Windows\SysWOW64\WinTab32.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (DAZContentManagementService) -- C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe ()
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinTabService) -- C:\Windows\SysNative\drivers\WTSrv.exe (Tablet Driver)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (DragonUpdater) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
SRV - (CLPSLauncher) -- C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe (Comodo Security Solutions Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (tvnserver) -- C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe (GlavSoft LLC.)
SRV - (Guard Agent) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (EaseUS Agent) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (VideoAcceleratorService) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SpeedBit Ltd.)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (IGBASVC) -- c:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (CFRMD) -- C:\Windows\SysNative\drivers\CFRMD.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (EUFDDISK) -- C:\Windows\SysNative\drivers\EuFdDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV:64bit: - (EUBKMON) -- C:\Windows\SysNative\drivers\EUBKMON.sys ()
DRV:64bit: - (EUDSKACS) -- C:\Windows\SysNative\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV:64bit: - (EUBAKUP) -- C:\Windows\SysNative\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (silabser) -- C:\Windows\SysNative\drivers\silabser.sys (Silicon Laboratories)
DRV:64bit: - (silabenm) -- C:\Windows\SysNative\drivers\silabenm.sys (Silicon Laboratories)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\drivers\uim_vimx64.sys (Paragon)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows ® 2000 DDK provider)
DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\drivers\RapportKE64.sys (Trusteer Ltd.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (FPSensor) -- C:\Windows\SysNative\drivers\FPSensor.sys (Egistec)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (hidshim) -- C:\Windows\SysNative\drivers\hidshim.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (nuvotonhidgeneric) -- C:\Windows\SysNative\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (UCTblHid) -- C:\Windows\SysNative\drivers\UCTblHid.sys (Tablet Driver)
DRV:64bit: - (TClass2k) -- C:\Windows\SysNative\drivers\TClass2k.sys (Tablet Driver)
DRV:64bit: - (PTSimHid) -- C:\Windows\SysNative\drivers\PTSimHid.sys (PenTablet Driver)
DRV:64bit: - (PTSimBus) -- C:\Windows\SysNative\drivers\PTSimBus.sys (PenTablet Driver)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV - (cleanhlp) -- C:\EEK\Run\cleanhlp64.sys (Emsisoft GmbH)
DRV - (RapportCerberus_43926) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys ()
DRV - (CFRMD) -- C:\Windows\SysWOW64\drivers\CFRMD.sys (Windows ® Win 7 DDK provider)
DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.)
DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.)
DRV - (usbscan) -- C:\Windows\SysWOW64\drivers\USBSCAN.SYS (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...c8z185t5701w78n
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...AW_enGB378GB379
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://yandex.ru/yan...t={searchTerms}
IE - HKCU\..\SearchScopes\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}: "URL" = http://ws.infospace....=7?_IceUrl=true
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\Moikrug: "URL" = http://moikrug.ru/pe...ms}&submitted=1
IE - HKCU\..\SearchScopes\Yandex: "URL" = http://www.google.co...AW_enGB378GB379
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.32: C:\Users\Lorna\AppData\Local\Spoon\3.32.2.12\npMozillaSpoonPlugin.dll (Code Systems Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lorna\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lorna\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/01 08:40:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/02 13:09:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/06 10:17:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/01 08:40:23 | 000,000,000 | ---D | M]
 
[2012/02/10 13:34:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lorna\AppData\Roaming\Mozilla\Extensions
[2013/10/27 10:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lorna\AppData\Roaming\Mozilla\Firefox\Profiles\nlrnclme.default-1382870013963\extensions
[2013/11/06 10:17:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/06 10:17:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/06 10:17:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.addthis.c...n3&clickbacks=1
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lorna\AppData\Local\Google\Chrome\Application\31.0.1650.34\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lorna\AppData\Local\Google\Chrome\Application\31.0.1650.34\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lorna\AppData\Local\Google\Chrome\Application\31.0.1650.34\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Chrome SVD extension (Enabled) = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcpfkccckpeeghiklnhienllljccglb\2.0.4_0\lib/npdownloaderchrome.dll
CHR - plugin: Chrome DAP extension (Enabled) = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.6_0\lib/npdapchrome.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RockMelt Update (Enabled) = C:\Users\Lorna\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll
CHR - plugin: Spoon Plugin (Enabled) = C:\Users\Lorna\AppData\Local\Spoon\3.32.2.12\npMozillaSpoonPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Google Translate = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0\
CHR - Extension: Spybot - Search & Destroy = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmcccagmbagkpbdgpammblejlmiempb\2.0.6.819_0\
CHR - Extension: YouTube = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
CHR - Extension: Google Search = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! WebRep = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Disconnect = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.10.0_0\
CHR - Extension: Window Close Protector = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnpifgapnmpninomacbhdlconlpikdai\2.2_0\
CHR - Extension: Google Wallet = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.2_0\
CHR - Extension: Short URL = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\obbdcmhkndhionekooeeiilbicfdkhml\1.0_0\
CHR - Extension: Instagram for Chrome = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\4.9.1_0\
CHR - Extension: Instagram for Chrome = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\4.9.2_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.3_0\
CHR - Extension: Gmail = C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012/08/17 07:48:50 | 000,443,169 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts:     127.0.0.1 activate.adobe.com
O1 - Hosts:     127.0.0.1 practivate.adobe.com
O1 - Hosts:     127.0.0.1 ereg.adobe.com
O1 - Hosts:     127.0.0.1 activate.wip3.adobe.com
O1 - Hosts:     127.0.0.1 wip3.adobe.com
O1 - Hosts:     127.0.0.1 3dns-3.adobe.com
O1 - Hosts:     127.0.0.1 3dns-2.adobe.com
O1 - Hosts:     127.0.0.1 adobe-dns.adobe.com
O1 - Hosts:     127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts:     127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts:     127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts:     127.0.0.1 activate-sea.adobe.com
O1 - Hosts:     127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts:     127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts:     127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 15224 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Dashlane BHO) - {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - C:\Users\Lorna\AppData\Roaming\Dashlane\ie\Dashlanei.dll (Dashlane)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKCU..\Run: [Dashlane] C:\Users\Lorna\AppData\Roaming\Dashlane\Dashlane.exe ()
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O4 - Startup: C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lorna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: fellfromgrace.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{454243BE-109D-452A-96DD-5779CAC699AD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{454243BE-109D-452A-96DD-5779CAC699AD}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Value error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/07 20:47:28 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/06 12:59:12 | 000,391,168 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLM9T.DLL
[2013/11/06 10:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/04 11:06:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/04 11:04:44 | 001,033,335 | ---- | C] (Thisisu) -- C:\Users\Lorna\Desktop\JRT.exe
[2013/11/03 22:38:59 | 000,116,440 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2013/11/03 22:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/11/03 22:37:18 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/11/03 22:35:41 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Desktop\mbar
[2013/11/03 22:26:29 | 012,576,792 | ---- | C] (Malwarebytes Corp.) -- C:\Users\Lorna\Desktop\mbar-1.07.0.1007.exe
[2013/11/03 21:52:44 | 000,000,000 | ---D | C] -- C:\Users\Lorna\AppData\Local\VS Revo Group
[2013/11/03 21:52:29 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2013/11/03 21:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/11/03 21:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/11/03 21:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/11/03 21:51:04 | 010,031,224 | ---- | C] (VS Revo Group                                               ) -- C:\Users\Lorna\Desktop\RevoUninProSetup.exe
[2013/11/03 12:02:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lorna\Desktop\OTL.exe
[2013/11/03 11:58:56 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Lorna\Desktop\aswMBR.exe
[2013/10/29 10:54:07 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Lorna\Desktop\HijackThis.exe
[2013/10/27 10:49:03 | 000,000,000 | ---D | C] -- C:\EEK
[2013/10/27 10:34:01 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Desktop\Old Firefox Data
[2013/10/25 18:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Nevercenter
[2013/10/25 17:58:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CameraBag 2
[2013/10/25 15:15:28 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\My Collages
[2013/10/24 21:26:29 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2013/10/24 21:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/10/24 16:43:58 | 000,000,000 | ---D | C] -- C:\3a3f13d26556370d06bc1f
[2013/10/24 16:20:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/10/22 11:33:01 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\word docs
[2013/10/22 11:32:20 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\pageplus stuff
[2013/10/22 11:31:21 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\robfossett
[2013/10/22 11:22:34 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\ie6 only
[2013/10/22 11:22:34 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\IE Kaleidoscope
[2013/10/22 11:22:21 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\Font Groups
[2013/10/22 11:22:21 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\flipphotos
[2013/10/22 11:22:20 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\files
[2013/10/22 11:18:40 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\data
[2013/10/22 11:18:36 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\com.nevercenter.camerabag2
[2013/10/22 11:15:43 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\Arcade Deluxe
[2013/10/22 11:15:43 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\application forms
[2013/10/22 11:15:43 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\Anvsoft
[2013/10/22 11:15:42 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\Amazon MP3
[2013/10/22 11:15:24 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\accounts excel
[2013/10/22 11:15:19 | 000,530,528 | ---- | C] (Yahoo! Inc.) -- C:\Users\Lorna\Documents\yahoo_installer.exe
[2013/10/22 11:15:12 | 002,500,664 | ---- | C] (CyberDefender Corp.) -- C:\Users\Lorna\Documents\toolbar_v2toolbarsite.exe
[2013/10/22 11:15:07 | 022,690,600 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Lorna\Documents\SkypeSetup.exe
[2013/10/22 11:14:59 | 018,649,560 | ---- | C] (eBay                                                        ) -- C:\Users\Lorna\Documents\setupUK.exe
[2013/10/22 11:14:57 | 006,798,200 | ---- | C] (Brajusta Publishing, Inc.                                   ) -- C:\Users\Lorna\Documents\setup.exe
[2013/10/22 11:14:31 | 005,911,719 | ---- | C] (Free-Software-Forever.com) -- C:\Users\Lorna\Documents\googlein24.exe
[2013/10/22 11:14:25 | 011,028,800 | ---- | C] (Flock) -- C:\Users\Lorna\Documents\flock-2.0b2.en-US.win32.exe
[2013/10/21 17:33:07 | 000,000,000 | ---D | C] -- C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
[2013/10/21 17:31:50 | 000,000,000 | ---D | C] -- C:\Users\Lorna\AppData\Roaming\Dashlane
[2013/10/20 14:20:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak
[2013/10/19 12:33:25 | 000,000,000 | ---D | C] -- C:\Users\Lorna\Documents\DAZ 3D
[2013/10/19 12:24:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My DAZ 3D Library
[2013/10/19 12:18:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAZ 3D
[2013/10/19 12:03:05 | 000,000,000 | ---D | C] -- C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
[2013/10/19 12:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\DAZ 3D
[2013/10/19 12:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\DAZ 3D
[2013/10/19 10:26:16 | 000,057,096 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2009/08/22 08:44:20 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[1 C:\Users\Lorna\Documents\*.tmp files -> C:\Users\Lorna\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/07 21:17:42 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/11/07 21:07:23 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/07 21:07:23 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/07 21:06:08 | 000,797,238 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/07 21:06:08 | 000,677,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/07 21:06:08 | 000,130,846 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/07 21:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/07 20:59:23 | 000,000,436 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013/11/07 20:58:37 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/11/07 20:58:36 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/07 20:58:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/07 20:57:59 | 3217,235,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/07 20:39:13 | 001,073,262 | ---- | M] () -- C:\Users\Lorna\Desktop\AdwCleaner.exe
[2013/11/07 20:34:10 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1062119836-663356838-3640058548-1001UA.job
[2013/11/07 20:34:10 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/07 20:27:03 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1062119836-663356838-3640058548-1001Core.job
[2013/11/07 20:13:07 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/11/06 12:30:58 | 000,001,915 | ---- | M] () -- C:\Users\Lorna\Desktop\Dashlane.lnk
[2013/11/06 09:36:35 | 000,001,053 | ---- | M] () -- C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/11/06 09:36:23 | 000,001,164 | ---- | M] () -- C:\Windows\wininit.ini
[2013/11/06 09:35:53 | 000,001,021 | ---- | M] () -- C:\Users\Lorna\Desktop\Dropbox.lnk
[2013/11/04 11:04:37 | 001,033,335 | ---- | M] (Thisisu) -- C:\Users\Lorna\Desktop\JRT.exe
[2013/11/04 11:04:01 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\Paragon Archive name arc_080112231151836.job
[2013/11/03 22:38:59 | 000,116,440 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2013/11/03 22:37:18 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/11/03 22:26:49 | 012,576,792 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Lorna\Desktop\mbar-1.07.0.1007.exe
[2013/11/03 21:52:31 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/11/03 21:51:16 | 010,031,224 | ---- | M] (VS Revo Group                                               ) -- C:\Users\Lorna\Desktop\RevoUninProSetup.exe
[2013/11/03 16:10:37 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2013/11/03 16:10:37 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2013/11/03 12:02:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lorna\Desktop\OTL.exe
[2013/11/03 11:59:04 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Lorna\Desktop\aswMBR.exe
[2013/11/03 11:58:42 | 000,891,184 | ---- | M] () -- C:\Users\Lorna\Desktop\SecurityCheck.exe
[2013/10/30 18:33:49 | 576,721,544 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/10/29 10:54:05 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Lorna\Desktop\HijackThis.exe
[2013/10/27 15:49:48 | 000,002,145 | ---- | M] () -- C:\Users\Lorna\Desktop\avast! Free Antivirus 8.0.1489 Setup.lnk
[2013/10/27 14:46:41 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/27 10:55:07 | 000,002,370 | ---- | M] () -- C:\Users\Lorna\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/27 10:55:07 | 000,002,368 | ---- | M] () -- C:\Users\Lorna\Desktop\Google Chrome.lnk
[2013/10/27 10:52:52 | 000,001,482 | ---- | M] () -- C:\Users\Lorna\Desktop\Amazon.lnk
[2013/10/27 10:52:52 | 000,001,482 | ---- | M] () -- C:\Users\Lorna\Application Data\Microsoft\Internet Explorer\Quick Launch\Amazon.lnk
[2013/10/27 10:50:45 | 000,000,586 | ---- | M] () -- C:\Users\Lorna\Desktop\Emsisoft Emergency Kit.lnk
[2013/10/24 16:37:01 | 000,783,150 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/21 19:25:52 | 000,032,399 | ---- | M] () -- C:\Windows\Q-Dir.ini
[2013/10/21 19:21:24 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2013/10/20 18:59:46 | 000,002,087 | ---- | M] () -- C:\Users\Lorna\Desktop\DAZ 3D Install Manager 1.lnk
[2013/10/19 12:24:31 | 000,000,974 | ---- | M] () -- C:\Users\Lorna\Desktop\DAZ Studio 4.6 (64-bit).lnk
[2013/10/19 11:03:56 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/19 11:03:56 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/19 10:26:23 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2013/10/19 10:26:16 | 000,057,096 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2013/10/15 23:07:31 | 000,033,184 | ---- | M] () -- C:\Users\Lorna\Documents\cc_20131016_000724.reg
[1 C:\Users\Lorna\Documents\*.tmp files -> C:\Users\Lorna\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/11/07 20:39:09 | 001,073,262 | ---- | C] () -- C:\Users\Lorna\Desktop\AdwCleaner.exe
[2013/11/03 21:52:31 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/11/03 11:58:44 | 000,891,184 | ---- | C] () -- C:\Users\Lorna\Desktop\SecurityCheck.exe
[2013/10/27 15:49:47 | 000,002,145 | ---- | C] () -- C:\Users\Lorna\Desktop\avast! Free Antivirus 8.0.1489 Setup.lnk
[2013/10/27 14:46:41 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/27 10:55:07 | 000,002,368 | ---- | C] () -- C:\Users\Lorna\Desktop\Google Chrome.lnk
[2013/10/27 10:52:52 | 000,001,482 | ---- | C] () -- C:\Users\Lorna\Desktop\Amazon.lnk
[2013/10/27 10:52:52 | 000,001,482 | ---- | C] () -- C:\Users\Lorna\Application Data\Microsoft\Internet Explorer\Quick Launch\Amazon.lnk
[2013/10/27 10:49:58 | 000,000,586 | ---- | C] () -- C:\Users\Lorna\Desktop\Emsisoft Emergency Kit.lnk
[2013/10/25 17:58:48 | 000,002,991 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CameraBag 2.lnk
[2013/10/22 11:15:20 | 005,505,155 | ---- | C] () -- C:\Users\Lorna\Documents\ZinioReader4.air
[2013/10/22 11:15:19 | 000,006,195 | ---- | C] () -- C:\Users\Lorna\Documents\xmas2012.html
[2013/10/22 11:15:18 | 007,919,073 | ---- | C] () -- C:\Users\Lorna\Documents\Weave-ItBkTwo.pdf
[2013/10/22 11:15:18 | 003,956,220 | ---- | C] (                                                            ) -- C:\Users\Lorna\Documents\webgobbler126_setup.exe
[2013/10/22 11:15:18 | 000,256,521 | ---- | C] () -- C:\Users\Lorna\Documents\Winged Pig Crochet Pattern - Flying Pigs Crochet Pattern.mht
[2013/10/22 11:15:18 | 000,111,060 | ---- | C] () -- C:\Users\Lorna\Documents\WM0270.pdf
[2013/10/22 11:15:18 | 000,032,159 | ---- | C] () -- C:\Users\Lorna\Documents\Welcome to.png
[2013/10/22 11:15:18 | 000,008,500 | ---- | C] () -- C:\Users\Lorna\Documents\wordchart1.pdf
[2013/10/22 11:15:17 | 008,679,978 | ---- | C] () -- C:\Users\Lorna\Documents\Weave-ItBkThree.pdf
[2013/10/22 11:15:16 | 000,786,846 | ---- | C] () -- C:\Users\Lorna\Documents\vintage_knitting_tips.pdf
[2013/10/22 11:15:14 | 007,850,491 | ---- | C] () -- C:\Users\Lorna\Documents\vichallflyerfinal.ppp
[2013/10/22 11:15:14 | 006,729,331 | ---- | C] () -- C:\Users\Lorna\Documents\vertigo-source.png
[2013/10/22 11:15:14 | 000,145,212 | ---- | C] () -- C:\Users\Lorna\Documents\vertigo-logo-source.png
[2013/10/22 11:15:13 | 001,323,805 | ---- | C] () -- C:\Users\Lorna\Documents\tyroknit.pdf
[2013/10/22 11:15:13 | 000,852,185 | ---- | C] () -- C:\Users\Lorna\Documents\vertigo-footer-source.png
[2013/10/22 11:15:13 | 000,086,999 | ---- | C] () -- C:\Users\Lorna\Documents\Untitled-2.ai
[2013/10/22 11:15:13 | 000,006,219 | ---- | C] () -- C:\Users\Lorna\Documents\Untitled.htm
[2013/10/22 11:15:13 | 000,000,652 | ---- | C] () -- C:\Users\Lorna\Documents\Untitled-1.ai
[2013/10/22 11:15:11 | 007,070,390 | ---- | C] () -- C:\Users\Lorna\Documents\TheWeave-ItBook.pdf
[2013/10/22 11:15:11 | 000,000,163 | ---- | C] () -- C:\Users\Lorna\Documents\timesheet_20090216.csv
[2013/10/22 11:15:10 | 002,809,683 | ---- | C] () -- C:\Users\Lorna\Documents\testpdf.PDF
[2013/10/22 11:15:10 | 000,080,482 | ---- | C] () -- C:\Users\Lorna\Documents\tgest.xps
[2013/10/22 11:15:10 | 000,000,096 | ---- | C] () -- C:\Users\Lorna\Documents\test.key.prepare
[2013/10/22 11:15:09 | 003,761,664 | ---- | C] () -- C:\Users\Lorna\Documents\test.exe
[2013/10/22 11:15:09 | 000,001,207 | ---- | C] () -- C:\Users\Lorna\Documents\test.ebp
[2013/10/22 11:15:09 | 000,000,096 | ---- | C] () -- C:\Users\Lorna\Documents\test.key
[2013/10/22 11:15:08 | 001,690,966 | ---- | C] () -- C:\Users\Lorna\Documents\surveys.pdf
[2013/10/22 11:15:08 | 000,650,583 | ---- | C] () -- C:\Users\Lorna\Documents\TechniqueColoredPencil.pdf
[2013/10/22 11:15:08 | 000,557,191 | ---- | C] () -- C:\Users\Lorna\Documents\stitchy.pdf
[2013/10/22 11:15:08 | 000,364,234 | ---- | C] () -- C:\Users\Lorna\Documents\steampunkflier.png
[2013/10/22 11:15:08 | 000,329,320 | ---- | C] () -- C:\Users\Lorna\Documents\steamunkflier2.png
[2013/10/22 11:15:08 | 000,056,028 | ---- | C] () -- C:\Users\Lorna\Documents\sv_028.jpg
[2013/10/22 11:15:08 | 000,025,574 | ---- | C] () -- C:\Users\Lorna\Documents\swfobject.js
[2013/10/22 11:15:08 | 000,015,263 | ---- | C] () -- C:\Users\Lorna\Documents\steamstam tables.svg
[2013/10/22 11:15:08 | 000,011,906 | ---- | C] () -- C:\Users\Lorna\Documents\steamstam tables.pdf
[2013/10/22 11:15:07 | 003,144,125 | ---- | C] () -- C:\Users\Lorna\Documents\Spool221.pdf
[2013/10/22 11:15:07 | 002,196,497 | ---- | C] () -- C:\Users\Lorna\Documents\steampunk-bug.pdf
[2013/10/22 11:15:07 | 000,060,235 | ---- | C] () -- C:\Users\Lorna\Documents\stamford-artisans-guild-logo.jpg
[2013/10/22 11:15:07 | 000,009,469 | ---- | C] () -- C:\Users\Lorna\Documents\star_template.pdf
[2013/10/22 11:15:00 | 011,973,628 | ---- | C] () -- C:\Users\Lorna\Documents\showcase-source.png
[2013/10/22 11:15:00 | 000,055,038 | ---- | C] () -- C:\Users\Lorna\Documents\shkdd10.zip
[2013/10/22 11:14:56 | 000,103,326 | ---- | C] () -- C:\Users\Lorna\Documents\Sea%20Breeze%20Angelina%20instructions.pdf
[2013/10/22 11:14:56 | 000,034,959 | ---- | C] () -- C:\Users\Lorna\Documents\SEASCAPEPEYOTE.png
[2013/10/22 11:14:56 | 000,029,223 | ---- | C] () -- C:\Users\Lorna\Documents\SEASCAPELOOM.png
[2013/10/22 11:14:55 | 001,769,648 | ---- | C] () -- C:\Users\Lorna\Documents\saSetup.exe
[2013/10/22 11:14:54 | 001,252,686 | ---- | C] () -- C:\Users\Lorna\Documents\SAGEBACK010508.002
[2013/10/22 11:14:53 | 001,651,183 | ---- | C] () -- C:\Users\Lorna\Documents\rt_infuse_j15.tgz
[2013/10/22 11:14:53 | 001,561,078 | ---- | C] () -- C:\Users\Lorna\Documents\rt_vertigo_j15.tgz
[2013/10/22 11:14:52 | 001,190,402 | ---- | C] () -- C:\Users\Lorna\Documents\rt_affinity_j15.tgz
[2013/10/22 11:14:52 | 000,193,534 | ---- | C] () -- C:\Users\Lorna\Documents\replicant2-source.png
[2013/10/22 11:14:52 | 000,142,251 | ---- | C] () -- C:\Users\Lorna\Documents\Render 1.png
[2013/10/22 11:14:52 | 000,007,834 | ---- | C] () -- C:\Users\Lorna\Documents\rabbit2.png
[2013/10/22 11:14:51 | 000,114,202 | ---- | C] () -- C:\Users\Lorna\Documents\phtos unusul.nri
[2013/10/22 11:14:51 | 000,042,836 | ---- | C] () -- C:\Users\Lorna\Documents\PIXL_E.zip
[2013/10/22 11:14:51 | 000,014,915 | ---- | C] () -- C:\Users\Lorna\Documents\pic for payperhour.gif
[2013/10/22 11:14:50 | 006,213,246 | ---- | C] () -- C:\Users\Lorna\Documents\Photo Album.wmv
[2013/10/22 11:14:50 | 000,043,319 | ---- | C] () -- C:\Users\Lorna\Documents\penguin peyote.png
[2013/10/22 11:14:50 | 000,035,309 | ---- | C] () -- C:\Users\Lorna\Documents\penguin loom.png
[2013/10/22 11:14:50 | 000,026,816 | ---- | C] () -- C:\Users\Lorna\Documents\pdftedst.pdf
[2013/10/22 11:14:50 | 000,000,257 | R--- | C] () -- C:\Users\Lorna\Documents\PC Support.url
[2013/10/22 11:14:50 | 000,000,000 | ---- | C] () -- C:\Users\Lorna\Documents\PDFVistaPort
[2013/10/22 11:14:49 | 007,364,137 | ---- | C] () -- C:\Users\Lorna\Documents\orwell145b.exe
[2013/10/22 11:14:49 | 000,083,305 | ---- | C] () -- C:\Users\Lorna\Documents\paper doll maryjane.jpg
[2013/10/22 11:14:49 | 000,075,404 | R--- | C] () -- C:\Users\Lorna\Documents\Order-10527301-Docs-090326maggi.pdf
[2013/10/22 11:14:48 | 000,195,703 | R--- | C] () -- C:\Users\Lorna\Documents\Omotchama.rar
[2013/10/22 11:14:48 | 000,074,773 | R--- | C] () -- C:\Users\Lorna\Documents\Order-10520030-Docs-120335 Katrina .pdf
[2013/10/22 11:14:48 | 000,042,943 | ---- | C] () -- C:\Users\Lorna\Documents\oldtimeladypeyote.png
[2013/10/22 11:14:48 | 000,035,888 | ---- | C] () -- C:\Users\Lorna\Documents\oldtimeladyloom.png
[2013/10/22 11:14:46 | 058,615,296 | ---- | C] () -- C:\Users\Lorna\Documents\NOF-Essentials.exe
[2013/10/22 11:14:46 | 000,139,356 | ---- | C] () -- C:\Users\Lorna\Documents\NLP.zip
[2013/10/22 11:14:45 | 000,699,591 | ---- | C] () -- C:\Users\Lorna\Documents\Mysnowflakes.rtf
[2013/10/22 11:14:45 | 000,694,574 | ---- | C] () -- C:\Users\Lorna\Documents\nettie.png
[2013/10/22 11:14:45 | 000,351,585 | ---- | C] () -- C:\Users\Lorna\Documents\Mysnowflakes.pdf
[2013/10/22 11:14:45 | 000,187,007 | ---- | C] () -- C:\Users\Lorna\Documents\mysignature.png
[2013/10/22 11:14:45 | 000,161,621 | ---- | C] () -- C:\Users\Lorna\Documents\mywatchmanual.pdf
[2013/10/22 11:14:45 | 000,037,445 | ---- | C] () -- C:\Users\Lorna\Documents\MyMicroBalance2006.mmb
[2013/10/22 11:14:45 | 000,037,426 | ---- | C] () -- C:\Users\Lorna\Documents\MyMicroBalance2006.mmb.backup2
[2013/10/22 11:14:45 | 000,030,600 | ---- | C] () -- C:\Users\Lorna\Documents\MyMicroBalance2006.mmb.backup1
[2013/10/22 11:14:45 | 000,028,283 | ---- | C] () -- C:\Users\Lorna\Documents\MyMicroBalance2007.mmb
[2013/10/22 11:14:45 | 000,000,559 | ---- | C] () -- C:\Users\Lorna\Documents\My Sharing Folders.lnk
[2013/10/22 11:14:44 | 007,268,458 | ---- | C] () -- C:\Users\Lorna\Documents\Migrated Documents Report.csv
[2013/10/22 11:14:44 | 000,062,535 | ---- | C] () -- C:\Users\Lorna\Documents\modules-source.png
[2013/10/22 11:14:44 | 000,041,462 | ---- | C] () -- C:\Users\Lorna\Documents\Microsoft Word - r conboy webvert march 08.pdf
[2013/10/22 11:14:43 | 020,029,198 | ---- | C] () -- C:\Users\Lorna\Documents\Merry Christmas2.wmv
[2013/10/22 11:14:42 | 012,845,162 | ---- | C] () -- C:\Users\Lorna\Documents\Merry Christmas.wmv
[2013/10/22 11:14:42 | 000,182,928 | ---- | C] () -- C:\Users\Lorna\Documents\Making Wool Felt Booties.mht
[2013/10/22 11:14:42 | 000,140,974 | ---- | C] () -- C:\Users\Lorna\Documents\magicbutton.zip
[2013/10/22 11:14:42 | 000,103,521 | ---- | C] () -- C:\Users\Lorna\Documents\lv pl airInsurancePdf_2012.pdf
[2013/10/22 11:14:42 | 000,054,102 | ---- | C] () -- C:\Users\Lorna\Documents\menu-dropdown-source.png
[2013/10/22 11:14:42 | 000,023,034 | ---- | C] () -- C:\Users\Lorna\Documents\lv signature.png
[2013/10/22 11:14:40 | 002,171,605 | ---- | C] () -- C:\Users\Lorna\Documents\LoaderBackup-(2012-07-13)-3.bbb
[2013/10/22 11:14:40 | 002,169,420 | ---- | C] () -- C:\Users\Lorna\Documents\LoaderBackup-(2012-07-13)-2.bbb
[2013/10/22 11:14:40 | 002,169,411 | ---- | C] () -- C:\Users\Lorna\Documents\LoaderBackup-(2012-07-13).bbb
[2013/10/22 11:14:40 | 000,010,826 | ---- | C] () -- C:\Users\Lorna\Documents\logo.png
[2013/10/22 11:14:40 | 000,006,433 | ---- | C] () -- C:\Users\Lorna\Documents\logo1.gif
[2013/10/22 11:14:40 | 000,005,437 | ---- | C] () -- C:\Users\Lorna\Documents\logo-alt.png
[2013/10/22 11:14:40 | 000,000,681 | ---- | C] () -- C:\Users\Lorna\Documents\Lorna - Shortcut.lnk
[2013/10/22 11:14:39 | 007,108,414 | ---- | C] () -- C:\Users\Lorna\Documents\lasvegas.craft
[2013/10/22 11:14:39 | 002,169,408 | ---- | C] () -- C:\Users\Lorna\Documents\LoaderBackup-(2012-07-13)-1.bbb
[2013/10/22 11:14:39 | 002,125,788 | ---- | C] () -- C:\Users\Lorna\Documents\len and nell page 11 i think cmyk.pdf
[2013/10/22 11:14:39 | 000,202,368 | ---- | C] () -- C:\Users\Lorna\Documents\LayoutTool - Legacy.pdf
[2013/10/22 11:14:39 | 000,024,551 | ---- | C] () -- C:\Users\Lorna\Documents\lasvegaslv.jpg
[2013/10/22 11:14:38 | 010,469,136 | ---- | C] () -- C:\Users\Lorna\Documents\largexmas2011.craft
[2013/10/22 11:14:38 | 004,280,249 | ---- | C] () -- C:\Users\Lorna\Documents\joomla_15_quickstart.pdf
[2013/10/22 11:14:38 | 000,489,432 | ---- | C] () -- C:\Users\Lorna\Documents\IS SHAKESPEARE DEAD.pdf
[2013/10/22 11:14:38 | 000,122,285 | ---- | C] () -- C:\Users\Lorna\Documents\jemjoker.png
[2013/10/22 11:14:38 | 000,025,102 | ---- | C] () -- C:\Users\Lorna\Documents\JumpingJacks.pdf
[2013/10/22 11:14:38 | 000,011,379 | ---- | C] () -- C:\Users\Lorna\Documents\JumpingJacks(1).pdf
[2013/10/22 11:14:36 | 001,755,757 | ---- | C] () -- C:\Users\Lorna\Documents\Inside Front Cover.pdf
[2013/10/22 11:14:36 | 000,271,884 | ---- | C] () -- C:\Users\Lorna\Documents\invite square copy.jpg
[2013/10/22 11:14:36 | 000,083,274 | ---- | C] () -- C:\Users\Lorna\Documents\install_7-zip_.exe
[2013/10/22 11:14:35 | 002,019,964 | ---- | C] () -- C:\Users\Lorna\Documents\inside back cover cmyk.pdf
[2013/10/22 11:14:35 | 000,804,036 | ---- | C] () -- C:\Users\Lorna\Documents\Image3.psp
[2013/10/22 11:14:34 | 038,197,265 | ---- | C] () -- C:\Users\Lorna\Documents\hhswholething.pdf
[2013/10/22 11:14:34 | 001,669,393 | ---- | C] () -- C:\Users\Lorna\Documents\High-Raw-Kevin-Gianni.pdf
[2013/10/22 11:14:34 | 000,001,361 | ---- | C] () -- C:\Users\Lorna\Documents\hosts
[2013/10/22 11:14:31 | 000,513,317 | ---- | C] () -- C:\Users\Lorna\Documents\heartsnflowerspng.png
[2013/10/22 11:14:31 | 000,186,339 | ---- | C] () -- C:\Users\Lorna\Documents\Hearts.pdf
[2013/10/22 11:14:31 | 000,121,673 | ---- | C] () -- C:\Users\Lorna\Documents\HEARTSfinal layout.pdf
[2013/10/22 11:14:31 | 000,020,769 | ---- | C] () -- C:\Users\Lorna\Documents\Heart_templates.pdf
[2013/10/22 11:14:28 | 000,695,282 | ---- | C] () -- C:\Users\Lorna\Documents\GoogleAdwordsProduct.zip
[2013/10/22 11:14:28 | 000,324,804 | ---- | C] () -- C:\Users\Lorna\Documents\front cover cmyk.pdf
[2013/10/22 11:14:28 | 000,045,708 | ---- | C] () -- C:\Users\Lorna\Documents\girl1lpey.png
[2013/10/22 11:14:28 | 000,037,505 | ---- | C] () -- C:\Users\Lorna\Documents\girl1loom.png
[2013/10/22 11:14:28 | 000,002,390 | ---- | C] () -- C:\Users\Lorna\Documents\glutole.hottnote
[2013/10/22 11:14:27 | 015,425,536 | ---- | C] () -- C:\Users\Lorna\Documents\From the time I was a little girl.pps
[2013/10/22 11:14:25 | 001,313,030 | ---- | C] () -- C:\Users\Lorna\Documents\flowersp.bmp
[2013/10/22 11:14:25 | 000,202,368 | ---- | C] () -- C:\Users\Lorna\Documents\flower.pdf
[2013/10/22 11:14:25 | 000,201,436 | ---- | C] () -- C:\Users\Lorna\Documents\floral1peyote1.pdf
[2013/10/22 11:14:25 | 000,196,909 | ---- | C] () -- C:\Users\Lorna\Documents\flower1
[2013/10/22 11:14:25 | 000,113,685 | ---- | C] () -- C:\Users\Lorna\Documents\fox2crop.JPG
[2013/10/22 11:14:25 | 000,104,770 | ---- | C] () -- C:\Users\Lorna\Documents\floralpeyote v2.pdf
[2013/10/22 11:14:25 | 000,100,773 | ---- | C] () -- C:\Users\Lorna\Documents\floral1 peyote1.pdf
[2013/10/22 11:14:25 | 000,100,692 | ---- | C] () -- C:\Users\Lorna\Documents\floral1.pdf
[2013/10/22 11:14:25 | 000,009,948 | ---- | C] () -- C:\Users\Lorna\Documents\flower_template.pdf
[2013/10/22 11:14:24 | 000,215,381 | ---- | C] () -- C:\Users\Lorna\Documents\FlipBook3DMain.swf
[2013/10/22 11:14:24 | 000,138,468 | ---- | C] () -- C:\Users\Lorna\Documents\farm1a.JPG
[2013/10/22 11:14:23 | 000,089,180 | ---- | C] () -- C:\Users\Lorna\Documents\Fact Find 2 TESTGeneral.pdf
[2013/10/22 11:14:23 | 000,068,240 | ---- | C] () -- C:\Users\Lorna\Documents\Fact Find 2test1l.pdf
[2013/10/22 11:14:22 | 004,868,248 | ---- | C] () -- C:\Users\Lorna\Documents\ETSToysA.pdf
[2013/10/22 11:14:22 | 002,717,291 | ---- | C] () -- C:\Users\Lorna\Documents\ETSToysB.pdf
[2013/10/22 11:14:22 | 000,606,891 | ---- | C] () -- C:\Users\Lorna\Documents\Elfic_doll.pdf
[2013/10/22 11:14:22 | 000,334,132 | ---- | C] () -- C:\Users\Lorna\Documents\Etsy  sylver  Sylver Designs.mht
[2013/10/22 11:14:21 | 000,925,138 | ---- | C] () -- C:\Users\Lorna\Documents\edge.xps
[2013/10/22 11:14:21 | 000,112,236 | ---- | C] () -- C:\Users\Lorna\Documents\DVLA Vehicle Licensing Online  Apply for a tax disc NOW.mht
[2013/10/22 11:14:21 | 000,034,652 | ---- | C] () -- C:\Users\Lorna\Documents\earlylady1peyote.png
[2013/10/22 11:14:21 | 000,029,265 | ---- | C] () -- C:\Users\Lorna\Documents\earlylady1loom.png
[2013/10/22 11:14:21 | 000,016,137 | ---- | C] () -- C:\Users\Lorna\Documents\decoladypeyote.png
[2013/10/22 11:14:21 | 000,013,977 | ---- | C] () -- C:\Users\Lorna\Documents\decoladyloom.png
[2013/10/22 11:14:21 | 000,013,396 | ---- | C] () -- C:\Users\Lorna\Documents\dvlalicenceapp.pdf
[2013/10/22 11:14:21 | 000,002,322 | ---- | C] () -- C:\Users\Lorna\Documents\Document2.wpd
[2013/10/22 11:14:20 | 004,017,882 | ---- | C] () -- C:\Users\Lorna\Documents\CTMJanFeb08 FINAL.pdf
[2013/10/22 11:14:20 | 000,002,859 | ---- | C] () -- C:\Users\Lorna\Documents\dddd.csv
[2013/10/22 11:14:19 | 000,023,005 | ---- | C] () -- C:\Users\Lorna\Documents\CTFEB07CrochetFroggyHatCheerioEssentials.pdf
[2013/10/22 11:14:18 | 000,292,350 | ---- | C] () -- C:\Users\Lorna\Documents\Crocheted Frog Treasure Pocket.mht
[2013/10/22 11:14:17 | 000,166,321 | ---- | C] () -- C:\Users\Lorna\Documents\copyrightnotice.pdf
[2013/10/22 11:14:16 | 003,559,424 | ---- | C] () -- C:\Users\Lorna\Documents\Charitable contributions.accdb
[2013/10/22 11:14:14 | 043,144,704 | ---- | C] () -- C:\Users\Lorna\Documents\CGSX3SP2.msp
[2013/10/22 11:14:14 | 029,478,912 | ---- | C] () -- C:\Users\Lorna\Documents\CGSX3SP1.msp
[2013/10/22 11:14:07 | 001,107,100 | ---- | C] () -- C:\Users\Lorna\Documents\CD30 BUTTERFLY KINETIC SWING CA.svg
[2013/10/22 11:14:06 | 000,480,086 | ---- | C] () -- C:\Users\Lorna\Documents\Card07.pdf
[2013/10/22 11:14:06 | 000,319,332 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20130614_200931.reg
[2013/10/22 11:14:06 | 000,101,094 | ---- | C] () -- C:\Users\Lorna\Documents\CD30 BUTTERFLY KINETIC SWING CA.pdf
[2013/10/22 11:14:06 | 000,094,760 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20130717_222003.reg
[2013/10/22 11:14:06 | 000,062,746 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20130614_202503.reg
[2013/10/22 11:14:06 | 000,050,750 | ---- | C] () -- C:\Users\Lorna\Documents\cctreescrop.JPG
[2013/10/22 11:14:06 | 000,033,184 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20131016_000724.reg
[2013/10/22 11:14:06 | 000,030,030 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20111214_181813.reg
[2013/10/22 11:14:06 | 000,018,942 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20130902_153501.reg
[2013/10/22 11:14:06 | 000,007,302 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20120108_154432.reg
[2013/10/22 11:14:06 | 000,005,750 | ---- | C] () -- C:\Users\Lorna\Documents\cc_20130614_203430.reg
[2013/10/22 11:14:05 | 001,998,134 | ---- | C] () -- C:\Users\Lorna\Documents\broadsheetsteampunk.pdf
[2013/10/22 11:14:05 | 000,467,168 | ---- | C] () -- C:\Users\Lorna\Documents\Card06.pdf
[2013/10/22 11:14:05 | 000,315,773 | ---- | C] () -- C:\Users\Lorna\Documents\Card04.pdf
[2013/10/22 11:14:05 | 000,138,078 | ---- | C] () -- C:\Users\Lorna\Documents\bookmarks_10_02_2012.html
[2013/10/22 11:14:05 | 000,100,676 | ---- | C] () -- C:\Users\Lorna\Documents\Bulk_Certificate_Posting_Signature.pdf
[2013/10/22 11:14:05 | 000,036,419 | ---- | C] () -- C:\Users\Lorna\Documents\calendar_organizer_months.pdf
[2013/10/22 11:14:05 | 000,036,385 | ---- | C] () -- C:\Users\Lorna\Documents\Bulk_Certificate_Posting_Standard.pdf
[2013/10/22 11:14:04 | 011,721,211 | ---- | C] () -- C:\Users\Lorna\Documents\bigbadges.craft
[2013/10/22 11:14:04 | 001,581,606 | ---- | C] () -- C:\Users\Lorna\Documents\Bookkeeping
[2013/10/22 11:14:03 | 002,807,643 | ---- | C] () -- C:\Users\Lorna\Documents\BABYmocsBtys.pdf
[2013/10/22 11:14:03 | 000,305,408 | ---- | C] () -- C:\Users\Lorna\Documents\banner.png
[2013/10/22 11:14:02 | 010,676,572 | ---- | C] () -- C:\Users\Lorna\Documents\auctamerpro.exe
[2013/10/22 11:14:02 | 000,161,621 | ---- | C] () -- C:\Users\Lorna\Documents\B023_ebook.pdf
[2013/10/22 11:14:01 | 010,676,572 | ---- | C] () -- C:\Users\Lorna\Documents\auctamerpro(1).exe
[2013/10/22 11:14:00 | 002,355,200 | ---- | C] () -- C:\Users\Lorna\Documents\amclassical_silent_night.mp3
[2013/10/22 11:14:00 | 000,511,137 | ---- | C] () -- C:\Users\Lorna\Documents\AmazonDealProduct.zip
[2013/10/22 11:13:59 | 004,844,131 | R--- | C] () -- C:\Users\Lorna\Documents\Alien_Blaster_PePaKuRa_File_by_billybob884.rar
[2013/10/22 11:13:59 | 003,533,600 | ---- | C] () -- C:\Users\Lorna\Documents\alice1.ppp
[2013/10/22 11:13:59 | 001,231,224 | ---- | C] () -- C:\Users\Lorna\Documents\agendusstd_ota_en.prc
[2013/10/22 11:13:59 | 000,161,278 | ---- | C] () -- C:\Users\Lorna\Documents\aglaciercrop.JPG
[2013/10/22 11:13:59 | 000,109,943 | ---- | C] () -- C:\Users\Lorna\Documents\alicewivbaby.jpg
[2013/10/22 11:13:59 | 000,059,844 | ---- | C] () -- C:\Users\Lorna\Documents\Absolut_Pro_Bold.otf
[2013/10/22 11:13:59 | 000,000,406 | ---- | C] () -- C:\Users\Lorna\Documents\348059.vcf
[2013/10/22 11:13:59 | 000,000,081 | ---- | C] () -- C:\Users\Lorna\Documents\1Click.cfg
[2013/10/22 11:13:58 | 004,485,072 | ---- | C] () -- C:\Users\Lorna\Documents\1940sxmas2.craft
[2013/10/22 11:13:58 | 000,000,364 | ---- | C] () -- C:\Users\Lorna\Documents\08-10-30.sv
[2013/10/21 19:21:23 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2013/10/21 17:33:07 | 000,001,915 | ---- | C] () -- C:\Users\Lorna\Desktop\Dashlane.lnk
[2013/10/20 18:59:46 | 000,002,087 | ---- | C] () -- C:\Users\Lorna\Desktop\DAZ 3D Install Manager 1.lnk
[2013/10/19 12:24:31 | 000,000,974 | ---- | C] () -- C:\Users\Lorna\Desktop\DAZ Studio 4.6 (64-bit).lnk
[2012/05/24 20:24:55 | 000,001,269 | ---- | C] () -- C:\Users\Lorna\.recently-used.xbel
[2012/05/08 18:29:44 | 000,000,132 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2012/03/19 00:24:05 | 000,006,168 | ---- | C] () -- C:\Users\Lorna\AppData\Local\recently-used.xbel
[2012/03/07 20:12:53 | 000,035,328 | ---- | C] () -- C:\Windows\INETWH32.DLL
[2012/03/07 20:12:53 | 000,009,136 | ---- | C] () -- C:\Windows\INETWH16.DLL
[2012/03/07 20:12:53 | 000,004,528 | ---- | C] () -- C:\Windows\SETBROWS.EXE
[2012/03/07 20:06:35 | 000,044,544 | ---- | C] () -- C:\Windows\AWuninstall.exe
[2012/03/04 15:54:23 | 000,002,800 | ---- | C] () -- C:\Users\Lorna\2px-80percentransparencyblack.png
[2012/02/27 21:48:53 | 000,111,661 | ---- | C] () -- C:\Users\Lorna\Image2.jpg
[2012/02/26 17:49:45 | 000,000,084 | ---- | C] () -- C:\Users\Lorna\pathinfo.php
[2012/02/15 14:23:05 | 000,000,092 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2012/02/15 14:18:01 | 000,212,233 | ---- | C] () -- C:\Windows\Photo Pos Pro Uninstaller.exe.bak
[2012/02/12 20:44:55 | 000,172,032 | ---- | C] () -- C:\Users\Lorna\abrViewer.NET.exe
[2012/01/08 15:21:55 | 000,004,800 | ---- | C] () -- C:\ProgramData\NTIRegistry.REG
[2011/12/23 23:32:32 | 000,001,164 | ---- | C] () -- C:\Windows\wininit.ini
[2011/11/21 18:44:45 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/11/21 18:44:45 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/11/05 17:12:38 | 000,543,531 | ---- | C] () -- C:\Users\Lorna\New document 1.2011_11_05_17_12_38.0.svg
[2011/06/22 08:08:33 | 000,000,000 | ---- | C] () -- C:\Users\Lorna\AppData\Local\{5975D6E1-F7BB-4A5D-AD55-1634EB9C6B35}
[2011/06/13 15:12:39 | 000,000,000 | ---- | C] () -- C:\Users\Lorna\AppData\Local\{0DBB6458-1470-4D4F-9753-7EAB03AE0100}
[2011/03/04 12:56:48 | 000,040,907 | ---- | C] () -- C:\Users\Lorna\kitty_headbang.gif
[2011/01/14 22:53:58 | 000,000,132 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/12/19 23:48:49 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/04 21:58:22 | 000,000,837 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\FrameFun.ini
[2010/10/03 16:26:15 | 000,001,456 | ---- | C] () -- C:\Users\Lorna\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/10/03 10:44:53 | 000,006,144 | ---- | C] () -- C:\Users\Lorna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/01 20:42:00 | 000,000,036 | ---- | C] () -- C:\Users\Lorna\AppData\Local\housecall.guid.cache
[2010/09/22 08:57:37 | 000,033,134 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\UserTile.png
[2010/09/13 08:10:50 | 000,149,504 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\SharedSettings.ccs
[2010/08/27 16:51:33 | 000,000,132 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/08/17 11:14:46 | 002,064,206 | ---- | C] () -- C:\Users\Lorna\vichallflyerfinal.pdf
[2010/06/30 16:48:41 | 000,004,943 | ---- | C] () -- C:\ProgramData\pyknfeyt.slj
[2010/06/21 08:25:44 | 000,000,104 | ---- | C] () -- C:\Users\Lorna\AppData\Roaming\wklnhst.dat
[2010/05/10 08:55:47 | 000,135,441 | ---- | C] () -- C:\Program Files\VH1946-09.jpg
[2008/01/18 21:23:30 | 000,031,766 | ---- | C] () -- C:\Users\Lorna\20067.tdb
[2008/01/18 21:22:33 | 000,000,407 | ---- | C] () -- C:\Users\Lorna\tbook.properties
 
========== ZeroAccess Check ==========
 
[2009/08/19 09:40:19 | 000,054,458 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1062119836-663356838-3640058548-1001\$R819B5X\My Downloaded Artwork\Metallic Alphabet\L.png
[2009/08/19 09:40:42 | 000,077,456 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1062119836-663356838-3640058548-1001\$R819B5X\My Downloaded Artwork\Metallic Alphabet\N.png
[2009/08/19 09:42:00 | 000,069,609 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1062119836-663356838-3640058548-1001\$R819B5X\My Downloaded Artwork\Metallic Alphabet\U.png
[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 09:59:19 | 014,164,480 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 09:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/02/10 12:09:24 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Avant Downloader
[2012/04/02 13:09:02 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Azureus
[2012/04/02 13:09:02 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\BeadTool
[2012/08/15 20:17:46 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Canon
[2010/07/23 20:43:03 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/02 13:08:04 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Chrysanth
[2010/09/15 20:26:58 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\CoffeeCup Software
[2010/07/27 15:55:43 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/05/10 16:24:20 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Craftwell Inc
[2012/04/02 13:08:05 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\CTdeveloping
[2010/06/18 21:52:46 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\CustomBrushesMini
[2013/11/06 12:30:57 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Dashlane
[2013/10/19 12:33:25 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\DAZ 3D
[2010/08/11 09:06:07 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\DeviceDoctorSoftware
[2013/11/07 21:19:15 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Dropbox
[2012/05/10 17:06:29 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\eCraftShop Pro
[2010/08/30 19:35:45 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Filter Forge Freepack 3 - Frames
[2012/04/02 13:09:03 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\gtk-2.0
[2011/01/21 23:19:58 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\inkscape
[2011/09/15 15:10:27 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Kaleider
[2012/03/19 20:29:22 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\LumaPix
[2012/04/02 13:09:04 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Maxthon2
[2012/05/02 18:03:16 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\NexusFont
[2010/06/07 01:01:05 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Nuance
[2012/04/05 16:02:11 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\onOne Software
[2012/04/02 13:08:22 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Opera
[2010/09/07 10:00:26 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\PC Suite
[2010/09/22 08:57:36 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\PeerNetworking
[2010/07/19 11:06:22 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\PhotoEchoes
[2012/04/02 13:08:22 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Poser Debut
[2012/04/02 13:09:05 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\PowerCinema
[2012/04/02 13:09:05 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Q-Dir
[2012/04/02 13:08:37 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Serif
[2012/04/02 13:09:06 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\SoftDMA
[2011/09/14 15:34:38 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\SPE
[2010/07/27 20:43:06 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/06/21 08:25:51 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Template
[2012/04/02 13:08:39 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Trusteer
[2012/05/04 20:52:46 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\XnView
[2012/03/30 17:03:32 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Yandex
[2012/04/02 13:08:40 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\Zeon
[2011/11/03 10:59:55 | 000,000,000 | ---D | M] -- C:\Users\Lorna\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.ADML  >
[2009/07/14 02:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2009/06/10 20:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 06:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/26 06:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 06:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/10/05 15:46:38 | 003,167,656 | ---- | M] (Safer-Networking Ltd.) MD5=0AB68BFCE1579A61C36B79CAAFDCE992 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
[2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 05:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 06:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 12:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 06:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 06:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 05:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 13:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 06:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 05:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 01:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 06:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 06:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 06:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2009/07/14 02:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/14 02:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/14 02:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/14 02:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui
 
< MD5 for: EXPLORER.EXE-03C49D11.PF  >
[2013/11/07 21:00:27 | 000,204,044 | ---- | M] () MD5=437A1EC8FFBB8C329F4911AC239FBBF1 -- C:\Windows\Prefetch\EXPLORER.EXE-03C49D11.pf
 
< MD5 for: IEXPLORE.BAT  >
[2013/10/15 22:05:47 | 000,031,414 | ---- | M] () MD5=75C9C20DD9839BF287B43B0E179822DC -- C:\Users\Lorna\AppData\Local\Temp\jrt\iexplore.bat
 
< MD5 for: IEXPLORE.EXE  >
[2011/11/05 05:28:03 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=0377589BF14A6E5667B730D6D6DB59B4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16912_none_0fae4f323e42a646\iexplore.exe
[2010/09/08 04:36:39 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=14803EA3E5DD7CB37CB446C74CFDA38F -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_1a39121b8bff3c23\iexplore.exe
[2011/04/22 20:15:52 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=281C23EC5BCB1853A5D571F1A6E52FB1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_101e7c5957724e1d\iexplore.exe
[2009/07/14 01:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2011/12/16 08:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=38668C6CADABC9487C683FADD3D165D0 -- C:\Windows\SoftwareDistribution\Download\b0feba321cfd1099562f871d1ce948a1\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16930_none_19eb591872b56d75\iexplore.exe
[2011/08/20 04:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=41FE5E37EFE0B587A688BA0E4FA41288 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_19d3ea0872c5a830\iexplore.exe
[2011/11/05 05:34:31 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=441C397A9ECF07747920F7F5E40B419B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21085_none_0fef13a357968bc7\iexplore.exe
[2010/09/08 05:37:57 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=4879CB864E290BED38C5BDB641144B1B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_0fe467c9579e7a28\iexplore.exe
[2010/09/08 05:49:01 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=498035ABCCF1ED47AE6791D239187587 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_0f6c69ae3e743d20\iexplore.exe
[2010/11/04 05:54:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=58CF468D3FF4CF830339FE5E45356355 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_1a0bc510729d1f54\iexplore.exe
[2010/09/08 04:31:24 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=61EDBCE47ADF3E52AB0B9F49EE4AEBB8 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_19c1140072d4ff1b\iexplore.exe
[2011/04/22 19:29:16 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=64EFAF916C4009F1B84153D0BB491FB0 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_1a0bc6f6729d1c7b\iexplore.exe
[2010/11/04 05:54:59 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6B2258FF6D2332073FE9E90122FA4168 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1a75f2618bd22c48\iexplore.exe
[2011/06/21 06:14:22 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=6B2383EDA3956983E3219A62D8408DAB -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_0fe16ab757a12871\iexplore.exe
[2011/06/21 05:25:30 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6BB506124872ACDFAC5BD912CA1334CE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_1a3615098c01ea6c\iexplore.exe
[2010/12/18 06:17:48 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=700B40EA39DFB25517A81032F03D6D20 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_0fa37b7a3e4ac7e9\iexplore.exe
[2010/11/20 13:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2010/12/18 06:11:10 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=8C6C32E4AF8A3D7155656F5897C504E0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1000d84b5789be20\iexplore.exe
[2011/11/05 04:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=8ED7C19AEFA3673AADB0D6864B03FBCE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16912_none_1a02f98472a36841\iexplore.exe
[2012/02/20 10:18:11 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2012/02/20 10:18:11 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
[2010/12/18 05:32:25 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=9321CF0D023528C71E3645F8433C86C8 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1a55829d8bea801b\iexplore.exe
[2011/06/21 05:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=A3AB0A260049BE22AB52E302D9220A92 -- C:\Windows\ERDNT\cache86\iexplore.exe
[2011/06/21 05:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=A3AB0A260049BE22AB52E302D9220A92 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_19f459cc72ad545d\iexplore.exe
[2011/12/16 08:45:57 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=A3F56CED7B94A30BE8954387F0E2B5D2 -- C:\Windows\SoftwareDistribution\Download\b0feba321cfd1099562f871d1ce948a1\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16930_none_0f96aec63e54ab7a\iexplore.exe
[2011/11/05 04:39:45 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=A8A14CD0CB499B80412F75D53996AE29 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21085_none_1a43bdf58bf74dc2\iexplore.exe
[2010/12/18 05:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AA08B68EF4E35EFA170CF85A44B23B70 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_19f825cc72ab89e4\iexplore.exe
[2011/02/24 05:45:11 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AB2BB40A5FE49AD236791AC22BD08869 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1a9d66118bb386fd\iexplore.exe
[2011/08/20 05:46:07 | 000,696,576 | ---- | M] (Microsoft Corporation) MD5=AC1CC7CD5CBE60EFF105BB3C0DC199C5 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_0f7f3fb63e64e635\iexplore.exe
[2011/06/21 06:21:24 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=B38DE184AC135A4B0AE7D286476FA33F -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_0f9faf7a3e4c9262\iexplore.exe
[2011/02/24 06:29:19 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=B4881B8F6EDB48CABD44BCC9FB5475C4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1048bbbf5752c502\iexplore.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2011/12/16 08:42:35 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=C152529FD67ABB61F0609EF5A299794C -- C:\Windows\SoftwareDistribution\Download\b0feba321cfd1099562f871d1ce948a1\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21108_none_104895c75752f56b\iexplore.exe
[2011/12/16 09:19:51 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=C53E41F92B19EC97D987F968403BEC49 -- C:\Windows\SoftwareDistribution\Download\b0feba321cfd1099562f871d1ce948a1\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21108_none_1a9d40198bb3b766\iexplore.exe
[2010/11/20 12:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2011/02/24 05:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C6697A46554E36541E81182B258A19D6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_19d0e74472c85f04\iexplore.exe
[2011/08/20 05:42:38 | 000,696,576 | ---- | M] (Microsoft Corporation) MD5=C66C8BF791F9DB974022506265518EE0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_102322ab576fcd64\iexplore.exe
[2011/04/22 20:16:25 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=D6F57A9ECB4606076FB9519D1698FCBA -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_0fb71ca43e3c5a80\iexplore.exe
[2010/11/04 06:37:41 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=D8E00EA671A1EFE95C69C7566C505AD4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_0fb71abe3e3c5d59\iexplore.exe
[2011/02/24 06:32:09 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=E1BBDE0F187194D4B08335234A4B9FC7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_0f7c3cf23e679d09\iexplore.exe
[2010/11/04 06:42:22 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=E220FB009F54AAF649C6A278A5156764 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1021480f57716a4d\iexplore.exe
[2012/02/20 10:18:00 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Program Files\Internet Explorer\iexplore.exe
[2012/02/20 10:18:00 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe
[2009/07/14 01:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
[2011/04/22 19:11:29 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=F94877A94996B3C12BB31AD722840457 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_1a7326ab8bd31018\iexplore.exe
[2011/08/20 04:32:44 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=FA623BE79902A7B49FF4F21117B63C83 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_1a77ccfd8bd08f5f\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2012/02/20 10:18:01 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2012/02/20 10:18:01 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2012/02/20 10:18:15 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2012/02/20 10:18:15 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2009/07/14 02:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui
[2009/07/14 02:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/14 02:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui
[2009/07/14 02:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui
 
< MD5 for: SERVICES  >
[2009/06/10 21:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.DAT  >
[2013/10/15 19:36:22 | 000,003,075 | ---- | M] () MD5=6806FCE3B99E6913439FB220BF6544B0 -- C:\Users\Lorna\AppData\Local\Temp\jrt\services.dat
 
< MD5 for: SERVICES.DTD  >
[2012/03/28 20:40:18 | 000,007,693 | ---- | M] () MD5=0167EEA0CD182E558850B3E3BF241D88 -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{06990470-8417-465F-8B58-A3008B344A95}\locale\ru\services.dtd
[2012/03/28 20:40:18 | 000,007,080 | ---- | M] () MD5=5ED0DE2E8771F3061E8A5EA7E83858C4 -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{06990470-8417-465F-8B58-A3008B344A95}\locale\en\services.dtd
[2012/03/28 20:40:18 | 000,007,679 | ---- | M] () MD5=6F349841B35825885251E27954AC2F43 -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{06990470-8417-465F-8B58-A3008B344A95}\locale\be\services.dtd
[2012/03/28 20:40:18 | 000,007,109 | ---- | M] () MD5=863C33EF25373CD8D1103ECEDF027D6F -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{06990470-8417-465F-8B58-A3008B344A95}\locale\cs\services.dtd
[2012/03/28 20:40:18 | 000,007,701 | ---- | M] () MD5=B0758798DEEF23E1D7EF07112D281FCA -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{06990470-8417-465F-8B58-A3008B344A95}\locale\uk\services.dtd
[2012/03/28 20:40:18 | 000,007,859 | ---- | M] () MD5=ECD85452EF5E94D66560797B64751E28 -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{06990470-8417-465F-8B58-A3008B344A95}\locale\kk\services.dtd
[2012/03/28 20:40:18 | 000,007,088 | ---- | M] () MD5=F2F23D6C79AF6CE288C9CC71A99A8C59 -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\branding\{06990470-8417-465F-8B58-A3008B344A95}\locale\tr\services.dtd
 
< MD5 for: SERVICES.EXE  >
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2009/07/14 02:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/14 02:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.JS  >
[2013/10/19 11:09:43 | 000,005,711 | ---- | M] () MD5=92C58E360CF2E2E364275DB15E9D0289 -- C:\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.10.0_0\scripts\services.js
 
< MD5 for: SERVICES.LNK  >
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 20:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 20:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/07/14 02:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 20:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/14 02:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/14 02:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 20:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/14 02:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 20:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 20:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SERVICES.SBS  >
[2011/03/01 09:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy 2\Includes\Services.sbs
 
< MD5 for: SERVICES.XML  >
[2012/03/28 20:40:29 | 000,018,507 | ---- | M] () MD5=C4950F1359292A158B143327D6AEB90B -- C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yandex\Toolbar\packages\{D02A3D80-B37F-4DB7-8B7A-3E07D5239D7F}\services\services.xml
 
< MD5 for: WINLOGON.ADML  >
[2009/07/14 02:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2009/06/10 21:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 13:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 01:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 07:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 06:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009/10/28 06:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 06:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2010/11/20 13:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
[2009/07/14 02:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2009/07/14 02:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui
 
< MD5 for: WINLOGON.MFL  >
[2009/07/14 02:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/14 02:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2009/07/13 20:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 20:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2013/10/30 18:33:49 | 000,028,220 | ---- | M] () -- C:\aaw7boot.log
[2013/10/27 10:54:50 | 000,000,002 | ---- | M] () -- C:\AvastSetup.log
[2009/07/14 01:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/07/27 20:40:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/07/02 08:51:00 | 000,013,757 | ---- | M] () -- C:\CDAVFSuser.log
[2010/07/01 09:01:47 | 000,017,570 | ---- | M] () -- C:\CDAVFSuserBackup.log
[2011/10/09 12:17:21 | 000,045,546 | ---- | M] () -- C:\ComboFix.txt
[2008/10/27 13:19:23 | 000,064,883 | ---- | M] () -- C:\converterv_mzr64rr1.jar
[2008/10/08 11:48:50 | 000,075,174 | ---- | M] () -- C:\CybDefInstallInfo.log
[2008/10/27 13:30:51 | 000,132,104 | ---- | M] () -- C:\dap050015_ciqqkzpv.jar
[2012/05/01 23:21:53 | 000,000,089 | ---- | M] () -- C:\data
[2002/07/28 23:40:00 | 001,059,840 | ---- | M] (Auto FX Software) -- C:\DS_Bonus_Plugin.8bf
[2012/01/09 18:10:47 | 000,461,824 | -HS- | M] () -- C:\EUMONBMP.SYS
[2010/01/03 00:00:36 | 000,004,047 | ---- | M] () -- C:\EyeCandyLog.txt
[2009/01/04 07:40:46 | 000,003,275 | ---- | M] () -- C:\flpalbm.opf
[2008/10/27 13:17:57 | 000,060,114 | ---- | M] () -- C:\gintris_u77v9ril.jar
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2008/10/27 13:08:33 | 000,051,408 | ---- | M] () -- C:\greatertha_bhihclc7.jar
[2005/01/21 04:12:14 | 000,000,011 | ---- | M] () -- C:\H07542EN.tag
[2013/11/07 20:57:59 | 3217,235,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/29 10:39:32 | 000,016,629 | ---- | M] () -- C:\hijackthis.log
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2010/02/25 09:20:32 | 000,000,490 | ---- | M] () -- C:\INSTALL.LOG
[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2012/01/19 16:57:49 | 000,000,863 | ---- | M] () -- C:\InstallHelper.log
[2010/03/22 18:11:13 | 000,696,747 | ---- | M] () -- C:\jemshorthair1.jpg
[2010/03/22 18:11:33 | 001,754,727 | ---- | M] () -- C:\jemshorthair2.jpg
[2010/03/22 18:12:13 | 000,650,199 | ---- | M] () -- C:\jemshorthair3.jpg
[2010/03/22 18:13:01 | 000,916,381 | ---- | M] () -- C:\jemshorthair4.jpg
[2010/03/22 18:13:42 | 001,051,683 | ---- | M] () -- C:\jemshorthair6.jpg
[2010/03/22 18:14:35 | 000,761,656 | ---- | M] () -- C:\jemshorthair7.jpg
[2010/03/22 18:15:11 | 000,838,946 | ---- | M] () -- C:\jemshorthair8.jpg
[2009/03/23 21:26:52 | 000,047,183 | ---- | M] () -- C:\me.jpg
[2010/03/22 18:07:55 | 001,293,737 | ---- | M] () -- C:\merlinlas4t.jpg
[2010/03/22 18:00:47 | 000,654,981 | ---- | M] () -- C:\merlinlast1.jpg
[2010/03/22 18:01:29 | 000,709,909 | ---- | M] () -- C:\merlinlast2.jpg
[2010/03/22 18:02:11 | 000,833,637 | ---- | M] () -- C:\merlinlast3.jpg
[2010/03/22 18:08:37 | 000,599,749 | ---- | M] () -- C:\merlinlast5.jpg
[2010/03/22 18:09:28 | 000,565,526 | ---- | M] () -- C:\merlinlast6.jpg
[2010/03/22 18:10:08 | 000,596,533 | ---- | M] () -- C:\merlinlast7.jpg
[2000/05/21 23:00:00 | 000,115,920 | ---- | M] (Microsoft Corporation) -- C:\Msinet.ocx
[2002/01/05 02:38:38 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\msvci70.dll
[2013/11/07 20:58:02 | 4289,650,688 | -HS- | M] () -- C:\pagefile.sys
[2009/09/04 16:15:12 | 000,003,011 | RHS- | M] () -- C:\Patch.rev
[2010/05/09 18:16:33 | 000,000,218 | RHS- | M] () -- C:\Preload.rev
[2009/04/23 19:46:30 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\psapi.dll
[2007/03/07 16:40:40 | 000,000,345 | ---- | M] () -- C:\RHDSetup (1).log
[2010/05/09 18:25:31 | 000,001,989 | ---- | M] () -- C:\RHDSetup.log
[2008/05/15 15:04:28 | 000,000,479 | ---- | M] () -- C:\sghmmail.ECF
[2009/09/12 22:17:37 | 000,115,224 | ---- | M] () -- C:\snp2sxp-001.raw
[2007/06/11 10:28:58 | 000,000,600 | -H-- | M] () -- C:\SWSTAMP.TXT
[2009/10/26 21:46:58 | 000,005,966 | ---- | M] () -- C:\SyncTraceFile.txt
[2011/04/28 09:07:54 | 000,067,488 | ---- | M] () -- C:\TDSSKiller.2.4.3.0_28.04.2011_10.04.28_log.txt
[2011/10/09 13:26:05 | 000,000,414 | ---- | M] () -- C:\TDSSKiller.2.5.22.0_09.10.2011_14.25.57_log.txt
[2011/09/14 15:30:40 | 000,074,170 | ---- | M] () -- C:\TDSSKiller.2.5.22.0_14.09.2011_16.29.14_log.txt
[2011/10/09 13:30:57 | 000,171,428 | ---- | M] () -- C:\TDSSKiller.2.6.6.0_09.10.2011_14.28.05_log.txt
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/10/05 15:13:30 | 000,470,582 | ---- | M] () -- C:\vcredist_x86.log
[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2008/10/27 13:09:33 | 000,000,839 | ---- | M] () -- C:\worms08_kz4me3av.jad
[2010/11/06 15:56:03 | 003,656,870 | ---- | M] () -- C:\xcards.ppp
[2008/06/04 11:37:03 | 000,000,162 | ---- | M] () -- C:\YServer.txt
[2008/10/27 13:05:41 | 000,269,414 | ---- | M] () -- C:\zuma_mp7zxmpq.jar
[2012/01/09 19:17:22 | 000,004,096 | -HS- | M] () -- C:\{37CC1B76-A9E8-4D00-8A60-DE2D72F75C1D}.CBM
 
< %systemroot%\Fonts\*.com >
[2009/07/14 05:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 05:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 05:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 05:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 20:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2011/11/28 18:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2009/09/22 16:15:26 | 000,220,672 | ---- | M] (Juan Trujillo Tarradas; http://www.jttsoft.com) -- C:\Windows\PhotoEchoes.scr
[2010/11/10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009/07/14 04:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is ACER
 Volume Serial Number is 046D-856D
 Directory of C:\
14/07/2009  05:08    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
14/07/2009  05:08    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
14/07/2009  05:08    <SYMLINKD>     All Users [C:\ProgramData]
14/07/2009  05:08    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
14/07/2009  05:08    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009  05:08    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     My Documents [C:\Users\Default\Documents]
14/07/2009  05:08    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009  05:08    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009  05:08    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009  05:08    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Users\Default\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Lorna
09/05/2010  18:16    <JUNCTION>     Application Data [C:\Users\Lorna\AppData\Roaming]
09/05/2010  18:16    <JUNCTION>     Cookies [C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Cookies]
09/05/2010  18:16    <JUNCTION>     Local Settings [C:\Users\Lorna\AppData\Local]
09/05/2010  18:16    <JUNCTION>     My Documents [C:\Users\Lorna\Documents]
09/05/2010  18:16    <JUNCTION>     NetHood [C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/05/2010  18:16    <JUNCTION>     PrintHood [C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/05/2010  18:16    <JUNCTION>     Recent [C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Recent]
09/05/2010  18:16    <JUNCTION>     SendTo [C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\SendTo]
09/05/2010  18:16    <JUNCTION>     Start Menu [C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Start Menu]
09/05/2010  18:16    <JUNCTION>     Templates [C:\Users\Lorna\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Lorna\AppData\Local
09/05/2010  18:16    <JUNCTION>     Application Data [C:\Users\Lorna\AppData\Local]
09/05/2010  18:16    <JUNCTION>     History [C:\Users\Lorna\AppData\Local\Microsoft\Windows\History]
09/05/2010  18:16    <JUNCTION>     Temporary Internet Files [C:\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Lorna\Documents
09/05/2010  18:16    <JUNCTION>     My Music [C:\Users\Lorna\Music]
09/05/2010  18:16    <JUNCTION>     My Pictures [C:\Users\Lorna\Pictures]
09/05/2010  18:16    <JUNCTION>     My Videos [C:\Users\Lorna\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile
06/09/2010  17:51    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
06/09/2010  17:51    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
06/09/2010  17:51    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
06/09/2010  17:51    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/09/2010  17:51    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/09/2010  17:51    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
06/09/2010  17:51    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
06/09/2010  17:51    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
06/09/2010  17:51    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local
06/09/2010  17:51    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
06/09/2010  17:51    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
06/09/2010  17:51    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\Documents
06/09/2010  17:51    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
06/09/2010  17:51    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
06/09/2010  17:51    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile
06/09/2010  17:51    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
06/09/2010  17:51    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
06/09/2010  17:51    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
06/09/2010  17:51    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/09/2010  17:51    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/09/2010  17:51    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
06/09/2010  17:51    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
06/09/2010  17:51    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
06/09/2010  17:51    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
06/09/2010  17:51    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
06/09/2010  17:51    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
06/09/2010  17:51    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
06/09/2010  17:51    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
06/09/2010  17:51    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
06/09/2010  17:51    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              79 Dir(s)  292,182,855,680 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/03/29 09:35:59 | 000,000,286 | -HS- | M] () -- C:\Users\Lorna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2012/02/23 14:27:21 | 000,000,221 | -HS- | M] () -- C:\Users\Lorna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
[2013/11/07 20:39:13 | 001,073,262 | ---- | M] () -- C:\Users\Lorna\Desktop\AdwCleaner.exe
[2013/11/03 11:59:04 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Lorna\Desktop\aswMBR.exe
[2013/10/29 10:54:05 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Lorna\Desktop\HijackThis.exe
[2013/11/04 11:04:37 | 001,033,335 | ---- | M] (Thisisu) -- C:\Users\Lorna\Desktop\JRT.exe
[2013/11/03 22:26:49 | 012,576,792 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Lorna\Desktop\mbar-1.07.0.1007.exe
[2013/11/03 12:02:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lorna\Desktop\OTL.exe
[2013/11/03 21:51:16 | 010,031,224 | ---- | M] (VS Revo Group                                               ) -- C:\Users\Lorna\Desktop\RevoUninProSetup.exe
[2013/11/03 11:58:42 | 000,891,184 | ---- | M] () -- C:\Users\Lorna\Desktop\SecurityCheck.exe
 
< %PROGRAMFILES%\Common Files\*.* >
[2009/02/10 19:23:42 | 000,192,484 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acer GameZone online.ico
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Base Services ==========
SRV:64bit: - [2009/07/14 01:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2009/07/14 01:40:01 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 01:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2009/07/14 01:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2009/07/14 01:40:10 | 000,703,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 07:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 01:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 01:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2009/07/14 01:40:13 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2009/07/14 01:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2009/07/14 01:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2009/07/14 01:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2009/07/14 01:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 01:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 06:17:10 | 000,182,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 01:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 01:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 01:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 01:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009/07/14 01:41:10 | 000,500,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/14 01:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 01:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 01:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 01:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 01:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2009/07/14 01:41:52 | 000,302,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 01:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 11:21:59 | 000,404,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2010/08/21 06:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 07:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 01:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2009/07/14 01:41:53 | 000,343,552 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2009/07/14 01:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2009/07/14 01:41:53 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 07:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2010/12/21 06:16:27 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/08/27 06:14:02 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2009/07/14 01:41:54 | 000,369,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/14 01:16:14 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/02 05:16:53 | 001,114,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2009/07/14 01:41:55 | 000,316,416 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 01:16:15 | 000,241,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 01:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/14 01:41:53 | 000,208,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2009/07/14 01:39:50 | 001,598,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2009/07/14 01:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2009/07/14 01:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2009/07/14 01:41:53 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:41:56 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2009/07/14 01:41:27 | 000,824,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2009/07/14 01:41:56 | 000,578,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2009/07/14 01:39:21 | 000,127,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2009/07/14 01:14:25 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 01:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 22:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2009/07/14 01:40:32 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 01:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2009/07/14 01:41:56 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HTS545050B9A300
Partitions: 4
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HTS545050B9A300
Partitions: 1
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 12.00GB
Starting Offset: 1048576
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 4.00GB
Starting Offset: 12583960576
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 16342056960
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #3
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 450.00GB
Starting Offset: 16446914560
Hidden sectors: 0
 
 
DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 466.00GB
Starting Offset: 32256
Hidden sectors: 0
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\wordchart1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\WM0270.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Weave-ItBkTwo.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Weave-ItBkThree.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\vintage_knitting_tips.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\vintage_knitting_tips.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\vertigo-source.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\vertigo-logo-source.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\vertigo-footer-source.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Valsaddress.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\tyroknit.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\TheWeave-ItBook.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\testpdf.PDF:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\TechniqueColoredPencil.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\sv_028.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\surveys.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\stitchy.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\steampunk-bug.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\star_template.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\stamford-artisans-guild-logo.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Spool221.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\showcase-source.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Sea%20Breeze%20Angelina%20instructions.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\SAGE INVOICES.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\replicant2-source.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\PRESS RELEASEoldword.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\press release vic hall lorna.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\pic for payperhour.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\pdftedst.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\paper doll maryjane.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\office10beta.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\OFFICE PROFESSIONAL KEY.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\mywatchmanual.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Mysnowflakes.rtf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Mysnowflakes.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Microsoft Word - r conboy webvert march 08.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\m names.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\linked in us search.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\len and nell page 11 i think cmyk.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\LayoutTool - Legacy.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\JumpingJacks.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\JumpingJacks(1).pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\joomla_15_quickstart.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\jemjoker.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\jemcvnewtxtonly.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\jem cv.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\jem cv new.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\jem coverletterbarclays.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\IS SHAKESPEARE DEAD.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\invite square copy.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Inside Front Cover.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\inside back cover cmyk.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\High-Raw-Kevin-Gianni.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\hhswholething.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\heartsnflowerspng.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\HEARTSfinal layout2up.docx.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\HEARTSfinal layout.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Hearts.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Heart_templates.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\googlebase-ezlibris-200806231005.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\googlebase-ezlibris-200806230956.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\front cover cmyk.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\From the time I was a little girl.pps:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\fox2crop.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\flowersp.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\flower_template.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\flower.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\floralpeyote v2.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\floral1peyote1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\floral1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\floral1 peyote1.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\farm1a.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\ETSToysB.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\ETSToysA.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Elfic_doll.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\dvlalicenceapp.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\CTMJanFeb08 FINAL.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\CTFEB07CrochetFroggyHatCheerioEssentials.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\cs5serial.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\COURIER.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\CorelDRAW Graphics Suite X3.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\copyrightnotice.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\copyrightnotice.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\cctreescrop.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\cash_book_pro_v2.0.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Card07.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Card06.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\Card04.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\calendar_organizer_months.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\broadsheetsteampunk.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\BABYmocsBtys.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\B023_ebook.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\amclassical_silent_night.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\alicewivbaby.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Lorna\Documents\aglaciercrop.JPG:Roxio EMC Stream
@Alternate Data Stream - 452 bytes -> C:\Users\Lorna\Documents\vichallflyerfinal.ppp:SummaryInformation
@Alternate Data Stream - 436 bytes -> C:\xcards.ppp:SummaryInformation
@Alternate Data Stream - 432 bytes -> C:\Users\Lorna\Documents\alice1.ppp:SummaryInformation
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:BC3DB898
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:2B11E0DF

< End of report >
 

Thanks



#20 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 07 November 2013 - 11:20 PM

Hi fellfromgrace,

bullseye_zpse9eaf36e.gif Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
  • Java 6 Update 20
  • Adobe Reader 9
=========================
bullseye_zpse9eaf36e.gif Update Java
  • Get the current version of Java (Version 7 Update 45) by going to http://java.com/en/d...d/installed.jsp
  • Select the Verify Java Version button and follow the onscreen instructions to update if necessary.
=========================

bullseye_zpse9eaf36e.gif Adobe Reader:

Go to http://get.adobe.com.../otherversions/
  • Use the drop down menu's to select your operating system
  • Select your language > Select The current version of Adobe Reader for your language
  • Remove the check mark from the box "Free! McAfee Security Scan Plus"
  • Click the Download button, and follow the onscreen directions to complete the installation.
Please note, depending on your settings, you may have to temporarily disable your antivirus software for the Adobe Reader update.

=========================

bullseye_zpse9eaf36e.gif Disk Defragmenter in Windows 7

Click on the Start button, and type in "disk defragmenter" in the search window at the bottom.
"Disk Defragmenter" should appear at the top of the search results, click to open.

(a window similar to the one below will open)

DefragMainScrn.png

Locate your primary hard drive (usually C:), and select it.

HardDriveFragmentation.png

Next select the Defragment Disk button. Monitor the progress if you choose.

DefragStatus.png

Close when the defrag process has been completed.

= = = = = = = = = =

You can also Schedule the Disk Defragmenter to run on a predetermined schedule.

From the main Disk Defragmenter window

DefragMainScrn.png

Select the Configure / Schedule button

Schedule.png

Select a date and time that best suits your needs.
Close when finished.

=========================

In your next post please provide the following:
  • How's the computer running?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#21 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 09 November 2013 - 04:09 PM

Thank you so much for your help. I have done all of the above and will give a good testing tomorrow. It certainly seems to be running better now anyway ... once this is OK I will have to start on the other laptop!



#22 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 09 November 2013 - 10:59 PM

Hi fellfromgrace,
 

Thank you so much for your help. I have done all of the above and will give a good testing tomorrow. It certainly seems to be running better now anyway ... once this is OK I will have to start on the other laptop!


It's important that you follow through with the remainder of the steps I will outline. Absence of symptoms doesn't necessarily translate into malware free. We are making progress so please stay with me until I give you the "all clean" sign. :thumbup:

=========================

You reference a laptop that needs looking at. If so, we can just continue in this thread after we wrap up the computer we are working on right now.

=========================

bullseye_zpse9eaf36e.gif Malwarebytes' Anti-Malware

Locate Malwarebytes' Anti-Malware (it should be on your desktop).
If not, download it here
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================


bullseye_zpse9eaf36e.gif ESET Online Scanner

*Note:
  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.
=========================

In your next post please provide the following:
  • MBAM log
  • ESET's log.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#23 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 10 November 2013 - 01:31 PM

Hi, It seems to be working fine now thanks. Daz crashed once but that was more a Daz issue than the laptop ... and so far it hasn't locked up or slowed to a crawl so I'll go ahed and update the processor and memory on this one and then think about looking at the other one.

Thank you so much for your help

:-D


Edited by fellfromgrace, 10 November 2013 - 01:36 PM.


#24 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 10 November 2013 - 01:40 PM

sorry please ignore last post, didn't see the last one of yours ... so I will do all you have suggested and get back to you, I am filling in a bit here as it keeps telling me that THIS post is too short! I keep trying but it won't accept it ...



#25 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 11 November 2013 - 05:48 AM

Hi, I ran both as directed. There were no malicious items found by either program. The only slsightly strnage thing was that eset reported that Avira and Comodo were both present. I had switched off Avira, and as you know, earlier had removed Avira. Eset took several hours to run so i had to leave it overnight, switched comodo back on this morning and ran a quick scan with Malware Bytes and again nothing reported.

 

 

here's the original MBAM log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.10.04

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Lorna :: LORNA-PC [administrator]

10/11/2013 19:44:01
mbam-log-2013-11-10 (19-44-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 250793
Time elapsed: 28 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

The last one I did is identical ...


    Advertisements

Register to Remove


#26 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 11 November 2013 - 12:03 PM

Hi fellfromgrace,

Your log appears to be clean. :thumbup:

We have a few items to take care of before we get to the All Clean Speech.

=========================

bullseye_zpse9eaf36e.gif Clean up with OTL:

  • Right-click OTL.exe select "Run as Administrator" to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

=========================

bullseye_zpse9eaf36e.gif Removing/Uninstalling AdwCleaner:

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.

=========================

bullseye_zpse9eaf36e.gif You can now delete any tools and/or logs remaining on your desktop.

=========================

bullseye_zpse9eaf36e.gif Disable Java in Web Browsers

There is a vulnerability with regards to Java and web browsers. Therefore, we recommend to disable java in web browsers.
More information can be found here: http://www.techsuppo...ers-683721.html

  • Click on the Start button and then click on the Control Panel option.
  • In the Control Panel Search enter Java Control Panel.
  • Click on the Java icon to open the Java Control Panel.

javadisable1_zps19e32961.jpg

Disable Java through the Java Control Panel

  • In the Java Control Panel, click on the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser.
  • Click Apply. When the Windows User Account Control (UAC) dialog appears, allow permissions to make the changes.
  • Click OK in the Java Plug-in confirmation window.
  • Restart the browser for changes to take effect.

javadisable2_zps5a2f5c6d.jpg

=========================

bullseye_zpse9eaf36e.gif Windows 7 Service Pack 1 (SP1)  < ---- IMPORTANT

Windows 7 Service Pack 1 (SP1) is an important update that includes previously released security, performance, and stability updates for Windows 7. Installing SP1 helps keep Windows 7 up to date. For more information, see What's included in Windows 7 Service Pack 1 (SP1).
How to get SP1

The recommended (and easiest) way to get SP1 is to turn on automatic updating in Windows Update in Control Panel, and wait for Windows 7 to notify you that SP1 is ready to install. It takes about 30 minutes to install, and you'll need to restart your computer about halfway through the installation.
To learn if Windows 7 SP1 is already installed

Click the Start button, right-click Computer, and then click Properties.

If Service Pack 1 is listed under Windows edition, SP1 is already installed on your computer.

http://windows.micro...-service-pack-1

=========================

With the above items taken care of let's move on to the All Clean part of the process.

The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Impliment what you need.

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Make your Mozilla Firefox more secure - This can be done by adding these add-ons:

Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

Free Anti-Virus

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here.

Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

 

Then we can move onto your other laptop when you are ready.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#27 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 11 November 2013 - 03:12 PM

I have done all the recommended's above, I am running dashlane as a password manager, and my av AND firewall is Comodo so I have left it at that. NoScript installed ok for Firefox, but I had a bit of a problem with WOT.This was after updating windows. Downloading WOT took an age and eventually I got the same old problem I thought we had cleared .... namely the dreaded fadeout of screen with the blue circle going round and round with 'firefox is not responding' eventually managed to restart computer (CTRL+ALT+DEL didn't want to work, but I did finally get a message saying did I want to close firefox, which I did) So I redownloaded WOT which went much faster this time and then only had a problem trying to use any of the settings, which did not want to work at all. Eventually for some reason, I could use the buttons and seemingly it's ok now. Prior to the problems on this laptop I had updated Windows to SP1 but it was only after this that I had the problems, so I restored to earlier time. I was not sure if it was the Windows update or something else that I had copied over from the other laptop (the one with the same prob) Have just loaded Word and pulled in a doc for alteration. It took a while to be able to edit it with the spinning blue circle and 'not responding' - Lasted about 10-15seconds, reloaded and tried again, same thing happened. However, Daz Studio seems to be working OK. Pageplus works ok too.

#28 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 11 November 2013 - 03:19 PM

OOps I spoke too soon. The render in Daz is now taking ages and I have the blue circle and the 'not responding' back again!


Edited by fellfromgrace, 11 November 2013 - 03:19 PM.


#29 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 11 November 2013 - 03:41 PM

yes, Daz is definitely not working, the render hasn't started and it si just not responding still. Pressign to close the render window brings the message do I want to wait or close. I have to close the app. This is what was happening before. It was OK till I loaded the Windows updates ...  :-(



#30 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 12 November 2013 - 12:28 AM

Hi fellfromgrace,
  • Is Daz a downloaded program or do you have a installation CD?
    • If you have an installation CD, you might need to re-install it.
  • Is Daz updated to the latest version?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users