Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91984 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

pc slows down to crawling pace [Solved]


  • This topic is locked This topic is locked
92 replies to this topic

#61 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 20 November 2013 - 10:10 AM

OTL (PART ONE)

 

OTL logfile created on: 19/11/2013 22:00:15 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lorna Samsung\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
7.92 Gb Total Physical Memory | 5.76 Gb Available Physical Memory | 72.78% Memory free
15.83 Gb Paging File | 13.32 Gb Available in Paging File | 84.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 363.00 Gb Total Space | 153.95 Gb Free Space | 42.41% Space Free | Partition Type: NTFS
Drive D: | 544.30 Gb Total Space | 201.49 Gb Free Space | 37.02% Space Free | Partition Type: NTFS
Drive E: | 1.55 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: LORNASAMSUNG-PC | User Name: Lorna Samsung | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Lorna Samsung\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\Dashlane.exe ()
PRC - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)
PRC - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe (SlimWare Utilities, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
PRC - C:\Program Files (x86)\SAMSUNG\Easy Settings\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\SAMSUNG\Easy Settings\SmartSetting.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\SAMSUNG\Easy Settings\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\SAMSUNG\Easy Settings\EasySpeedUpManager.exe (Samsung Electronics)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\SAMSUNG\Samsung Recovery Solution 5\WCScheduler.exe (SEC)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\Dashlane.exe ()
MOD - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\2.2.5.48404\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.2.2.5.48404.dll ()
MOD - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\2.2.5.48404\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.2.2.5.48404.dll ()
MOD - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\2.2.5.48404\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.2.2.5.48404.dll ()
MOD - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\2.2.5.48404\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.2.2.5.48404.dll ()
MOD - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\2.2.5.48404\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.2.2.5.48404.dll ()
MOD - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\2.2.5.48404\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.2.2.5.48404.dll ()
MOD - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\2.2.5.48404\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.2.2.5.48404.dll ()
MOD - C:\Program Files (x86)\SAMSUNG\Easy Settings\WinCRT.dll ()
MOD - C:\Program Files (x86)\SAMSUNG\Samsung Recovery Solution 5\Resdll.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\SAMSUNG\Easy Settings\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (ExpressCache) -- C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Diskeeper Corporation)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (DAZContentManagementService) -- C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (APNMCP) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (excsd) -- C:\Windows\SysNative\drivers\excsd.sys (Diskeeper Corporation)
DRV:64bit: - (excfs) -- C:\Windows\SysNative\drivers\excfs.sys (Diskeeper Corporation)
DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (acpials) -- C:\Windows\SysNative\drivers\acpials.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.facebook.com/http://ww [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 66 1A 89 0A BF BB CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - Extension: Avira SearchFree Toolbar plus Web Protection = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\25.62074_0\
CHR - Extension: Google Translate = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0\
CHR - Extension: Google Docs = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
CHR - Extension: Google Search = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Disconnect = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.10.0_0\
CHR - Extension: Window Close Protector = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnpifgapnmpninomacbhdlconlpikdai\2.2_0\
CHR - Extension: Dashlane = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjojgglmmcghgaiknnpgjgldgaocjfd\2.2.1.47547_0\
CHR - Extension: Google Wallet = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.3_0\
CHR - Extension: Short URL = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\obbdcmhkndhionekooeeiilbicfdkhml\1.0_0\
CHR - Extension: Instagram for Chrome = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\5.1_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.3_0\
CHR - Extension: Gmail = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
O2 - BHO: (Dashlane BHO) - {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\ie\Dashlanei.dll (Dashlane)
O3:64bit: - HKLM\..\Toolbar: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
O3 - HKLM\..\Toolbar: (Dashlane Toolbar) - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\ie\KWIEBar.dll (Dashlane)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Dashlane] C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\Dashlane.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50A13F53-EC63-441F-A34A-E6DCCFCAC1FC}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk C:\
O32 - AutoRun File - [2012/12/12 17:13:16 | 000,000,000 | ---D | M] - D:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/08/13 21:01:17 | 000,000,072 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2008/07/08 11:04:00 | 000,189,808 | R--- | M] (Adobe Systems Incorporated) - E:\Autoplay.exe -- [ CDFS ]
O32 - AutoRun File - [2009/10/28 14:38:28 | 000,000,000 | ---D | M] - E:\Autoplay -- [ CDFS ]
O33 - MountPoints2\{ff947352-2751-11e3-a46d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ff947352-2751-11e3-a46d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autoplay.exe -- [2008/07/08 11:04:00 | 000,189,808 | R--- | M] (Adobe Systems Incorporated)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/19 20:52:11 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Lorna Samsung\Desktop\aswMBR.exe
[2013/11/19 20:52:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lorna Samsung\Desktop\OTL.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/19 22:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/19 21:59:33 | 000,001,942 | ---- | M] () -- C:\Users\Lorna Samsung\Desktop\Dashlane.lnk
[2013/11/19 21:56:21 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/19 21:55:00 | 000,000,512 | ---- | M] () -- C:\Users\Lorna Samsung\Desktop\MBR.dat
[2013/11/19 21:41:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/19 20:57:14 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/19 20:57:14 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/19 20:53:33 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/19 20:53:33 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/19 20:53:33 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/19 20:48:30 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013/11/19 20:48:11 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/11/19 20:47:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/19 20:47:05 | 4204,314,623 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/19 20:29:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lorna Samsung\Desktop\OTL.exe
[2013/11/19 20:29:39 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Lorna Samsung\Desktop\aswMBR.exe
[2013/11/19 20:29:07 | 000,891,200 | ---- | M] () -- C:\Users\Lorna Samsung\Desktop\SecurityCheck.exe
 
========== Files Created - No Company Name ==========
 
[2013/11/19 21:55:00 | 000,000,512 | ---- | C] () -- C:\Users\Lorna Samsung\Desktop\MBR.dat
[2013/11/19 20:52:17 | 000,891,200 | ---- | C] () -- C:\Users\Lorna Samsung\Desktop\SecurityCheck.exe
[2013/10/15 22:12:44 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/10/15 22:12:34 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2013/10/15 22:12:34 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2013/10/14 14:52:09 | 000,003,283 | ---- | C] () -- C:\Users\Lorna Samsung\AppData\Local\recently-used.xbel
[2013/10/13 22:48:03 | 000,007,605 | ---- | C] () -- C:\Users\Lorna Samsung\AppData\Local\Resmon.ResmonCfg
[2013/09/27 08:51:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/09/27 08:23:00 | 000,002,318 | ---- | C] () -- C:\Windows\HotFixList.ini
[2013/09/27 08:11:15 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2013/09/27 08:10:05 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2013/09/27 08:10:05 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2013/09/27 08:10:05 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2013/09/27 08:10:05 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/07/16 11:23:58 | 000,335,872 | ---- | C] () -- C:\Windows\SetupX32.EXE
[2012/04/20 12:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/11/19 21:59:33 | 000,000,000 | ---D | M] -- C:\Users\Lorna Samsung\AppData\Roaming\Dashlane
[2013/10/01 10:00:36 | 000,000,000 | ---D | M] -- C:\Users\Lorna Samsung\AppData\Roaming\DAZ 3D
[2013/09/28 00:38:31 | 000,000,000 | ---D | M] -- C:\Users\Lorna Samsung\AppData\Roaming\MAGIX
[2013/10/12 19:59:55 | 000,000,000 | ---D | M] -- C:\Users\Lorna Samsung\AppData\Roaming\mehdiplugins
[2013/10/04 18:47:24 | 000,000,000 | ---D | M] -- C:\Users\Lorna Samsung\AppData\Roaming\Serif
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.ADML  >
[2010/11/21 07:06:30 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml
[2010/11/21 07:06:30 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2009/06/10 20:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
[2009/06/10 20:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows.old\Windows\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 06:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011/02/26 06:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 03:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/21 03:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows.old\Windows\SysWOW64\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 03:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/11/21 03:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2010/11/21 07:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows.old\Windows\en-US\explorer.exe.mui
[2010/11/21 07:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2010/11/21 07:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2010/11/21 07:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2010/11/21 07:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows.old\Windows\SysWOW64\en-US\explorer.exe.mui
[2010/11/21 07:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui
[2010/11/21 07:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2010/11/21 07:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui
 
< MD5 for: EXPLORER.EXE-254441E9.PF  >
[2013/11/19 21:59:35 | 000,030,146 | ---- | M] () MD5=D089BD0D5E3941DBE87D919E15A2DD2A -- C:\Windows\Prefetch\EXPLORER.EXE-254441E9.pf
 
< MD5 for: EXPLORER.EXE-A80E4F97.PF  >
[2013/11/19 21:59:45 | 000,038,224 | ---- | M] () MD5=C8E5CD9D368C2ECB57A2E9546DDA3D69 -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf
[2013/09/25 11:47:46 | 000,145,718 | ---- | M] () MD5=D0994AFDDF943F5B2C390E2C9123312F -- C:\Windows.old\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf
 
< MD5 for: IEXPLORE.BAT  >
[2013/10/15 22:05:47 | 000,031,414 | ---- | M] () MD5=75C9C20DD9839BF287B43B0E179822DC -- C:\Users\Lorna Samsung\AppData\Local\Temp\jrt\iexplore.bat
 
< MD5 for: IEXPLORE.EXE  >
[2012/06/29 05:02:52 | 000,754,784 | ---- | M] (Microsoft Corporation) MD5=1223ACBFC1093852DFF039E189599BBD -- C:\Windows.old\Program Files\Internet Explorer\iexplore.exe
[2012/06/29 05:02:52 | 000,754,784 | ---- | M] (Microsoft Corporation) MD5=1223ACBFC1093852DFF039E189599BBD -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_0d45fcc9807373c2\iexplore.exe
[2013/09/29 19:34:22 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=351657C79B62B91E16A95AD23EA3710D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_168ab5d61e3c99b7\iexplore.exe
[2013/09/29 19:34:23 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=37287D98A1BF5D56AA729CEB9B27C6B1 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_20df6028529d5bb2\iexplore.exe
[2012/06/29 02:45:31 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=5D03518409F37D1483C98869D86E23FF -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_0dc0c880999cca21\iexplore.exe
[2010/11/21 03:24:43 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2010/11/21 03:24:43 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2011/10/26 00:13:14 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
[2012/06/29 01:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Windows.old\Program Files (x86)\Internet Explorer\iexplore.exe
[2012/06/29 01:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_179aa71bb4d435bd\iexplore.exe
[2013/09/29 19:22:34 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=A818D637533302BA58C685F332388FC0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16506_none_0d6f3dcb8054ce77\iexplore.exe
[2013/09/29 19:22:35 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=AA9CBDCD4675A48755DDA3A73BE3E283 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16506_none_17c3e81db4b59072\iexplore.exe
[2010/11/21 03:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2010/11/21 03:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2013/09/22 23:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=D6B7DDB68436F13C3CAE2B92524F1FEC -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/09/22 23:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=D6B7DDB68436F13C3CAE2B92524F1FEC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_20cf006852aa5f74\iexplore.exe
[2013/09/23 00:01:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=DB352EBF77E8655E0C46B6923F3C9950 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_09f78a2a6c58f471\iexplore.exe
[2013/09/23 01:55:58 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=E9F843E7E412AE9A507FD5ABBBD06462 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_ffa2dfd837f83276\iexplore.exe
[2012/06/28 23:35:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=EB4105348272018D096FEB655CD1608C -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_181572d2cdfd8c1c\iexplore.exe
[2011/10/26 00:13:14 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe
[2013/09/23 01:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=F6A7D9C0BC326F695526069C1DA1E8B7 -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/09/23 01:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=F6A7D9C0BC326F695526069C1DA1E8B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_167a56161e499d79\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2011/10/26 00:14:40 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=0272AAC78F0D1CC205B893CCF5835DC5 -- C:\Windows.old\Program Files (x86)\Internet Explorer\de-DE\iexplore.exe.mui
[2011/10/26 00:14:40 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=0272AAC78F0D1CC205B893CCF5835DC5 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_de-de_6865046bfd99819c\iexplore.exe.mui
[2013/09/29 19:23:59 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=0272AAC78F0D1CC205B893CCF5835DC5 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_de-de_6865046bfd99819c\iexplore.exe.mui
[2011/10/26 00:13:14 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows.old\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2011/10/26 00:13:14 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2013/09/29 19:22:34 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2011/10/26 00:13:14 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows.old\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2011/10/26 00:13:14 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2013/09/29 19:22:35 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2011/10/26 00:15:08 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=60C0AD9B7DA9B1C37ADD811413A71BA4 -- C:\Windows.old\Program Files\Internet Explorer\it-IT\iexplore.exe.mui
[2011/10/26 00:15:08 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=60C0AD9B7DA9B1C37ADD811413A71BA4 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_it-it_93abf93c8241b8eb\iexplore.exe.mui
[2013/09/29 19:24:35 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=60C0AD9B7DA9B1C37ADD811413A71BA4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_it-it_93abf93c8241b8eb\iexplore.exe.mui
[2013/09/29 19:38:04 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6511725A9ACB570CD967BCE68DB2986A -- C:\Program Files (x86)\Internet Explorer\de-DE\iexplore.exe.mui
[2013/09/29 19:38:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6511725A9ACB570CD967BCE68DB2986A -- C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui
[2013/09/29 19:38:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6511725A9ACB570CD967BCE68DB2986A -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_de-de_674bb56c67089ab9\iexplore.exe.mui
[2013/09/29 19:38:04 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6511725A9ACB570CD967BCE68DB2986A -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_de-de_71a05fbe9b695cb4\iexplore.exe.mui
[2013/09/29 19:39:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=65CFBD28C668C938FFB0380BD4849631 -- C:\Program Files (x86)\Internet Explorer\it-IT\iexplore.exe.mui
[2013/09/29 19:39:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=65CFBD28C668C938FFB0380BD4849631 -- C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui
[2013/09/29 19:39:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=65CFBD28C668C938FFB0380BD4849631 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_it-it_9ce7548f20119403\iexplore.exe.mui
[2013/09/29 19:39:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=65CFBD28C668C938FFB0380BD4849631 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_it-it_a73bfee1547255fe\iexplore.exe.mui
[2011/10/26 00:15:08 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6C29D19B759CD0F65AB91C658D5173CA -- C:\Windows.old\Program Files (x86)\Internet Explorer\it-IT\iexplore.exe.mui
[2011/10/26 00:15:08 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6C29D19B759CD0F65AB91C658D5173CA -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_it-it_9e00a38eb6a27ae6\iexplore.exe.mui
[2013/09/29 19:24:36 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6C29D19B759CD0F65AB91C658D5173CA -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_it-it_9e00a38eb6a27ae6\iexplore.exe.mui
[2011/10/26 00:14:40 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6D22C11D8D81000CAEA25B213F1CDD63 -- C:\Windows.old\Program Files\Internet Explorer\de-DE\iexplore.exe.mui
[2011/10/26 00:14:40 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6D22C11D8D81000CAEA25B213F1CDD63 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_de-de_5e105a19c938bfa1\iexplore.exe.mui
[2013/09/29 19:23:59 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6D22C11D8D81000CAEA25B213F1CDD63 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_de-de_5e105a19c938bfa1\iexplore.exe.mui
[2013/09/29 19:34:23 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2013/09/29 19:34:23 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/09/29 19:34:23 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_103c8b6555e6a67e\iexplore.exe.mui
[2013/09/29 19:34:23 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_1a9135b78a476879\iexplore.exe.mui
[2011/10/26 00:14:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=B5ED0B02C0CF0B9B72801814688D5A00 -- C:\Windows.old\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui
[2011/10/26 00:14:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=B5ED0B02C0CF0B9B72801814688D5A00 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_fr-fr_a98402f5ab0fd36d\iexplore.exe.mui
[2013/09/29 19:23:18 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=B5ED0B02C0CF0B9B72801814688D5A00 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_fr-fr_a98402f5ab0fd36d\iexplore.exe.mui
[2009/07/14 02:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/14 02:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2013/09/29 19:37:07 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=D2DA32665FC55F0934C1472BCB98ED33 -- C:\Program Files (x86)\Internet Explorer\fr-FR\iexplore.exe.mui
[2013/09/29 19:37:07 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=D2DA32665FC55F0934C1472BCB98ED33 -- C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui
[2013/09/29 19:37:07 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=D2DA32665FC55F0934C1472BCB98ED33 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_fr-fr_b2bf5e4848dfae85\iexplore.exe.mui
[2013/09/29 19:37:07 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=D2DA32665FC55F0934C1472BCB98ED33 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_fr-fr_bd14089a7d407080\iexplore.exe.mui
[2011/10/26 00:14:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F19C598721DC3B8FC08EF800D7F9C1AF -- C:\Windows.old\Program Files (x86)\Internet Explorer\fr-FR\iexplore.exe.mui
[2011/10/26 00:14:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F19C598721DC3B8FC08EF800D7F9C1AF -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_fr-fr_b3d8ad47df709568\iexplore.exe.mui
[2013/09/29 19:23:19 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F19C598721DC3B8FC08EF800D7F9C1AF -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_fr-fr_b3d8ad47df709568\iexplore.exe.mui
[2009/07/14 02:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui
[2009/07/14 02:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui
 
< MD5 for: IEXPLORE.EXE-4B6C9213.PF  >
[2013/10/19 10:15:00 | 000,067,960 | ---- | M] () MD5=DC155AE08911D3ADB4BEC6A9A993CD11 -- C:\Windows\Prefetch\IEXPLORE.EXE-4B6C9213.pf
 
< MD5 for: IEXPLORE.EXE-908C99F8.PF  >
[2013/10/19 10:12:58 | 000,013,044 | ---- | M] () MD5=138534E330E48CB4C9866DA4EC700DA2 -- C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf
 
< MD5 for: SERVICES  >
[2009/06/10 21:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows.old\Windows\System32\drivers\etc\services
[2009/06/10 21:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
[2009/06/10 21:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.CFG  >
[2013/05/10 07:57:30 | 000,558,879 | ---- | M] () MD5=3679F8D3253DC110D1D8F2AE115EE00C -- C:\Windows.old\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2012/09/23 19:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/09/05 14:04:00 | 000,559,090 | ---- | M] () MD5=8ADD48E413D05BF2E7AEC00173DDFABC -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
[2011/06/06 11:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows.old\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
 
< MD5 for: SERVICES.DAT  >
[2013/10/15 19:36:22 | 000,003,075 | ---- | M] () MD5=6806FCE3B99E6913439FB220BF6544B0 -- C:\Users\Lorna Samsung\AppData\Local\Temp\jrt\services.dat
 
< MD5 for: SERVICES.EXE  >
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows.old\Windows\System32\services.exe
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2010/11/21 07:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows.old\Windows\System32\en-US\services.exe.mui
[2010/11/21 07:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
[2010/11/21 07:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 07:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.JS  >
[2013/09/24 17:12:17 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/24 17:12:17 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/24 17:12:17 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/24 17:12:17 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/24 17:12:17 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/24 17:12:17 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Documents and Settings\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/24 17:12:17 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/24 17:12:17 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/24 17:12:17 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/24 17:12:17 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/24 17:12:17 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/24 17:12:17 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Documents and Settings\Administrator\Local Settings\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/19 08:27:15 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Documents and Settings\Lorna\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/19 08:27:15 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Documents and Settings\Lorna\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/19 08:27:15 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Documents and Settings\Lorna\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/19 08:27:15 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Documents and Settings\Lorna\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/19 08:27:15 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Documents and Settings\Lorna\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/19 08:27:15 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Documents and Settings\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/19 08:27:15 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Documents and Settings\Lorna\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/19 08:27:15 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Documents and Settings\Lorna\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/19 08:27:15 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Documents and Settings\Lorna\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/19 08:27:15 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Documents and Settings\Lorna\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/19 08:27:15 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Documents and Settings\Lorna\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/19 08:27:15 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Documents and Settings\Lorna\Local Settings\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/24 17:12:17 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/24 17:12:17 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/24 17:12:17 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/24 17:12:17 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/24 17:12:17 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/24 17:12:17 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Users\Administrator\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/24 17:12:17 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/24 17:12:17 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/24 17:12:17 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/24 17:12:17 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/24 17:12:17 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/24 17:12:17 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/24 17:12:17 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Users\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/24 17:12:17 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Users\Administrator\Local Settings\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/19 08:27:15 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Users\Lorna\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/19 08:27:15 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Users\Lorna\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/19 08:27:15 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Users\Lorna\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/19 08:27:15 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Users\Lorna\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/19 08:27:15 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Users\Lorna\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/19 08:27:15 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Users\Lorna\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/19 08:27:15 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Users\Lorna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/19 08:27:15 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Users\Lorna\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/19 08:27:15 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Users\Lorna\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/19 08:27:15 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Users\Lorna\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/19 08:27:15 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Users\Lorna\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/19 08:27:15 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Users\Lorna\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/19 08:27:15 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Users\Lorna\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/09/19 08:27:15 | 000,005,481 | ---- | M] () MD5=2837793529A84DEC2DF41C1775ABB331 -- C:\Windows.old\Users\Lorna\Local Settings\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.9.0_0\scripts\services.js
[2013/10/05 22:05:41 | 000,005,711 | ---- | M] () MD5=92C58E360CF2E2E364275DB15E9D0289 -- C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.10.0_0\scripts\services.js
 
< MD5 for: SERVICES.LNK  >
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\ProgramData\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Windows.old\Users\All Users\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOCHIADS.COM.SOL  >
[2012/09/16 19:52:58 | 000,000,351 | ---- | M] () MD5=A7315572B8CAF02B6724AC47B4A28E4F -- C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RA6BPZZE\mochiads.com\services.mochiads.com.sol
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 20:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\System32\wbem\services.mof
[2009/06/10 20:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
[2009/06/10 20:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 20:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2010/11/21 07:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\System32\en-US\services.msc
[2009/06/10 20:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\System32\services.msc
[2010/11/21 07:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\SysWOW64\en-US\services.msc
[2009/06/10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\SysWOW64\services.msc
[2010/11/21 07:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 20:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 07:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2010/11/21 07:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 20:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 07:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 07:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 20:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 07:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 20:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows.old\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 20:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
[2009/07/13 20:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 20:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: WINLOGON.ADML  >
[2010/11/21 07:06:30 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml
[2010/11/21 07:06:30 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2009/06/10 21:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
[2009/06/10 21:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2010/11/21 03:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows.old\Windows\System32\winlogon.exe
[2010/11/21 03:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2010/11/21 03:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 03:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2010/11/21 07:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows.old\Windows\System32\en-US\winlogon.exe.mui
[2010/11/21 07:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
[2010/11/21 07:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2010/11/21 07:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
 
< MD5 for: WINLOGON.MFL  >
[2010/11/21 07:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows.old\Windows\System32\wbem\en-US\winlogon.mfl
[2010/11/21 07:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl
[2010/11/21 07:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2010/11/21 07:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2009/07/13 20:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows.old\Windows\System32\wbem\winlogon.mof
[2009/07/13 20:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
[2009/07/13 20:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 20:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2009/08/04 12:29:34 | 000,000,085 | ---- | M] () -- C:\AUTORUN.INF
[2013/11/19 20:47:05 | 4204,314,623 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/04 16:56:01 | 000,000,404 | ---- | M] () -- C:\InstallHelper.log
[2011/10/24 22:55:04 | 000,000,032 | ---- | M] () -- C:\kiessetup.log
[2013/11/19 20:47:08 | 4204,314,623 | -HS- | M] () -- C:\pagefile.sys
[2012/08/10 16:26:54 | 000,002,426 | ---- | M] () -- C:\ProductS.lcf
[2013/01/22 12:37:55 | 000,003,686 | ---- | M] () -- C:\Readme.txt
[2013/10/15 22:33:21 | 000,002,424 | ---- | M] () -- C:\RHDSetup.log
[2009/01/23 13:55:36 | 000,184,320 | ---- | M] () -- C:\SecSNMP.dll
[2006/12/20 05:27:48 | 000,016,958 | ---- | M] () -- C:\Setup.dat
[2009/08/11 16:48:44 | 000,777,320 | ---- | M] () -- C:\Setup.exe
[2013/10/15 22:33:21 | 000,000,206 | ---- | M] () -- C:\setup.log
[2006/09/01 17:05:22 | 004,218,880 | ---- | M] () -- C:\Ssres.dll
[2013/01/23 11:44:31 | 023,926,031 | ---- | M] () -- C:\stphmkr.chm
[2013/01/23 11:44:31 | 002,756,608 | ---- | M] (Masuji SUTO & David Sykes) -- C:\stphmkre.exe
[2012/07/16 17:51:19 | 000,000,098 | ---- | M] () -- C:\user.js
 
< %systemroot%\Fonts\*.com >
[2009/07/14 05:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 05:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 05:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 05:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 20:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009/07/14 04:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is FCD1-C25E
 Directory of C:\
14/07/2009  05:08    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
14/07/2009  05:08    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
14/07/2009  05:08    <SYMLINKD>     All Users [C:\ProgramData]
14/07/2009  05:08    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
14/07/2009  05:08    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009  05:08    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009  05:08    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     My Documents [C:\Users\Default\Documents]
14/07/2009  05:08    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009  05:08    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009  05:08    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009  05:08    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Users\Default\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Lorna Samsung
27/09/2013  07:16    <JUNCTION>     Application Data [C:\Users\Lorna Samsung\AppData\Roaming]
27/09/2013  07:16    <JUNCTION>     Cookies [C:\Users\Lorna Samsung\AppData\Roaming\Microsoft\Windows\Cookies]
27/09/2013  07:16    <JUNCTION>     Local Settings [C:\Users\Lorna Samsung\AppData\Local]
27/09/2013  07:16    <JUNCTION>     My Documents [C:\Users\Lorna Samsung\Documents]
27/09/2013  07:16    <JUNCTION>     NetHood [C:\Users\Lorna Samsung\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
27/09/2013  07:16    <JUNCTION>     PrintHood [C:\Users\Lorna Samsung\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
27/09/2013  07:16    <JUNCTION>     Recent [C:\Users\Lorna Samsung\AppData\Roaming\Microsoft\Windows\Recent]
27/09/2013  07:16    <JUNCTION>     SendTo [C:\Users\Lorna Samsung\AppData\Roaming\Microsoft\Windows\SendTo]
27/09/2013  07:16    <JUNCTION>     Start Menu [C:\Users\Lorna Samsung\AppData\Roaming\Microsoft\Windows\Start Menu]
27/09/2013  07:16    <JUNCTION>     Templates [C:\Users\Lorna Samsung\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Lorna Samsung\AppData\Local
27/09/2013  07:16    <JUNCTION>     Application Data [C:\Users\Lorna Samsung\AppData\Local]
27/09/2013  07:16    <JUNCTION>     History [C:\Users\Lorna Samsung\AppData\Local\Microsoft\Windows\History]
27/09/2013  07:16    <JUNCTION>     Temporary Internet Files [C:\Users\Lorna Samsung\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Lorna Samsung\Documents
27/09/2013  07:16    <JUNCTION>     My Music [C:\Users\Lorna Samsung\Music]
27/09/2013  07:16    <JUNCTION>     My Pictures [C:\Users\Lorna Samsung\Pictures]
27/09/2013  07:16    <JUNCTION>     My Videos [C:\Users\Lorna Samsung\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old
14/07/2009  05:08    <JUNCTION>     Documents and Settings [C:\Windows.old\Users]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings
14/07/2009  05:08    <SYMLINKD>     All Users [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Default User [C:\Windows.old\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Administrator
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Roaming]
30/05/2012  21:18    <JUNCTION>     Cookies [C:\Windows.old\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies]
30/05/2012  21:18    <JUNCTION>     Local Settings [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     My Documents [C:\Windows.old\Users\Administrator\Documents]
30/05/2012  21:18    <JUNCTION>     NetHood [C:\Windows.old\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
30/05/2012  21:18    <JUNCTION>     PrintHood [C:\Windows.old\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
30/05/2012  21:18    <JUNCTION>     Recent [C:\Windows.old\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent]
30/05/2012  21:18    <JUNCTION>     SendTo [C:\Windows.old\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo]
30/05/2012  21:18    <JUNCTION>     Start Menu [C:\Windows.old\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu]
30/05/2012  21:18    <JUNCTION>     Templates [C:\Windows.old\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Administrator\AppData\Local
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [.]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [.]
30/05/2012  21:18    <JUNCTION>     History [.]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [.]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Administrator\Documents
30/05/2012  21:18    <JUNCTION>     My Music [C:\Windows.old\Users\Administrator\Music]
30/05/2012  21:18    <JUNCTION>     My Pictures [C:\Windows.old\Users\Administrator\Pictures]
30/05/2012  21:18    <JUNCTION>     My Videos [C:\Windows.old\Users\Administrator\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Administrator\Local Settings
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Administrator\Local Settings\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [.]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [.]
30/05/2012  21:18    <JUNCTION>     History [.]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [.]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Administrator\My Documents
30/05/2012  21:18    <JUNCTION>     My Music [C:\Windows.old\Users\Administrator\Music]
30/05/2012  21:18    <JUNCTION>     My Pictures [C:\Windows.old\Users\Administrator\Pictures]
30/05/2012  21:18    <JUNCTION>     My Videos [C:\Windows.old\Users\Administrator\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\All Users
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\All Users\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [.]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [.]
14/07/2009  05:08    <JUNCTION>     Favorites [.]
14/07/2009  05:08    <JUNCTION>     Start Menu [.]
14/07/2009  05:08    <JUNCTION>     Templates [.]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\All Users\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\All Users\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Roaming]
14/07/2009  05:08    <JUNCTION>     Cookies [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009  05:08    <JUNCTION>     Local Settings [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     My Documents [C:\Windows.old\Users\Default\Documents]
14/07/2009  05:08    <JUNCTION>     NetHood [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009  05:08    <JUNCTION>     PrintHood [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009  05:08    <JUNCTION>     Recent [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009  05:08    <JUNCTION>     SendTo [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default\AppData\Local
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default\AppData\Local\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default\AppData\Local\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [.]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [.]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Default\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Default\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default\Local Settings
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default\Local Settings\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default\Local Settings\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default\Local Settings\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default\Local Settings\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [.]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [.]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default\My Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Default\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Default\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default User
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Roaming]
14/07/2009  05:08    <JUNCTION>     Cookies [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009  05:08    <JUNCTION>     Local Settings [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     My Documents [C:\Windows.old\Users\Default\Documents]
14/07/2009  05:08    <JUNCTION>     NetHood [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009  05:08    <JUNCTION>     PrintHood [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009  05:08    <JUNCTION>     Recent [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009  05:08    <JUNCTION>     SendTo [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default User\AppData\Local
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default User\AppData\Local\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default User\AppData\Local\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default User\AppData\Local\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [.]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [.]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default User\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Default\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Default\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default User\Local Settings
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default User\Local Settings\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default User\Local Settings\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default User\Local Settings\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [.]
               0 File(s)              0 bytes

    Advertisements

Register to Remove


#62 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 20 November 2013 - 10:12 AM

OTL (PART TWO)

 

 Directory of C:\Windows.old\Documents and Settings\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [.]
14/07/2009  05:08    <JUNCTION>     History [.]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [.]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Default User\My Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Default\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Default\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Lorna
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Roaming]
30/05/2012  11:00    <JUNCTION>     Cookies [C:\Windows.old\Users\Lorna\AppData\Roaming\Microsoft\Windows\Cookies]
30/05/2012  11:00    <JUNCTION>     Local Settings [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     My Documents [C:\Windows.old\Users\Lorna\Documents]
30/05/2012  11:00    <JUNCTION>     NetHood [C:\Windows.old\Users\Lorna\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
30/05/2012  11:00    <JUNCTION>     PrintHood [C:\Windows.old\Users\Lorna\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
30/05/2012  11:00    <JUNCTION>     Recent [C:\Windows.old\Users\Lorna\AppData\Roaming\Microsoft\Windows\Recent]
30/05/2012  11:00    <JUNCTION>     SendTo [C:\Windows.old\Users\Lorna\AppData\Roaming\Microsoft\Windows\SendTo]
30/05/2012  11:00    <JUNCTION>     Start Menu [C:\Windows.old\Users\Lorna\AppData\Roaming\Microsoft\Windows\Start Menu]
30/05/2012  11:00    <JUNCTION>     Templates [C:\Windows.old\Users\Lorna\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Lorna\AppData\Local
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Lorna\AppData\Local\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Lorna\AppData\Local\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Lorna\AppData\Local\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Lorna\AppData\Local\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Lorna\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Lorna\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Lorna\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Lorna\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Lorna\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Lorna\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Lorna\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [.]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [.]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Lorna\Local Settings
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Lorna\Local Settings\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Lorna\Local Settings\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Lorna\Local Settings\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Lorna\Local Settings\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Lorna\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Lorna\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Lorna\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Lorna\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Lorna\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Lorna\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Lorna\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [.]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [.]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Documents and Settings\Public\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\ProgramData
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\ProgramData\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\ProgramData\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [.]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\ProgramData\Application Data\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\ProgramData\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\ProgramData\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users
14/07/2009  05:08    <SYMLINKD>     All Users [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Default User [C:\Windows.old\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Administrator
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Roaming]
30/05/2012  21:18    <JUNCTION>     Cookies [C:\Windows.old\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies]
30/05/2012  21:18    <JUNCTION>     Local Settings [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     My Documents [C:\Windows.old\Users\Administrator\Documents]
30/05/2012  21:18    <JUNCTION>     NetHood [C:\Windows.old\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
30/05/2012  21:18    <JUNCTION>     PrintHood [C:\Windows.old\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
30/05/2012  21:18    <JUNCTION>     Recent [C:\Windows.old\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent]
30/05/2012  21:18    <JUNCTION>     SendTo [C:\Windows.old\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo]
30/05/2012  21:18    <JUNCTION>     Start Menu [C:\Windows.old\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu]
30/05/2012  21:18    <JUNCTION>     Templates [C:\Windows.old\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Administrator\AppData\Local
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Administrator\AppData\Local\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [.]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Administrator\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [.]
30/05/2012  21:18    <JUNCTION>     History [.]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [.]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Administrator\Documents
30/05/2012  21:18    <JUNCTION>     My Music [C:\Windows.old\Users\Administrator\Music]
30/05/2012  21:18    <JUNCTION>     My Pictures [C:\Windows.old\Users\Administrator\Pictures]
30/05/2012  21:18    <JUNCTION>     My Videos [C:\Windows.old\Users\Administrator\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Administrator\Local Settings
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Administrator\Local Settings\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Administrator\Local Settings\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [C:\Windows.old\Users\Administrator\AppData\Local]
30/05/2012  21:18    <JUNCTION>     History [C:\Windows.old\Users\Administrator\AppData\Local\Microsoft\Windows\History]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [.]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Administrator\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  21:18    <JUNCTION>     Application Data [.]
30/05/2012  21:18    <JUNCTION>     History [.]
30/05/2012  21:18    <JUNCTION>     Temporary Internet Files [.]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Administrator\My Documents
30/05/2012  21:18    <JUNCTION>     My Music [C:\Windows.old\Users\Administrator\Music]
30/05/2012  21:18    <JUNCTION>     My Pictures [C:\Windows.old\Users\Administrator\Pictures]
30/05/2012  21:18    <JUNCTION>     My Videos [C:\Windows.old\Users\Administrator\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\All Users
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\All Users\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\All Users\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\ProgramData]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [C:\Windows.old\Users\Public\Documents]
14/07/2009  05:08    <JUNCTION>     Favorites [C:\Windows.old\Users\Public\Favorites]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [.]
14/07/2009  05:08    <JUNCTION>     Desktop [C:\Windows.old\Users\Public\Desktop]
14/07/2009  05:08    <JUNCTION>     Documents [.]
14/07/2009  05:08    <JUNCTION>     Favorites [.]
14/07/2009  05:08    <JUNCTION>     Start Menu [.]
14/07/2009  05:08    <JUNCTION>     Templates [.]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\All Users\Application Data\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\All Users\Application Data\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\All Users\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Roaming]
14/07/2009  05:08    <JUNCTION>     Cookies [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009  05:08    <JUNCTION>     Local Settings [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     My Documents [C:\Windows.old\Users\Default\Documents]
14/07/2009  05:08    <JUNCTION>     NetHood [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009  05:08    <JUNCTION>     PrintHood [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009  05:08    <JUNCTION>     Recent [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009  05:08    <JUNCTION>     SendTo [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\AppData\Local
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\AppData\Local\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\AppData\Local\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\AppData\Local\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [.]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [.]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Default\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Default\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\Local Settings
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\Local Settings\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\Local Settings\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\Local Settings\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\Local Settings\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [.]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [.]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default\My Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Default\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Default\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default User
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Roaming]
14/07/2009  05:08    <JUNCTION>     Cookies [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009  05:08    <JUNCTION>     Local Settings [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     My Documents [C:\Windows.old\Users\Default\Documents]
14/07/2009  05:08    <JUNCTION>     NetHood [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009  05:08    <JUNCTION>     PrintHood [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009  05:08    <JUNCTION>     Recent [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009  05:08    <JUNCTION>     SendTo [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009  05:08    <JUNCTION>     Start Menu [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009  05:08    <JUNCTION>     Templates [C:\Windows.old\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default User\AppData\Local
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default User\AppData\Local\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default User\AppData\Local\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default User\AppData\Local\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default User\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [.]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [.]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default User\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Default\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Default\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default User\Local Settings
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default User\Local Settings\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default User\Local Settings\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default User\Local Settings\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [C:\Windows.old\Users\Default\AppData\Local]
14/07/2009  05:08    <JUNCTION>     History [C:\Windows.old\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [.]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default User\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
14/07/2009  05:08    <JUNCTION>     Application Data [.]
14/07/2009  05:08    <JUNCTION>     History [.]
14/07/2009  05:08    <JUNCTION>     Temporary Internet Files [.]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Default User\My Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Default\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Default\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Lorna
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Roaming]
30/05/2012  11:00    <JUNCTION>     Cookies [C:\Windows.old\Users\Lorna\AppData\Roaming\Microsoft\Windows\Cookies]
30/05/2012  11:00    <JUNCTION>     Local Settings [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     My Documents [C:\Windows.old\Users\Lorna\Documents]
30/05/2012  11:00    <JUNCTION>     NetHood [C:\Windows.old\Users\Lorna\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
30/05/2012  11:00    <JUNCTION>     PrintHood [C:\Windows.old\Users\Lorna\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
30/05/2012  11:00    <JUNCTION>     Recent [C:\Windows.old\Users\Lorna\AppData\Roaming\Microsoft\Windows\Recent]
30/05/2012  11:00    <JUNCTION>     SendTo [C:\Windows.old\Users\Lorna\AppData\Roaming\Microsoft\Windows\SendTo]
30/05/2012  11:00    <JUNCTION>     Start Menu [C:\Windows.old\Users\Lorna\AppData\Roaming\Microsoft\Windows\Start Menu]
30/05/2012  11:00    <JUNCTION>     Templates [C:\Windows.old\Users\Lorna\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Lorna\AppData\Local
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Lorna\AppData\Local\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Lorna\AppData\Local\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Lorna\AppData\Local\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Lorna\AppData\Local\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Lorna\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Lorna\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Lorna\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Lorna\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Lorna\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Lorna\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Lorna\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Lorna\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [.]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [.]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Lorna\Local Settings
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Lorna\Local Settings\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Lorna\Local Settings\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Lorna\Local Settings\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Lorna\Local Settings\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Lorna\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Lorna\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Lorna\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Lorna\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Lorna\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Lorna\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Lorna\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [C:\Windows.old\Users\Lorna\AppData\Local]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Lorna\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
30/05/2012  11:00    <JUNCTION>     Application Data [.]
30/05/2012  11:00    <JUNCTION>     History [C:\Windows.old\Users\Lorna\AppData\Local\Microsoft\Windows\History]
30/05/2012  11:00    <JUNCTION>     Temporary Internet Files [.]
               0 File(s)              0 bytes
 Directory of C:\Windows.old\Users\Public\Documents
14/07/2009  05:08    <JUNCTION>     My Music [C:\Windows.old\Users\Public\Music]
14/07/2009  05:08    <JUNCTION>     My Pictures [C:\Windows.old\Users\Public\Pictures]
14/07/2009  05:08    <JUNCTION>     My Videos [C:\Windows.old\Users\Public\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
            1122 Dir(s)  163,665,096,704 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/09/27 07:54:03 | 000,000,221 | -HS- | M] () -- C:\Users\Lorna Samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
[2013/11/19 20:29:39 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Lorna Samsung\Desktop\aswMBR.exe
[2013/11/19 20:29:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lorna Samsung\Desktop\OTL.exe
[2013/11/19 20:29:07 | 000,891,200 | ---- | M] () -- C:\Users\Lorna Samsung\Desktop\SecurityCheck.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Base Services ==========
SRV:64bit: - [2009/07/14 01:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 05:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 01:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/21 03:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/21 03:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 06:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 01:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 01:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 22:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 05:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/09 04:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/21 03:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/21 03:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/21 03:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 06:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 01:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 01:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 01:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 01:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/21 03:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/14 01:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 01:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 01:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 01:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 01:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 17:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 01:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 11:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 06:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 06:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 01:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/21 03:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/21 03:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/21 03:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 06:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/14 01:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/21 03:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/21 03:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/21 03:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/21 03:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/21 03:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/21 03:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 01:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 05:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/21 03:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/21 03:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/21 03:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/21 03:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/21 03:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/21 03:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/21 03:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/21 03:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/21 03:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 01:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 22:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/21 03:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 01:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/21 03:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: SAMSUNG HN-M101MBB
Partitions: 4
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: SanDisk iSSD P4 8GB
Partitions: 1
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 363.00GB
Starting Offset: 105906176
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #2
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 544.00GB
Starting Offset: 389874188288
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #3
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 24.00GB
Starting Offset: 974316896256
Hidden sectors: 0
 
 
DeviceID: Disk #1, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 7.00GB
Starting Offset: 1048576
Hidden sectors: 0
 
 
< End of report >


#63 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 20 November 2013 - 10:12 AM

EXTRAS:

 

OTL Extras logfile created on: 19/11/2013 22:00:15 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lorna Samsung\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
7.92 Gb Total Physical Memory | 5.76 Gb Available Physical Memory | 72.78% Memory free
15.83 Gb Paging File | 13.32 Gb Available in Paging File | 84.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 363.00 Gb Total Space | 153.95 Gb Free Space | 42.41% Space Free | Partition Type: NTFS
Drive D: | 544.30 Gb Total Space | 201.49 Gb Free Space | 37.02% Space Free | Partition Type: NTFS
Drive E: | 1.55 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: LORNASAMSUNG-PC | User Name: Lorna Samsung | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014F380D-E4AC-47B4-A541-6DB15FA8C7C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{251B49CB-F627-4E13-98AA-15ABE6FFAD23}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2FD446C7-06BD-453A-BAF7-4428A055B6B0}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4E1AF69B-219F-486D-AE67-3B66EC9543DA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4FD33713-C043-46D4-80F8-E8EB73449D5B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5396D71E-2000-461F-AD82-D193380E66A4}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6C88783A-8DD3-4842-B2CF-25C72ADABCF4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6E22B314-700B-40C9-AC0D-CADA9E1B04B4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7F545D15-ABF7-4C80-9A9D-A9448194A857}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{80A1C27F-175A-471F-8DCD-925ECA1F7343}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8FE533CB-1189-4FFB-A0E8-CA209373F616}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{982E4EC9-67EF-4FD9-83A6-DE233C5D99EB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9BBD8757-D3FC-4D95-B59E-FEBA5EC7FCF2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ABE50ABE-B0B0-444A-AAEE-554BA6F8B3F8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{B10FD5B1-95B0-45BA-BC12-5F4894A19AFC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B248D292-5939-494F-9904-5471927E52A5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C3639CE7-9CE1-4AAA-B90B-5A59DBC51DF1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C4C0E206-3BFD-4312-8704-8D2AC5211793}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CDD5C40E-55CC-4E3B-9404-FDD3D0B19286}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DB11D742-93B9-4C35-B7A1-EA20DE0FFF5E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DE107D96-A043-4734-A39C-AAE1AD8FD234}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E61D6FB7-F970-4564-B554-4E7B6AD0BBDE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F022EB6B-183C-49A4-A2C2-A821B4253AC2}" = lport=139 | protocol=6 | dir=in | app=system | 
"{FC47B603-EE3C-41A0-BF4A-5F4AA55A2BB7}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1329F1E9-AEFA-469D-BFB8-28B0DD29382A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2A9D5A7B-46BB-4DAB-8ABF-64DBF9854487}" = dir=in | app=c:\program files (x86)\winzip driver updater\winzipdu.exe | 
"{2E07F553-8D83-4E35-9A22-5A21769DE935}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{31CD2C5C-378A-4FCB-9CC4-EB34F1404375}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3A5D7720-7DAD-4A00-9701-4E8C86DD070F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3B55D23B-9C83-4DC7-9B77-8D8DE02183D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{42E99936-2978-4C09-84E6-9C70A9A133E5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{46C6EC3B-3FCF-46B0-9212-66D64278CD72}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4AF3ECC3-7E79-4099-8F22-D3662E54F5A5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{546421A7-6E7B-4343-B53D-EE7F9D6AF3B8}" = dir=in | app=c:\program files (x86)\cyberlink\media+player10\media+player10.exe | 
"{561BB0E8-2FAC-4E89-A720-FB2C8DED4FEC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | 
"{5904C085-C2E0-47A7-999E-576044C978CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5FC8C8F9-9381-4D2F-A1F9-2BE5DAD8106D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6E4E41C9-3DA8-4E1C-93C5-E9C56F78E438}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{71FDC1E2-1A51-414C-B39B-ACB2E8308320}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9BD7595E-E450-4835-95EF-91A1F98ABC46}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A7123196-B8A6-4A4B-8038-B01C801B53FC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BE9B0DC8-316C-430D-A656-A50EC4137DF5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CC8C2282-B992-45DD-BF1A-4E2B70F42FC9}" = protocol=6 | dir=out | app=system | 
"{D8B13BA5-D89F-4E0E-9027-32D863CAF01F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DFA724DC-44A0-4081-B159-F729198B126C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{ED59D069-BE51-45E6-8D1D-3472274452BF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{FC7C24F7-2E53-471A-965D-E081CA4DDA9E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FF4163E9-586D-428F-B35F-4DDD707BB7ED}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_Pro9000_II_series" = Canon Pro9000 II series Printer Driver
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit)
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8837619E-D8DE-3071-E53D-4AAF1DBC67E7}" = ATI Catalyst Install Manager
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9DAE630A-44A2-4502-B237-5528D70B8331}" = Photo & Graphic Designer 2013 Update
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AFD40C89-0005-5F82-9232-828DACD6B70E}" = ccc-utility64
"{C8CB7BC4-FC14-4C3A-961F-4F447F217EF6}" = Xara Photo & Graphic Designer 2013
"{D0BE8477-6206-4588-8148-971EDAB6BBAD}" = Serif CraftArtist 2 Professional
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F9EB0DDE-931C-4E89-96B2-DE8286EDFA6C}" = ExpressCache
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 10.0.7.3_WHQL
"GIMP-2_is1" = GIMP 2.8.6
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR 5.00 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0547E5B9-85A1-23A9-308F-1A5A78882725}" = CCC Help Spanish
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Settings
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{23BD1FC0-2A71-8021-DAE0-1BB36C523CF3}" = CCC Help Russian
"{3016435A-57AA-0A6F-EAC4-C72F4AF3D71B}" = CCC Help Korean
"{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"{361BA4FE-4D7F-7B8C-533A-A9B7CDA8506A}" = CCC Help Thai
"{371C9583-5174-4CF8-B10D-D4C3AA7E8CD0}" = Serif PagePlus X5
"{394DB19F-13E3-2127-6DB2-F6B57E5C0C1F}" = CCC Help English
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41564952-412D-5637-00A7-A758B70C0600}" = Avira SearchFree Toolbar
"{45422674-E9A8-8DC7-6916-5865CD729F92}" = CCC Help French
"{4A1A53B4-8FCF-C76E-7E34-6DECC64180EC}" = CCC Help Turkish
"{5756BD0B-A2DA-0FB6-0CDD-A06B85C4508D}" = CCC Help Dutch
"{5873A825-B706-B72B-18A5-BE5A86089E93}" = CCC Help Swedish
"{623E46D0-7B0B-499E-B345-6305D7F0CD3C}" = Catalyst Control Center - Branding
"{62517B2B-2343-7B72-02FF-3A671861F391}" = CCC Help Hungarian
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A3758AD-AEA0-4142-A59A-45FED893BF33}" = CCC Help Finnish
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{84C7C5AA-9FC4-423D-FB0B-612F4FCF6BFE}" = CCC Help Polish
"{85B824C6-9303-DDAB-8803-4CD66E892F3F}" = CCC Help Italian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90A4A506-22F4-91A0-7138-52D1FDD67457}" = PX Profile Update
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5457401-D56A-43F2-9524-78E54A7FC07A}" = SlimDrivers
"{A6586499-5992-EC1F-4612-809672B38279}" = Catalyst Control Center InstallProxy
"{A81FE81F-1486-C402-7FC0-DAEF6B854615}" = CCC Help Chinese Traditional
"{A836FDC8-1C88-7C43-7340-0C5954FD370F}" = CCC Help Czech
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AC79D44D-60F1-3314-C5CD-C2535D6477EF}" = Catalyst Control Center Profiles Mobile
"{B4F54C5E-E729-5324-8AFB-FDE4DC4E40B8}" = CCC Help Japanese
"{B89493F5-63A9-3A98-30A3-F59836E558E2}" = CCC Help Greek
"{BE7AFAA2-34B9-A5BB-2394-86460EC750F9}" = Catalyst Control Center
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE69471C-B336-12C2-C9FA-81D47D3EC233}" = CCC Help German
"{D3C9C909-0C8A-1C54-D5EF-097C76ACBE23}" = CCC Help Portuguese
"{E0D7F327-8431-0E69-5C37-411A2D8D1364}" = CCC Help Danish
"{E2B31B67-9795-4EF9-9AC6-B683E7B11BE6}_is1" = FotoFusion version 5.0
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{ED1257B7-455E-BA94-850A-E4FD5FCDB87D}" = CCC Help Norwegian
"{F0388E41-24EC-BE31-BE65-17562D201F3E}" = CCC Help Chinese Standard
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5DEDE3D-574D-452E-8C8E-242293A50575}" = CameraBag 2
"{F9736D7B-150F-AC89-D904-A57E4DF916E2}" = Catalyst Control Center Localization All
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Antivirus Premium
"DAZ 3D Install Manager 1 1.0.1.86" = DAZ 3D Install Manager 1
"DAZ Content Management Service 4.8.1.7" = DAZ Content Management Service
"DAZ Studio 4.6 (64bit) 4.6.0.18" = DAZ Studio 4.6 (64bit)
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"MAGIX_{C8CB7BC4-FC14-4C3A-961F-4F447F217EF6}" = Xara Photo & Graphic Designer 2013
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PhotoStudio_4281508C_4DA1_4d4e_81EB_725D55EC30DC_is1" = Systweak PhotoStudio 2.1
"Samsung SCX-4100 Series" = Samsung SCX-4100 Series
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dashlane" = Dashlane
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21/10/2013 17:35:35 | Computer Name = LornaSamsung-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SmartSetting.exe, version: 2.3.1.7, time
 stamp: 0x4e65da0e  Faulting module name: SmartSetting.exe, version: 2.3.1.7, time
 stamp: 0x4e65da0e  Exception code: 0xc0000409  Fault offset: 0x000044ab  Faulting process
 id: 0xe2c  Faulting application start time: 0x01cece9797049003  Faulting application
 path: C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe  Faulting module
 path: C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe  Report Id: b7dc7ad0-3a98-11e3-b290-e8039a200c6a
 
Error - 22/10/2013 06:20:31 | Computer Name = LornaSamsung-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Lorna Samsung\Downloads\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 22/10/2013 06:26:12 | Computer Name = LornaSamsung-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "F:\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 22/10/2013 15:37:56 | Computer Name = LornaSamsung-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01/11/2013 18:03:35 | Computer Name = LornaSamsung-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01/11/2013 18:33:14 | Computer Name = LornaSamsung-PC | Source = Microsoft-Windows-Backup | ID = 517
Description = The backup operation that started at '2013-11-01T22:11:28.553066600Z'
 has failed with following error code '2155348315' (%%2155348315). Please review
 the event details for a solution, and then rerun the backup operation once the 
issue is resolved.
 
Error - 03/11/2013 09:51:28 | Computer Name = LornaSamsung-PC | Source = Windows Backup | ID = 4104
Description = 
 
Error - 03/11/2013 10:08:51 | Computer Name = LornaSamsung-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07/11/2013 16:01:00 | Computer Name = LornaSamsung-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 19/11/2013 16:48:51 | Computer Name = LornaSamsung-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 03/11/2013 10:06:27 | Computer Name = LornaSamsung-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 14:03:56 on ?03/?11/?2013 was unexpected.
 
Error - 03/11/2013 10:06:30 | Computer Name = LornaSamsung-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error:   %%20
 
Error - 03/11/2013 10:15:40 | Computer Name = LornaSamsung-PC | Source = bowser | ID = 8003
Description = 
 
Error - 03/11/2013 10:27:37 | Computer Name = LornaSamsung-PC | Source = bowser | ID = 8003
Description = 
 
Error - 03/11/2013 10:39:39 | Computer Name = LornaSamsung-PC | Source = bowser | ID = 8003
Description = 
 
Error - 03/11/2013 11:15:40 | Computer Name = LornaSamsung-PC | Source = bowser | ID = 8003
Description = 
 
Error - 07/11/2013 15:59:19 | Computer Name = LornaSamsung-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 19:49:54 on ?07/?11/?2013 was unexpected.
 
Error - 07/11/2013 15:59:25 | Computer Name = LornaSamsung-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error:   %%20
 
Error - 19/11/2013 16:47:13 | Computer Name = LornaSamsung-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 20:37:10 on ?19/?11/?2013 was unexpected.
 
Error - 19/11/2013 16:47:18 | Computer Name = LornaSamsung-PC | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error:   %%20
 
 
< End of report >


#64 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 20 November 2013 - 11:22 PM

Hi fellfromgrace,

bullseye_zpse9eaf36e.gif Run OTL.exe
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    PRC - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)
    PRC - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
    O2:64bit: - BHO: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
    O2 - BHO: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
    O3:64bit: - HKLM\..\Toolbar: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
    O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
    O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
    
    :Commands
    [purity]
    [createrestorepoint]
    [emptyjava]
    [emptyflash]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
=========================

In your next post please provide the following:
  • OTL.txt
  • What symptoms are you experiencing?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#65 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 22 November 2013 - 04:43 PM

Hi, sorry for the delay, I have a short exhibition running until tomorrow so have been a bit busy. 

 

I can't run the fix on OTL. I wasn't sure if you meant to check or uncheck LOP and Purity for the fix, or if this was just for the clean up, but either way (and I tried both) it says Proessing 03,,, at the bottom but never gets any further ... I get the blue spinning circle and eventually I get not responding and have to close it.

 

This is basically the problem anyway. Programs will hang, spinning blue circle, fade out and eventually I'll get 'not responding' and I have to close the program OR restart the PC

 

It is VERY slow to boot up, IF I can do it .. today I got the black screen for so long I had to switch off and on again ... then I got a message about abandoning resume info as the resume had failed, and to reboot (or something similar)



#66 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 22 November 2013 - 05:00 PM

Hi fellfromgrace ,

Do you have a second copy of Windows installed on the laptop (an older copy)?

=========================

bullseye_zpse9eaf36e.gif Reboot in Safe Mode using the F8 Method:
  • Restart your computer.
  • When the computer starts you will see your computer's hardware being listed. When you see this information start to gently tap the F8 key repeatedly until you are presented with the Windows 7 Advanced Boot Options.
  • Select the Safe Mode with Networking option using the arrow keys.
  • Then press the enter key on your keyboard to boot into Windows 7 Safe Mode.
  • When Windows starts you will be at a typical logon screen. Logon to your computer and Windows 7 will enter Safe mode.
  • =========================

    bullseye_zpse9eaf36e.gif Run OTL.exe
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    PRC - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)
    PRC - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
    O2:64bit: - BHO: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
    O2 - BHO: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
    O3:64bit: - HKLM\..\Toolbar: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
    O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
    O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
    
    :Commands
    [purity]
    [createrestorepoint]
    [emptyjava]
    [emptyflash]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
  • =========================

    In your next post please provide the following:
  • OTL.txt


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#67 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 22 November 2013 - 06:32 PM

hi, yes, I teloaded windows to try and solve the problem, so the old Windows directory is still there, although could prob be deleted now.
when I run the fix do I check LOP and purity and uncheck for the cleanup? Will run this tomorrow when exhibition finished ... Thanks

#68 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 23 November 2013 - 12:45 AM

Hi fellfromgrace,

 

When you run the OTL fix script you do not need to worry about the LOP & Purity boxes.

 

 


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#69 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 25 November 2013 - 10:58 AM

Sorry for delay, exhausted after exhibition and then a very sick cat! Here's the OTL rpeort after dong the above:
 
 
OTL logfile created on: 25/11/2013 16:49:41 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lorna Samsung\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
7.92 Gb Total Physical Memory | 5.41 Gb Available Physical Memory | 68.38% Memory free
15.83 Gb Paging File | 13.08 Gb Available in Paging File | 82.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 363.00 Gb Total Space | 160.39 Gb Free Space | 44.18% Space Free | Partition Type: NTFS
Drive D: | 544.30 Gb Total Space | 200.69 Gb Free Space | 36.87% Space Free | Partition Type: NTFS
Drive E: | 1.55 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: LORNASAMSUNG-PC | User Name: Lorna Samsung | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\2.2.6.50689\Updates\Dashlane_Installer-2.3.0.50373.exe (Dashlane inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\Dashlane.exe ()
PRC - C:\Users\Lorna Samsung\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe (SlimWare Utilities, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
PRC - C:\Program Files (x86)\SAMSUNG\Easy Settings\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\SAMSUNG\Easy Settings\SmartSetting.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\SAMSUNG\Easy Settings\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\SAMSUNG\Easy Settings\EasySpeedUpManager.exe (Samsung Electronics)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\SAMSUNG\Samsung Recovery Solution 5\WCScheduler.exe (SEC)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\Dashlane.exe ()
MOD - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\2.2.6.50689\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.2.2.6.50689.dll ()
MOD - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\2.2.6.50689\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.2.2.6.50689.dll ()
MOD - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\2.2.6.50689\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.2.2.6.50689.dll ()
MOD - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\2.2.6.50689\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.2.2.6.50689.dll ()
MOD - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\2.2.6.50689\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.2.2.6.50689.dll ()
MOD - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\2.2.6.50689\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_NPAPI_exports.2.2.6.50689.dll ()
MOD - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\2.2.6.50689\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.2.2.6.50689.dll ()
MOD - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\2.2.6.50689\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.2.2.6.50689.dll ()
MOD - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\2.2.6.50689\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.2.2.6.50689.dll ()
MOD - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\2.2.6.50689\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.2.2.6.50689.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\SAMSUNG\Easy Settings\WinCRT.dll ()
MOD - C:\Program Files (x86)\SAMSUNG\Samsung Recovery Solution 5\Resdll.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\SAMSUNG\Easy Settings\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (ExpressCache) -- C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Diskeeper Corporation)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (DAZContentManagementService) -- C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (APNMCP) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (excsd) -- C:\Windows\SysNative\drivers\excsd.sys (Diskeeper Corporation)
DRV:64bit: - (excfs) -- C:\Windows\SysNative\drivers\excfs.sys (Diskeeper Corporation)
DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (acpials) -- C:\Windows\SysNative\drivers\acpials.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.facebook.com/http://ww [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 66 1A 89 0A BF BB CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - Extension: Avira SearchFree Toolbar plus Web Protection = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\25.62074_0\
CHR - Extension: Google Translate = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0\
CHR - Extension: Google Docs = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
CHR - Extension: Google Search = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Disconnect = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.10.0_0\
CHR - Extension: Window Close Protector = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnpifgapnmpninomacbhdlconlpikdai\2.2_0\
CHR - Extension: Dashlane = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjojgglmmcghgaiknnpgjgldgaocjfd\2.2.6.50689_0\
CHR - Extension: Dashlane = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjojgglmmcghgaiknnpgjgldgaocjfd\2.2.6.50689_0\.orig
CHR - Extension: Google Wallet = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.3_0\
CHR - Extension: Short URL = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\obbdcmhkndhionekooeeiilbicfdkhml\1.0_0\
CHR - Extension: Instagram for Chrome = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\5.1.1_0\
CHR - Extension: Instagram for Chrome = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\5.1.1_1\
CHR - Extension: Instagram for Chrome = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\5.1.2_0\
CHR - Extension: Instagram for Chrome = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\5.1_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.3_0\
CHR - Extension: Gmail = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Dashlane BHO) - {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\ie\Dashlanei.dll (Dashlane)
O3 - HKLM\..\Toolbar: (Dashlane Toolbar) - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\ie\KWIEBar.dll (Dashlane)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Dashlane] C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\Dashlane.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50A13F53-EC63-441F-A34A-E6DCCFCAC1FC}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk C:\
O32 - AutoRun File - [2012/12/12 17:13:16 | 000,000,000 | ---D | M] - D:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/08/13 21:01:17 | 000,000,072 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2008/07/08 11:04:00 | 000,189,808 | R--- | M] (Adobe Systems Incorporated) - E:\Autoplay.exe -- [ CDFS ]
O32 - AutoRun File - [2009/10/28 14:38:28 | 000,000,000 | ---D | M] - E:\Autoplay -- [ CDFS ]
O33 - MountPoints2\{ff947352-2751-11e3-a46d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ff947352-2751-11e3-a46d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autoplay.exe -- [2008/07/08 11:04:00 | 000,189,808 | R--- | M] (Adobe Systems Incorporated)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/22 22:11:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/20 09:39:13 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013/11/20 09:37:23 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/11/20 09:37:22 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/20 09:37:20 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/11/20 09:37:20 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/11/20 09:37:20 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/20 09:37:19 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/20 09:37:19 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/11/20 09:37:18 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/20 09:37:18 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/11/20 09:37:18 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/20 09:37:18 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/11/20 09:37:18 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/20 09:37:18 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/11/20 09:37:18 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/20 09:37:18 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/11/20 09:37:18 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/11/20 09:37:18 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/11/20 09:37:18 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/11/20 09:37:18 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/20 09:37:18 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/11/20 09:37:18 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/11/20 09:37:18 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/11/20 09:37:18 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/11/20 09:37:18 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/11/20 09:37:18 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013/11/20 09:37:18 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/20 09:37:18 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/11/20 09:37:18 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013/11/20 09:37:18 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/20 09:37:18 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/20 09:37:18 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/11/20 09:37:18 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/11/20 09:37:17 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/11/20 09:37:17 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/20 09:37:17 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/11/20 09:37:17 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/20 09:37:17 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/20 09:37:17 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/11/20 09:37:17 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/11/20 09:37:16 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/20 09:37:16 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/20 09:37:16 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/20 09:37:16 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/11/20 09:37:16 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/11/20 09:37:16 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/20 09:37:16 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/11/20 09:37:16 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/11/20 09:37:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/11/20 09:37:16 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/20 09:37:16 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/11/20 09:37:15 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/11/20 09:37:15 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/20 09:37:15 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/11/20 09:37:15 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/11/20 09:37:15 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/11/20 09:37:15 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/11/20 09:37:15 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/20 09:37:15 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/20 09:37:15 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/11/20 09:37:15 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/20 09:37:15 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/20 09:37:14 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/20 09:37:14 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/20 09:37:14 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/20 09:37:14 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/20 09:37:14 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/11/20 09:37:14 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/11/20 09:37:14 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/11/20 09:37:14 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/20 09:37:14 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/11/20 09:37:14 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/11/20 09:37:14 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/11/20 09:37:14 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/11/20 09:37:14 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013/11/20 09:37:14 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/11/20 09:37:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/11/20 09:37:14 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/11/20 09:37:14 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/11/20 09:37:14 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/11/20 09:37:14 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/11/19 20:52:11 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Lorna Samsung\Desktop\aswMBR.exe
[2013/11/19 20:52:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lorna Samsung\Desktop\OTL.exe
[2013/11/16 16:33:01 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/11/16 16:32:26 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/11/16 16:32:26 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/11/16 16:32:26 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2013/11/16 16:32:26 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2013/11/16 16:32:26 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/16 16:32:10 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/11/16 16:32:10 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/11/16 16:32:10 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013/11/16 16:32:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013/11/16 16:32:10 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013/11/16 16:31:45 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/11/16 16:31:29 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013/11/16 16:31:29 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013/11/16 16:31:29 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/11/16 16:31:29 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/25 16:51:52 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/25 16:51:52 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/25 16:51:52 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/25 16:48:57 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013/11/25 16:46:03 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/11/25 16:46:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/25 16:45:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/25 16:45:45 | 4204,314,623 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/25 16:34:07 | 000,132,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/11/25 16:34:07 | 000,106,904 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/11/25 16:32:49 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/25 16:32:44 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/22 22:15:18 | 000,001,942 | ---- | M] () -- C:\Users\Lorna Samsung\Desktop\Dashlane.lnk
[2013/11/22 21:54:09 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/22 21:54:09 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/22 21:42:29 | 000,000,000 | -HS- | M] () -- C:\DkHyperbootSync
[2013/11/20 09:44:11 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/20 09:37:23 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/20 09:37:23 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/11/20 09:37:20 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/11/20 09:37:20 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/11/20 09:37:20 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/20 09:37:19 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/20 09:37:19 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/11/20 09:37:18 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/20 09:37:18 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/11/20 09:37:18 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/20 09:37:18 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/11/20 09:37:18 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/20 09:37:18 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/11/20 09:37:18 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/20 09:37:18 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/11/20 09:37:18 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/11/20 09:37:18 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/11/20 09:37:18 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/11/20 09:37:18 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/20 09:37:18 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/11/20 09:37:18 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/11/20 09:37:18 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/11/20 09:37:18 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/11/20 09:37:18 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/11/20 09:37:18 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013/11/20 09:37:18 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/20 09:37:18 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/11/20 09:37:18 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013/11/20 09:37:18 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/20 09:37:18 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/20 09:37:18 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/11/20 09:37:18 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/20 09:37:18 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/11/20 09:37:17 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/11/20 09:37:17 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/20 09:37:17 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/11/20 09:37:17 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/20 09:37:17 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/20 09:37:17 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/11/20 09:37:17 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/11/20 09:37:16 | 005,765,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/20 09:37:16 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/20 09:37:16 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/20 09:37:16 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/11/20 09:37:16 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/11/20 09:37:16 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/20 09:37:16 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/11/20 09:37:16 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/11/20 09:37:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/11/20 09:37:16 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/20 09:37:16 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/11/20 09:37:15 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/11/20 09:37:15 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/20 09:37:15 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/11/20 09:37:15 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/11/20 09:37:15 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/11/20 09:37:15 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/11/20 09:37:15 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/20 09:37:15 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/20 09:37:15 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/11/20 09:37:15 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/20 09:37:15 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/20 09:37:15 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/20 09:37:14 | 001,993,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/20 09:37:14 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/20 09:37:14 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/20 09:37:14 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/20 09:37:14 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/11/20 09:37:14 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/11/20 09:37:14 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/11/20 09:37:14 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/20 09:37:14 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/11/20 09:37:14 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/11/20 09:37:14 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/11/20 09:37:14 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/11/20 09:37:14 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013/11/20 09:37:14 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/11/20 09:37:14 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/11/20 09:37:14 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/11/20 09:37:14 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/11/20 09:37:14 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/11/20 09:37:14 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/11/20 09:35:54 | 000,000,580 | ---- | M] () -- C:\Users\Lorna Samsung\Desktop\MBR.zip
[2013/11/19 21:55:00 | 000,000,512 | ---- | M] () -- C:\Users\Lorna Samsung\Desktop\MBR.dat
[2013/11/19 20:29:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lorna Samsung\Desktop\OTL.exe
[2013/11/19 20:29:39 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Lorna Samsung\Desktop\aswMBR.exe
[2013/11/19 20:29:07 | 000,891,200 | ---- | M] () -- C:\Users\Lorna Samsung\Desktop\SecurityCheck.exe
 
========== Files Created - No Company Name ==========
 
[2013/11/22 21:42:29 | 000,000,000 | -HS- | C] () -- C:\DkHyperbootSync
[2013/11/20 09:37:18 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/20 09:37:15 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/20 09:35:54 | 000,000,580 | ---- | C] () -- C:\Users\Lorna Samsung\Desktop\MBR.zip
[2013/11/19 21:55:00 | 000,000,512 | ---- | C] () -- C:\Users\Lorna Samsung\Desktop\MBR.dat
[2013/11/19 20:52:17 | 000,891,200 | ---- | C] () -- C:\Users\Lorna Samsung\Desktop\SecurityCheck.exe
[2013/10/15 22:12:44 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/10/15 22:12:34 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2013/10/15 22:12:34 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2013/10/14 14:52:09 | 000,003,283 | ---- | C] () -- C:\Users\Lorna Samsung\AppData\Local\recently-used.xbel
[2013/10/13 22:48:03 | 000,007,605 | ---- | C] () -- C:\Users\Lorna Samsung\AppData\Local\Resmon.ResmonCfg
[2013/09/27 08:51:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/09/27 08:23:00 | 000,002,318 | ---- | C] () -- C:\Windows\HotFixList.ini
[2013/09/27 08:11:15 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2013/09/27 08:10:05 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2013/09/27 08:10:05 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2013/09/27 08:10:05 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2013/09/27 08:10:05 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/07/16 11:23:58 | 000,335,872 | ---- | C] () -- C:\Windows\SetupX32.EXE
[2012/04/20 12:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >


#70 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 25 November 2013 - 04:42 PM

Hi fellfromgrace,

bullseye_zpse9eaf36e.gif Run OTL.exe
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    
    :Commands
    [purity]
    [createrestorepoint]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
=========================

In your next post please provide the following:
  • OTL fix log
  • How's the computer running, any symptoms?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#71 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 26 November 2013 - 04:59 AM

OK. First thing is that Firefox has now disappeared completely! So am using Chrome, I don't use IE at all; should I?

Secondly is that things seem much improved now, I have run Daz and a few little glitches happened but I think that might have been normal fOTL logfile created on: 26/11/2013 10:34:22 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lorna Samsung\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
7.92 Gb Total Physical Memory | 6.12 Gb Available Physical Memory | 77.26% Memory free
15.83 Gb Paging File | 13.68 Gb Available in Paging File | 86.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 363.00 Gb Total Space | 158.87 Gb Free Space | 43.77% Space Free | Partition Type: NTFS
Drive D: | 544.30 Gb Total Space | 200.69 Gb Free Space | 36.87% Space Free | Partition Type: NTFS
Drive E: | 1.55 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: LORNASAMSUNG-PC | User Name: Lorna Samsung | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\Dashlane.exe ()
PRC - C:\Users\Lorna Samsung\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe (SlimWare Utilities, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
PRC - C:\Program Files (x86)\SAMSUNG\Easy Settings\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\SAMSUNG\Easy Settings\SmartSetting.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\SAMSUNG\Easy Settings\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\SAMSUNG\Easy Settings\EasySpeedUpManager.exe (Samsung Electronics)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\SAMSUNG\Samsung Recovery Solution 5\WCScheduler.exe (SEC)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\Dashlane.exe ()
MOD - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\2.3.0.50373\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.2.3.0.50373.dll ()
MOD - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\2.3.0.50373\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.2.3.0.50373.dll ()
MOD - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\2.3.0.50373\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.2.3.0.50373.dll ()
MOD - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\2.3.0.50373\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.2.3.0.50373.dll ()
MOD - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\2.3.0.50373\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.2.3.0.50373.dll ()
MOD - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\2.3.0.50373\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.2.3.0.50373.dll ()
MOD - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\2.3.0.50373\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.2.3.0.50373.dll ()
MOD - C:\Program Files (x86)\SAMSUNG\Easy Settings\WinCRT.dll ()
MOD - C:\Program Files (x86)\SAMSUNG\Samsung Recovery Solution 5\Resdll.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\SAMSUNG\Easy Settings\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (ExpressCache) -- C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Diskeeper Corporation)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (DAZContentManagementService) -- C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (APNMCP) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (excsd) -- C:\Windows\SysNative\drivers\excsd.sys (Diskeeper Corporation)
DRV:64bit: - (excfs) -- C:\Windows\SysNative\drivers\excfs.sys (Diskeeper Corporation)
DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (acpials) -- C:\Windows\SysNative\drivers\acpials.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.facebook.com/http://ww [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 66 1A 89 0A BF BB CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - Extension: Avira SearchFree Toolbar plus Web Protection = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\25.62074_0\
CHR - Extension: Google Translate = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0\
CHR - Extension: Google Docs = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
CHR - Extension: Google Search = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Disconnect = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.10.0_0\
CHR - Extension: Window Close Protector = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnpifgapnmpninomacbhdlconlpikdai\2.2_0\
CHR - Extension: Dashlane = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjojgglmmcghgaiknnpgjgldgaocjfd\2.2.6.50689_0\
CHR - Extension: Dashlane = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjojgglmmcghgaiknnpgjgldgaocjfd\2.2.6.50689_0\.orig
CHR - Extension: Dashlane = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjojgglmmcghgaiknnpgjgldgaocjfd\2.3.0.50373_0\
CHR - Extension: Dashlane = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjojgglmmcghgaiknnpgjgldgaocjfd\2.3.0.50373_0\.orig
CHR - Extension: Google Wallet = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.3_0\
CHR - Extension: Short URL = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\obbdcmhkndhionekooeeiilbicfdkhml\1.0_0\
CHR - Extension: Instagram for Chrome = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\5.1.1_0\
CHR - Extension: Instagram for Chrome = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\5.1.1_1\
CHR - Extension: Instagram for Chrome = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\5.1.2_0\
CHR - Extension: Instagram for Chrome = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\5.1.4_0\
CHR - Extension: Instagram for Chrome = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\5.1_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.3_0\
CHR - Extension: Gmail = C:\Users\Lorna Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Dashlane BHO) - {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\ie\Dashlanei.dll (Dashlane)
O3 - HKLM\..\Toolbar: (Dashlane Toolbar) - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\ie\KWIEBar.dll (Dashlane)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Dashlane] C:\Users\Lorna Samsung\AppData\Roaming\Dashlane\Dashlane.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50A13F53-EC63-441F-A34A-E6DCCFCAC1FC}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk C:\
O32 - AutoRun File - [2012/12/12 17:13:16 | 000,000,000 | ---D | M] - D:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/08/13 21:01:17 | 000,000,072 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2008/07/08 11:04:00 | 000,189,808 | R--- | M] (Adobe Systems Incorporated) - E:\Autoplay.exe -- [ CDFS ]
O32 - AutoRun File - [2009/10/28 14:38:28 | 000,000,000 | ---D | M] - E:\Autoplay -- [ CDFS ]
O33 - MountPoints2\{ff947352-2751-11e3-a46d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ff947352-2751-11e3-a46d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autoplay.exe -- [2008/07/08 11:04:00 | 000,189,808 | R--- | M] (Adobe Systems Incorporated)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/22 22:11:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/20 09:39:13 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013/11/20 09:37:23 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/11/20 09:37:22 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/20 09:37:20 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/11/20 09:37:20 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/11/20 09:37:20 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/20 09:37:19 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/20 09:37:19 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/11/20 09:37:18 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/20 09:37:18 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/11/20 09:37:18 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/20 09:37:18 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/11/20 09:37:18 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/20 09:37:18 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/11/20 09:37:18 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/20 09:37:18 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/11/20 09:37:18 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/11/20 09:37:18 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/11/20 09:37:18 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/11/20 09:37:18 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/20 09:37:18 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/11/20 09:37:18 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/11/20 09:37:18 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/11/20 09:37:18 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/11/20 09:37:18 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/11/20 09:37:18 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013/11/20 09:37:18 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/20 09:37:18 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/11/20 09:37:18 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013/11/20 09:37:18 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/20 09:37:18 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/20 09:37:18 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/11/20 09:37:18 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/11/20 09:37:17 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/11/20 09:37:17 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/20 09:37:17 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/11/20 09:37:17 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/20 09:37:17 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/20 09:37:17 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/11/20 09:37:17 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/11/20 09:37:16 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/20 09:37:16 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/20 09:37:16 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/20 09:37:16 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/11/20 09:37:16 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/11/20 09:37:16 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/20 09:37:16 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/11/20 09:37:16 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/11/20 09:37:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/11/20 09:37:16 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/20 09:37:16 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/11/20 09:37:15 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/11/20 09:37:15 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/20 09:37:15 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/11/20 09:37:15 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/11/20 09:37:15 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/11/20 09:37:15 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/11/20 09:37:15 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/20 09:37:15 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/20 09:37:15 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/11/20 09:37:15 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/20 09:37:15 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/20 09:37:14 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/20 09:37:14 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/20 09:37:14 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/20 09:37:14 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/20 09:37:14 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/11/20 09:37:14 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/11/20 09:37:14 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/11/20 09:37:14 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/20 09:37:14 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/11/20 09:37:14 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/11/20 09:37:14 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/11/20 09:37:14 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/11/20 09:37:14 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013/11/20 09:37:14 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/11/20 09:37:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/11/20 09:37:14 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/11/20 09:37:14 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/11/20 09:37:14 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/11/20 09:37:14 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/11/19 20:52:11 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Lorna Samsung\Desktop\aswMBR.exe
[2013/11/19 20:52:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lorna Samsung\Desktop\OTL.exe
[2013/11/16 16:33:01 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/11/16 16:32:26 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/11/16 16:32:26 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/11/16 16:32:26 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2013/11/16 16:32:26 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2013/11/16 16:32:26 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/16 16:32:10 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/11/16 16:32:10 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/11/16 16:32:10 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013/11/16 16:32:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013/11/16 16:32:10 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013/11/16 16:31:45 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/11/16 16:31:29 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013/11/16 16:31:29 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013/11/16 16:31:29 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/11/16 16:31:29 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/26 10:02:29 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/26 10:02:29 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/26 10:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/26 10:01:32 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/26 10:01:32 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/26 10:01:32 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/26 09:57:06 | 000,001,942 | ---- | M] () -- C:\Users\Lorna Samsung\Desktop\Dashlane.lnk
[2013/11/26 09:56:25 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013/11/26 09:56:12 | 000,016,152 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/11/26 09:56:12 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/26 09:54:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/26 09:54:18 | 4204,314,623 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/26 09:50:35 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/25 16:34:07 | 000,132,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/11/25 16:34:07 | 000,106,904 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/11/20 09:44:11 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/20 09:37:23 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/20 09:37:23 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/11/20 09:37:20 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/11/20 09:37:20 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/11/20 09:37:20 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/20 09:37:19 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/20 09:37:19 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/11/20 09:37:18 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/20 09:37:18 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/11/20 09:37:18 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/20 09:37:18 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/11/20 09:37:18 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/20 09:37:18 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/11/20 09:37:18 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/20 09:37:18 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/11/20 09:37:18 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/11/20 09:37:18 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/11/20 09:37:18 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/11/20 09:37:18 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/20 09:37:18 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/11/20 09:37:18 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/11/20 09:37:18 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/11/20 09:37:18 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/11/20 09:37:18 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/11/20 09:37:18 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013/11/20 09:37:18 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/20 09:37:18 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/11/20 09:37:18 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013/11/20 09:37:18 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/20 09:37:18 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/20 09:37:18 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/11/20 09:37:18 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/20 09:37:18 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/11/20 09:37:17 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/11/20 09:37:17 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/20 09:37:17 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/11/20 09:37:17 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/20 09:37:17 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/20 09:37:17 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/11/20 09:37:17 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/11/20 09:37:16 | 005,765,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/20 09:37:16 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/20 09:37:16 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/20 09:37:16 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/11/20 09:37:16 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/11/20 09:37:16 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/20 09:37:16 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/11/20 09:37:16 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/11/20 09:37:16 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/11/20 09:37:16 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/20 09:37:16 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/11/20 09:37:15 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/11/20 09:37:15 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/20 09:37:15 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/11/20 09:37:15 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/11/20 09:37:15 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/11/20 09:37:15 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/11/20 09:37:15 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/20 09:37:15 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/20 09:37:15 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/11/20 09:37:15 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/20 09:37:15 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/20 09:37:15 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/20 09:37:14 | 001,993,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/20 09:37:14 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/20 09:37:14 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/20 09:37:14 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/20 09:37:14 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/11/20 09:37:14 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/11/20 09:37:14 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/11/20 09:37:14 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/20 09:37:14 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/11/20 09:37:14 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/11/20 09:37:14 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/11/20 09:37:14 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/11/20 09:37:14 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013/11/20 09:37:14 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/11/20 09:37:14 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/11/20 09:37:14 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/11/20 09:37:14 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/11/20 09:37:14 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/11/20 09:37:14 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/11/20 09:35:54 | 000,000,580 | ---- | M] () -- C:\Users\Lorna Samsung\Desktop\MBR.zip
[2013/11/19 21:55:00 | 000,000,512 | ---- | M] () -- C:\Users\Lorna Samsung\Desktop\MBR.dat
[2013/11/19 20:29:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lorna Samsung\Desktop\OTL.exe
[2013/11/19 20:29:39 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Lorna Samsung\Desktop\aswMBR.exe
[2013/11/19 20:29:07 | 000,891,200 | ---- | M] () -- C:\Users\Lorna Samsung\Desktop\SecurityCheck.exe
 
========== Files Created - No Company Name ==========
 
[2013/11/20 09:37:18 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/20 09:37:15 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/20 09:35:54 | 000,000,580 | ---- | C] () -- C:\Users\Lorna Samsung\Desktop\MBR.zip
[2013/11/19 21:55:00 | 000,000,512 | ---- | C] () -- C:\Users\Lorna Samsung\Desktop\MBR.dat
[2013/11/19 20:52:17 | 000,891,200 | ---- | C] () -- C:\Users\Lorna Samsung\Desktop\SecurityCheck.exe
[2013/10/15 22:12:44 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/10/15 22:12:34 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2013/10/15 22:12:34 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2013/10/14 14:52:09 | 000,003,283 | ---- | C] () -- C:\Users\Lorna Samsung\AppData\Local\recently-used.xbel
[2013/10/13 22:48:03 | 000,007,605 | ---- | C] () -- C:\Users\Lorna Samsung\AppData\Local\Resmon.ResmonCfg
[2013/09/27 08:51:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/09/27 08:23:00 | 000,002,318 | ---- | C] () -- C:\Windows\HotFixList.ini
[2013/09/27 08:11:15 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2013/09/27 08:10:05 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2013/09/27 08:10:05 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2013/09/27 08:10:05 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2013/09/27 08:10:05 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/07/16 11:23:58 | 000,335,872 | ---- | C] () -- C:\Windows\SetupX32.EXE
[2012/04/20 12:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >
 
 
 
 
 
 

or Daz. So not worried there

 

Here is the logfile from running the scan:



#72 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 26 November 2013 - 11:08 AM

Hi fellfromgrace,
 

First thing is that Firefox has now disappeared completely! So am using Chrome, I don't use IE at all; should I?

 
Did you remove Firefox, or has it just disappeared?

The browser you use is a personal choice, all are good. Some offer different personal customizations, but the choice is yours.

=========================

Did you install these?

  • AskPartnerNetwork
  • Avira SearchFree Toolbar plus Web Protection

=========================

The log looks pretty good except for the items I asked about above. When you install software many times there is third party "stuff" (politically correct term) included in the download. That is why you always want to choose "Custom" during the installation process. Oftentimes you will be given the option to not install the third party products piggybacked with the download you seek.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#73 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 26 November 2013 - 12:12 PM

OK. I had to go out for the afternoon. Laptop was asleep although the keyboard was still lit up. On awakening could not get anywhere at all online, open windows showed cached pages (ie those open when it went to sleep) but if I wanted to open new page or continue where I left off, all windows had blue spinning circles (but spinning s-l-o-w-l-y) 

 

Word 2010 was open with no docs open, and this just gave (not responding) in the top window bar.

 

I gave it half an hour but it was all still the same.

 

I tried closing windows and programs (media player was open by mistake, dashlane dashboard was up, calculator and Word plus Chrome with 6 windows open, yours, Daz 3d, Gmail, Facebook, Renderosity and Runtime DNA ... all reputable sites). I tried closing each program down but there was no response really, although I did get the  'this program is not responding' dialogue box up, Closing each one didn't work. I had to physically switch off the machine and then switch on again. 

 

I now have ten windows open and word and all is running ok so far. (until the next time .....)

 

Still absolutely no sign of Thunderbird btw



#74 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 26 November 2013 - 12:45 PM

Hi,

 

 in answer to yours, no I didn't uninstall Firefox. I was using it before I ran the fix and then it wasn't there any more after it rebooted! which is very curious. This is unless I am going mad, which is, of course, quite possible ...

 

and no I didn't consciously install the toolbars you so politely refer to as stuff  :lol:



#75 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 26 November 2013 - 12:48 PM

(at least I am sure I had Firefox on here and was using it ... when it switched on again only chrome was available and the windows opened and suggestions were all old ones, not what I was currently/recently viewing ... so am assuming that I WAS using FF and that's why the windows were different and suggestions all old) It IS possilble that I was not using FF and am getting confused with having been using the other laptop though ..... obviously senility is creeping on ....


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users