CloseProcesses:
CreateRestorePoint:
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X]
C:\Program Files (x86)\Memeo\AutoBackup
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\Crystal Narine\AppData\Local\Temp\GUR9CAC.exe
C:\Users\Crystal Narine\AppData\Local\Temp\Quarantine.exe
C:\Users\Crystal Narine\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-736287554-3709403269-3079134508-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Crystal Narine\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {9EBDF0A2-24CD-454E-9843-AB14DAAC2B60} - System32\Tasks\Bidaily Synchronize Task[pr] => c:\programdata\{6601f041-7013-da3a-6601-1f041701c105}\backuptrans iphone whatsapp transfer.exe [2014-05-18] () <==== ATTENTION
c:\programdata\{6601f041-7013-da3a-6601-1f041701c105}
AlternateDataStreams: C:\Users\Crystal Narine\Desktop\DSC01654.JPG:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\10words.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\A Glass of Milk.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Abortion.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Best Pictures.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Breath Taking Photos.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\BreathTakingPhotos.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\card.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\cds.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\cell fones.AVI:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Chinese Proverb.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\ChoicesWeMake_1.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\circuit.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Copy of RBC consent electronic Jan 2009[1].doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Crystal Narine.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Find.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\fone numbers.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\goodkarma12.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Kodak_moment.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Mobile Phone Recharge.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Mushroom Salad.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Nageur_ét...pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\New Sony En.PPS:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Price of Gas.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\PSLE0U-PSLC0U-Win7UpgradeInstructions.pdf:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Put_the_Glass_Down__.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\SalaryReview.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\scheduleCN 2011.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\scheduleCN.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\thank you letter.doc:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\The Poem.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\The Window.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\The Woman.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\TheParadoxofOurTimes.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\TheWoman.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\Two Choices.pps:Roxio EMC Stream
AlternateDataStreams: C:\Users\Crystal Narine\Documents\WordsWomenUse1.pps:Roxio EMC Stream
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp: