Files keep appearing on my desktop I think the text is Japanese - 㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㐴㘱〰⸶䵘L
I have scanned with Norton and Malware Bytes. No results. I am really concerned as they appear everyday after deleting them.
Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
Files keep appearing on my desktop I think the text is Japanese - 㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㐴㘱〰⸶䵘L
I have scanned with Norton and Malware Bytes. No results. I am really concerned as they appear everyday after deleting them.
netsvcs BASESERVICES %SYSTEMDRIVE%\*.exe dir "%systemdrive%\*" /S /A:L /C /md5start services.* explorer.exe winlogon.exe Userinit.exe svchost.exe /md5stop CREATERESTOREPOINT
Hello Valinorum,
Here are the logs.
OTL logfile created on: 4/28/2014 11:46:29 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Georgette\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.85 Gb Total Physical Memory | 3.48 Gb Available Physical Memory | 59.48% Memory free
11.70 Gb Paging File | 9.12 Gb Available in Paging File | 77.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906.34 Gb Total Space | 374.44 Gb Free Space | 41.31% Space Free | Partition Type: NTFS
Drive F: | 206.62 Gb Total Space | 0.30 Gb Free Space | 0.15% Space Free | Partition Type: NTFS
Drive H: | 465.73 Gb Total Space | 290.41 Gb Free Space | 62.36% Space Free | Partition Type: NTFS
Computer Name: MOTHERSHIP | User Name: Georgette | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/04/28 11:28:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Georgette\Downloads\OTL.exe
PRC - [2014/04/14 00:00:58 | 002,484,504 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2014/04/14 00:00:58 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/03/22 17:58:09 | 000,527,936 | ---- | M] (BillP Studios) -- F:\Program Files\WinPatrol\WinPatrol.exe
PRC - [2014/03/15 04:40:21 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccsvchst.exe
PRC - [2011/03/21 17:12:54 | 000,020,480 | ---- | M] () -- C:\Windows\jmesoft\JME_LOAD.exe
PRC - [2011/03/21 17:06:46 | 000,118,784 | ---- | M] (Lenovo) -- C:\Windows\jmesoft\hotkey.exe
PRC - [2011/03/15 23:47:40 | 000,032,768 | ---- | M] () -- C:\Windows\jmesoft\Service.exe
PRC - [2010/10/21 13:11:00 | 000,144,672 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe
PRC - [2010/10/08 12:49:40 | 000,285,696 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe
PRC - [2010/10/05 09:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 09:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/26 15:30:52 | 000,163,840 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe
PRC - [2010/09/09 14:46:14 | 000,081,920 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Power Dial\LitModeCtrl.exe
PRC - [2010/09/09 14:19:08 | 000,265,216 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe
PRC - [2010/08/30 02:07:34 | 000,096,752 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe
PRC - [2010/03/15 11:41:32 | 000,442,368 | ---- | M] (Tinnes Software) -- C:\Program Files (x86)\Desktop Calendar\Desktop Calendar.exe
PRC - [2010/02/22 13:29:56 | 001,012,080 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Common Files\AntiVirus\SBAMSvc.exe
PRC - [2010/02/04 16:13:42 | 000,529,688 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Avanquest\SystemSuite\MXTask.exe
PRC - [2009/12/04 19:59:28 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
PRC - [2009/12/03 23:25:32 | 000,050,456 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Avanquest\SystemSuite\MXTask2.exe
PRC - [2009/09/30 14:19:30 | 000,049,152 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe
PRC - [2008/07/30 14:23:02 | 000,177,448 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2006/02/17 12:44:28 | 000,197,632 | ---- | M] (Nu2 Productions) -- C:\pebuilder3110a\pebuilder.exe
========== Modules (No Company Name) ==========
MOD - [2014/04/15 14:46:13 | 001,125,592 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2014/03/31 08:51:12 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\13372e3b6a7e4126d48827a30c2c1d9a\Microsoft.VisualBasic.ni.dll
MOD - [2014/03/31 08:47:19 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/03/28 14:33:50 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll
MOD - [2014/03/28 14:31:29 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
MOD - [2014/03/28 14:31:18 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/03/28 14:31:17 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\faf3ae85f2470505e1b32d2154de60ef\System.EnterpriseServices.ni.dll
MOD - [2014/03/28 14:31:17 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\cd3556d1162e8f7df77611c9c4253f7c\System.Transactions.ni.dll
MOD - [2014/03/28 14:31:16 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\fe1942c05eda4f9744f80afb4ae76a2d\System.Data.ni.dll
MOD - [2014/03/28 14:31:09 | 014,340,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll
MOD - [2014/03/28 14:30:55 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/03/28 14:30:53 | 012,238,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
MOD - [2014/03/28 14:30:46 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/03/28 14:30:42 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/03/28 14:30:40 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/03/28 14:30:39 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/03/28 14:30:35 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/03/23 17:04:20 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2014/03/15 04:40:39 | 003,642,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/02/17 23:46:30 | 000,643,948 | ---- | M] () -- F:\Program Files\WinPatrol\sqlite3.dll
MOD - [2010/11/20 23:24:08 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/10/21 13:11:08 | 000,086,304 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Greeting Card Factory Deluxe 8.0\AddressBookCore.dll
MOD - [2010/10/21 13:11:00 | 000,144,672 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe
MOD - [2010/10/21 12:50:28 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Greeting Card Factory Deluxe 8.0\en-US\ReminderApp.resources.dll
MOD - [2010/09/20 21:55:52 | 000,182,272 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Brightness System\ddcHelperWraper.dll
MOD - [2010/09/20 13:08:10 | 000,210,432 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Brightness System\KeyStoneAdapter.dll
MOD - [2010/09/09 14:19:30 | 000,210,432 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Eye Distance System\KeyStoneAdapter.dll
MOD - [2010/09/09 14:18:58 | 000,211,456 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Eye Distance System\VideoPlayer.dll
MOD - [2009/12/04 20:04:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
MOD - [2009/12/04 19:59:54 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
MOD - [2009/06/10 17:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2008/12/30 14:09:34 | 002,088,960 | ---- | M] () -- C:\Program Files\Lenovo\Power Dial\LitModeSwitchRes.dll
MOD - [2007/12/31 13:27:42 | 000,007,168 | ---- | M] () -- C:\Windows\jmesoft\VistaVolume.dll
MOD - [2005/11/29 08:55:34 | 000,411,648 | ---- | M] () -- C:\pebuilder3110a\StarBurn.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/03/06 04:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/09 14:46:14 | 000,081,920 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files\Lenovo\Power Dial\LitModeCtrl.exe -- (LitModeCtrl)
SRV:64bit: - [2009/09/30 14:19:30 | 000,049,152 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe -- (LenovoCOMSvc)
SRV:64bit: - [2007/05/29 17:47:54 | 000,020,480 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\Windows\SysNative\spool\drivers\x64\3\OPHDLDCS.EXE -- (OKI OPHD DCS Loader)
SRV - [2014/04/14 00:00:58 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2014/03/15 04:40:31 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/11 16:45:00 | 000,130,104 | R--- | M] (Symantec Corporation) [Unknown (-1) | Unknown] -- C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\NST.exe -- (NCO)
SRV - [2014/01/29 23:02:44 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360)
SRV - [2011/03/15 23:47:40 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\jmesoft\Service.exe -- (JME Keyboard)
SRV - [2010/10/05 09:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 09:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/08/30 02:07:34 | 000,096,752 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe -- (CEEBC40A-FDED-4C59-B354-939132350B01)
SRV - [2010/02/22 13:29:56 | 001,012,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files (x86)\Common Files\AntiVirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/02/04 16:13:42 | 000,529,688 | ---- | M] (Avanquest Software) [Auto | Running] -- C:\Program Files (x86)\Avanquest\SystemSuite\MXTask.exe -- (SystemSuite Task Manager)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/30 14:23:26 | 000,161,064 | ---- | M] (Seagate Technology LLC) [Disabled | Stopped] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2007/05/29 17:47:54 | 000,020,480 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\windows\system32\spool\DRIVERS\x64\3\OPHDLDCS.EXE -- (OKI OPHD DCS Loader)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/04/14 00:01:06 | 000,316,312 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2014/03/31 13:15:30 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2014/01/29 23:02:28 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/10/01 22:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/27 15:23:26 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DE07000.02B\ccSetx64.sys -- (ccSet_NST)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/05 22:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 22:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/07 00:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/05/21 21:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/17 22:13:32 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 22:13:22 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2012/04/17 21:42:14 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/21 01:34:55 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2011/05/21 01:34:55 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/25 06:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 12:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/21 02:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/07/20 05:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/21 17:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/15 08:17:56 | 000,082,992 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (sbtis)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/04/08 09:43:04 | 000,020,832 | ---- | M] (Nicomsoft Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ddcdrv.sys -- (WinI2C-DDC)
DRV:64bit: - [2006/11/09 06:04:00 | 000,026,112 | R--- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PELMOUSE.SYS -- (pelmouse)
DRV:64bit: - [2006/11/09 06:04:00 | 000,023,040 | R--- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PELUSBlf.SYS -- (pelusblf)
DRV - [2014/04/23 14:33:08 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20140428.001\ex64.sys -- (NAVEX15)
DRV - [2014/04/23 14:33:08 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/04/23 14:33:08 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20140428.001\eng64.sys -- (NAVENG)
DRV - [2014/04/15 14:46:11 | 000,606,672 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys -- (RapportCerberus_59849)
DRV - [2014/04/14 00:01:06 | 000,397,848 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2014/04/14 00:01:06 | 000,282,968 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2014/04/09 18:47:21 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\windows\SysWow64\drivers\AFS.SYS -- (AFS)
DRV - [2014/03/31 14:54:19 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/03/28 16:33:00 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\IPSDefs\20140427.002\IDSviA64.sys -- (IDSVia64)
DRV - [2014/03/19 01:34:28 | 001,525,976 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\BASHDefs\20140409.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/03/22 21:13:08 | 000,015,712 | ---- | M] (Nicomsoft Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\ddcdrv.sys -- (WinI2C-DDC)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LEND&bmod=LEND
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=LEND&bmod=LEND
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ND_enUS445US445
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{D0E1D5BF-70B0-47B0-A8D1-12B13FEEF54E}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Privatelee"
FF - prefs.js..browser.search.selectedEngine: "Privatelee"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7BE6C1199F-E687-42da-8C24-E7770CC3AE66%7D:2.0.4
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2012.5.22.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.43\coFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\IPSFF [2014/03/31 14:55:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\coFFPlgn\ [2014/04/27 17:58:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4d855a8a-1536-4aa8-bf99-da2362910205}: C:\Program Files (x86)\Avanquest\SystemSuite\FirefoxDV [2014/04/23 13:57:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\Avanquest\SystemSuite\Firefox [2014/04/23 13:57:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2014/03/28 15:47:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georgette\AppData\Roaming\Mozilla\Extensions
[2014/04/04 15:08:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georgette\AppData\Roaming\Mozilla\Firefox\Profiles\qqbrwb2d.default\extensions
[2014/04/04 15:08:00 | 000,024,626 | ---- | M] () (No name found) -- C:\Users\Georgette\AppData\Roaming\Mozilla\Firefox\Profiles\qqbrwb2d.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
[2014/03/28 17:50:43 | 000,002,050 | ---- | M] () -- C:\Users\Georgette\AppData\Roaming\Mozilla\Firefox\Profiles\qqbrwb2d.default\searchplugins\privatelee.xml
[2014/04/27 11:10:09 | 000,002,494 | ---- | M] () -- C:\Users\Georgette\AppData\Roaming\Mozilla\Firefox\Profiles\qqbrwb2d.default\searchplugins\safesearch.xml
[2014/03/28 15:44:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/28 15:44:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/04/27 17:58:13 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\COFFPLGN
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.43\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\Avanquest\SystemSuite\avgssie.dll ()
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DataVault Object) - {8373ADC0-6330-11DD-9D77-22C856D89593} - C:\Program Files (x86)\Avanquest\SystemSuite\IE_ContextMenu_Vault.dll (Avanquest Software)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.43\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Mouse Suite 98 Daemon] C:\windows\SysNative\ICO.EXE (Primax Electronics Ltd.)
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe (Lenovo)
O4 - HKLM..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe ()
O4 - HKLM..\Run: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo)
O4 - HKLM..\Run: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [ModeSwitch] C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe (Lenovo)
O4 - HKLM..\Run: [ReminderApp] C:\Program Files (x86)\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe ()
O4 - HKLM..\Run: [SetDefaultSCR] C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe (Lenovo)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Desktop Calendar] C:\Program Files (x86)\Desktop Calendar\Desktop Calendar.exe (Tinnes Software)
O4 - HKCU..\Run: [WinPatrol] F:\Program Files\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 184.63.96.68 184.63.96.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64D9B841-87A2-4172-B731-A3ABBEA11425}: DhcpNameServer = 184.63.96.68 184.63.96.69
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/10 17:08:00 | 000,000,067 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2014/04/27 11:09:28 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{8CEF6EF1-363B-410F-A74F-7F0DE832085C}
[2014/04/27 10:48:57 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{3274F6FE-1D4D-44E5-B309-D17FA722E715}
[2014/04/25 16:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PE Builder
[2014/04/25 16:57:18 | 000,000,000 | ---D | C] -- C:\pebuilder3110a
[2014/04/25 09:04:54 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2014/04/25 09:00:03 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{229C837F-B1D4-4E16-963D-7EEA09127567}
[2014/04/24 18:27:59 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/24 18:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/24 18:26:44 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/04/24 18:26:44 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/04/24 18:26:44 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/04/24 18:26:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/24 18:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/24 13:59:08 | 000,000,000 | ---D | C] -- C:\Users\Georgette\Documents\WebStore
[2014/04/24 08:59:56 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{4898B2FE-0992-40D3-AAA8-AA6666FE23A5}
[2014/04/23 17:42:10 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\Akamai
[2014/04/23 14:37:50 | 000,082,992 | ---- | C] (Sunbelt Software) -- C:\windows\SysNative\drivers\sbtis.sys
[2014/04/23 14:05:13 | 000,027,472 | ---- | C] (Sunbelt Software) -- C:\windows\SysNative\sbbd.exe
[2014/04/23 14:05:13 | 000,026,144 | ---- | C] (Avanquest Software) -- C:\windows\SysNative\drivers\mxRCycle.sys
[2014/04/23 13:13:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014/04/23 08:59:54 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{91F4E072-4258-4D4D-8E04-07590A0AFA87}
[2014/04/22 08:39:44 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{A9A96EEB-D7A2-423B-ADB5-BEE0CBF1C88F}
[2014/04/21 09:00:01 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{34089BDB-E782-465E-8A67-F33CB91587F5}
[2014/04/20 11:52:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BVRP Software
[2014/04/20 11:49:02 | 000,000,000 | RHSD | C] -- C:\_Backup.RC
[2014/04/20 11:48:51 | 000,000,000 | -H-D | C] -- C:\_Backup
[2014/04/20 11:43:09 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\Avanquest
[2014/04/20 11:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest
[2014/04/20 11:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AntiVirus
[2014/04/20 11:42:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avanquest
[2014/04/20 09:00:11 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{BE53089D-7EFA-40A8-86E5-D4479553C133}
[2014/04/19 08:59:55 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{7E09B011-12D4-454F-B37A-0B59FA2D6F3C}
[2014/04/18 14:50:40 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\Nova Development
[2014/04/18 14:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/04/18 14:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2014/04/18 14:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Seagate
[2014/04/18 14:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2014/04/18 13:57:48 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations
[2014/04/18 13:57:30 | 000,000,000 | -HSD | C] -- C:\windows\ftpcache
[2014/04/18 13:51:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nova Development
[2014/04/17 22:27:41 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{F8D3087D-64E0-46BC-8EFF-733E474EDC7E}
[2014/04/17 08:59:55 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{478AA8EF-84E3-4A60-88C6-5E086E006ECE}
[2014/04/16 08:46:23 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{203AFBB0-A5D4-4CAC-82EE-7DC0F236281A}
[2014/04/15 14:45:58 | 000,316,312 | ---- | C] (Trusteer Ltd.) -- C:\windows\SysNative\drivers\RapportKE64.sys
[2014/04/15 14:43:22 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\Trusteer
[2014/04/15 14:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
[2014/04/15 14:42:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trusteer
[2014/04/15 14:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusteer
[2014/04/15 14:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX870 series
[2014/04/15 14:11:15 | 000,000,000 | -HSD | C] -- C:\Users\Georgette\AppData\Local\EmieUserList
[2014/04/15 14:11:15 | 000,000,000 | -HSD | C] -- C:\Users\Georgette\AppData\Local\EmieSiteList
[2014/04/15 09:21:52 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\Hewlett-Packard
[2014/04/15 08:16:07 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{9C70665B-E78B-4534-B282-F1ED480A2436}
[2014/04/14 13:54:31 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{8E6DA6E5-D833-40AE-B7A5-969EA8DCA7DE}
[2014/04/13 21:01:55 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{F58C2649-DE0B-4492-93C0-5B59C8195611}
[2014/04/13 12:10:30 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\OPHD
[2014/04/13 11:56:58 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\ElevatedDiagnostics
[2014/04/13 11:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\OPHD
[2014/04/13 11:35:47 | 000,148,992 | ---- | C] (Oki Data Corporation) -- C:\windows\SysNative\OPDMN025.DLL
[2014/04/13 11:35:47 | 000,054,784 | ---- | C] (Oki Data Corporation) -- C:\windows\SysNative\OPUSBEXT.DLL
[2014/04/13 11:35:47 | 000,039,424 | ---- | C] (Oki Data Corporation) -- C:\windows\SysNative\OPCLB025.DLL
[2014/04/13 11:35:46 | 000,072,704 | ---- | C] (Oki Data Corporation) -- C:\windows\SysNative\OPE02LOC.DLL
[2014/04/13 11:35:46 | 000,065,536 | ---- | C] (Oki Data Corporation) -- C:\windows\SysNative\OPSLD025.DLL
[2014/04/13 11:35:46 | 000,039,936 | ---- | C] (Oki Data Corporation) -- C:\windows\SysNative\OPUSB025.DLL
[2014/04/13 11:35:46 | 000,039,936 | ---- | C] (Oki Data Corporation) -- C:\windows\SysNative\OPEXTUAC.DLL
[2014/04/13 11:35:46 | 000,039,424 | ---- | C] (Oki Data Corporation) -- C:\windows\SysNative\OPC02LOC.DLL
[2014/04/13 11:35:46 | 000,037,376 | ---- | C] (Oki Data Corporation) -- C:\windows\SysNative\OPDVA025.DLL
[2014/04/13 11:35:45 | 000,000,000 | ---D | C] -- C:\OKIDATA
[2014/04/13 11:35:12 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\InstallShield
[2014/04/13 11:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4500 series Manual
[2014/04/13 08:59:55 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{4DCDA5E1-868D-4EAE-8C39-98A0A4A6BEF5}
[2014/04/12 08:59:53 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{5C7E85EA-EA05-4DBF-BB56-9411502AF0A1}
[2014/04/11 12:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Digital Image Suite Anniversary Edition
[2014/04/11 11:40:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Digital Image 2006
[2014/04/11 08:59:56 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{CC6BBA8C-7C55-4D42-8B31-6D03AE04EA79}
[2014/04/09 19:12:16 | 000,000,000 | ---D | C] -- C:\Users\Georgette\Documents\ScanJet2400
[2014/04/09 19:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2014/04/09 19:08:26 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\HP
[2014/04/09 19:08:23 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\HP
[2014/04/09 19:05:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2014/04/09 19:05:21 | 000,000,000 | ---D | C] -- C:\UniScan
[2014/04/09 19:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2014/04/09 19:04:55 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2014/04/09 19:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2014/04/09 18:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2014/04/09 18:47:21 | 000,077,004 | ---- | C] (Oak Technology Inc.) -- C:\windows\SysWow64\drivers\AFS.SYS
[2014/04/09 18:47:14 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\Share-to-Web Upload Folder
[2014/04/09 18:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard
[2014/04/09 18:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Share-to-Web
[2014/04/09 18:45:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2014/04/09 18:45:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2014/04/09 18:45:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2014/04/09 18:43:19 | 000,000,000 | ---D | C] -- C:\col8884
[2014/04/09 18:42:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2014/04/09 18:41:27 | 000,000,000 | ---D | C] -- C:\col1832
[2014/04/09 09:00:07 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{C0A3B3B9-4B6D-4775-8CED-0F4FEDA28E70}
[2014/04/08 13:12:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2014/04/08 08:59:54 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{288E6EE6-3C7A-4518-9A75-96157D5BB0F7}
[2014/04/07 13:45:03 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\Ulead Systems
[2014/04/07 12:46:53 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\Cyberlink
[2014/04/07 12:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nikon
[2014/04/07 12:24:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PhotoDirector 4
[2014/04/07 12:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2014/04/07 08:59:54 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{CB8A4E3A-002B-48AA-ACB2-F647E58A57A2}
[2014/04/06 18:30:38 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2014/04/06 17:56:26 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\Smith Micro
[2014/04/06 16:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/04/06 16:37:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/04/06 16:37:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/04/06 16:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/04/06 16:35:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/04/06 16:04:28 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{E5031BA2-7A1C-4AB7-8443-EC6391466ACE}
[2014/04/06 14:38:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StuffIt Deluxe
[2014/04/06 14:38:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smith Micro
[2014/04/05 10:57:52 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\2BrightSparks
[2014/04/05 10:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2BrightSparks
[2014/04/05 10:57:40 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\2BrightSparks
[2014/04/05 10:57:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2BrightSparks
[2014/04/05 10:55:41 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\Programs
[2014/04/05 08:54:20 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{2E084825-4CA5-4566-8F73-31C08E4A9223}
[2014/04/04 19:11:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ulead Systems
[2014/04/04 19:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoImpact Pro
[2014/04/04 18:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2014/04/04 18:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2014/04/04 18:25:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
[2014/04/04 18:18:26 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2014/04/04 10:13:38 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{484FF655-6591-407D-8D07-4A429D4D8915}
[2014/04/03 11:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2014/04/03 11:15:11 | 000,000,000 | ---D | C] -- C:\windows\Migration
[2014/04/03 11:09:24 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{79077AA2-5B30-458B-ACFF-DA945CD573D2}
[2014/04/03 08:21:44 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{316BD288-0F38-4686-BEE2-E1EB4F50608F}
[2014/04/02 08:33:50 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{088DD8EF-F965-4199-A393-54168A3AFF86}
[2014/04/01 10:33:26 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\Adobe
[2014/04/01 10:06:33 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{F46963A0-D5A2-42A1-888D-B2009C59122D}
[2014/04/01 08:52:26 | 001,129,120 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0604010.00E\symefa64.sys
[2014/04/01 08:52:26 | 000,737,952 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0604010.00E\srtsp64.sys
[2014/04/01 08:52:26 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0604010.00E\symds64.sys
[2014/04/01 08:52:26 | 000,405,624 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0604010.00E\symnets.sys
[2014/04/01 08:52:26 | 000,190,072 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0604010.00E\ironx64.sys
[2014/04/01 08:52:26 | 000,167,072 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0604010.00E\ccsetx64.sys
[2014/04/01 08:52:26 | 000,037,536 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0604010.00E\srtspx64.sys
[2014/04/01 08:52:20 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64\0604010.00E
[2014/03/31 18:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2014/03/31 18:08:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014/03/31 18:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2014/03/31 18:08:10 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\spool
[2014/03/31 18:08:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2014/03/31 18:06:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2014/03/31 13:15:30 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/03/31 13:15:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2014/03/31 13:15:30 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2014/03/31 13:14:34 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64
[2014/03/31 13:14:33 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2014/03/31 13:14:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2014/03/31 12:59:32 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSTx64\7DE07000.02B\ccSetx64.sys
[2014/03/31 12:59:29 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NSTx64
[2014/03/31 12:59:29 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NSTx64\7DE07000.02B
[2014/03/31 12:59:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
[2014/03/31 12:59:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Identity Safe
[2014/03/31 12:46:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2014/03/31 12:41:25 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2014/03/31 11:04:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuoteTracker
[2014/03/31 08:56:41 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{4138C80C-35D5-43EC-9C37-D4F3886A4B06}
[2014/03/30 18:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/03/30 18:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/03/30 18:27:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/03/30 17:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop Calendar
[2014/03/30 16:58:33 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\Template
[2014/03/30 16:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2014/03/30 16:55:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2014/03/30 16:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2014/03/30 16:11:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2014/03/30 16:11:08 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\Canon
[2014/03/30 16:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX870 series User Registration
[2014/03/30 15:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2014/03/30 15:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX870 series Manual
[2014/03/30 15:46:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2014/03/30 15:46:25 | 000,000,000 | -H-D | C] -- C:\windows\SysNative\CanonIJ Uninstaller Information
[2014/03/30 15:45:57 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2014/03/30 15:45:52 | 000,000,000 | ---D | C] -- C:\windows\SysNative\STRING
[2014/03/30 15:45:50 | 000,000,000 | ---D | C] -- C:\windows\SysNative\CHM
[2014/03/30 15:40:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2014/03/30 14:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moffsoft FreeCalc
[2014/03/30 14:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Moffsoft FreeCalc
[2014/03/30 14:26:56 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/03/30 14:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2014/03/30 13:31:34 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\Devolutions
[2014/03/30 12:00:06 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\Microsoft Help
[2014/03/30 12:00:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2014/03/30 11:59:08 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\SoftGrid Client
[2014/03/30 11:59:08 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\SoftGrid Client
[2014/03/30 11:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2014/03/30 11:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/03/30 11:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2014/03/30 11:58:18 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\TP
[2014/03/30 11:01:38 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{4A002893-7FD8-4C91-A961-1874AAA7FB0D}
[2014/03/29 14:04:49 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\CutePDF Writer
[2014/03/29 14:02:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPLGS
[2014/03/29 14:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
[2014/03/29 14:02:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acro Software
[2014/03/29 13:54:28 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\Macromedia
[2014/03/29 13:51:15 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2011/05/21 01:28:38 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe
========== Files - Modified Within 30 Days ==========
[2014/04/28 11:33:39 | 000,020,688 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/28 11:33:39 | 000,020,688 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/28 11:23:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/04/27 17:55:38 | 000,455,961 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2014/04/27 17:54:23 | 417,665,023 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/27 13:26:01 | 000,782,164 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/04/27 13:26:01 | 000,662,100 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/04/27 13:26:01 | 000,121,710 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/04/26 10:40:47 | 000,002,786 | ---- | M] () -- C:\Users\Georgette\AppData\Roaming\wklnhst.dat
[2014/04/25 10:05:57 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/25 09:04:42 | 893,408,456 | ---- | M] () -- C:\windows\MEMORY.DMP
[2014/04/24 18:27:03 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/24 17:47:01 | 000,002,453 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2014/04/23 14:41:33 | 000,527,688 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/04/23 12:46:17 | 000,002,284 | ---- | M] () -- C:\Users\Georgette\Desktop\Lenovo Rescue System.lnk
[2014/04/23 11:19:45 | 000,001,113 | ---- | M] () -- C:\Users\Georgette\Desktop\qaccess.exe - Shortcut.lnk
[2014/04/19 09:10:41 | 000,032,126 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\VT20140417.018
[2014/04/18 14:32:06 | 000,001,397 | ---- | M] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2014/04/18 14:08:10 | 000,002,148 | ---- | M] () -- C:\Users\Public\Desktop\Seagate Manager.lnk
[2014/04/18 14:04:21 | 000,002,777 | ---- | M] () -- C:\Users\Public\Desktop\Greeting Card Factory Deluxe.lnk
[2014/04/14 00:01:06 | 000,316,312 | ---- | M] (Trusteer Ltd.) -- C:\windows\SysNative\drivers\RapportKE64.sys
[2014/04/13 12:10:46 | 000,000,000 | ---- | M] () -- C:\Users\Georgette\Documents\OKI 5500
[2014/04/13 11:17:07 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\iP4500 series On-screen Manual.lnk
[2014/04/11 12:02:20 | 000,002,076 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Digital Image Suite Anniversary Edition Library.lnk
[2014/04/11 12:01:46 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Digital Image Suite Anniversary Edition Editor.lnk
[2014/04/11 11:30:33 | 001,851,767 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\Cat.DB
[2014/04/09 18:47:24 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\HP Memories Disc.lnk
[2014/04/09 18:47:21 | 000,077,004 | ---- | M] (Oak Technology Inc.) -- C:\windows\SysWow64\drivers\AFS.SYS
[2014/04/09 18:46:11 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\HP Director.lnk
[2014/04/09 18:46:10 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo & Imaging.lnk
[2014/04/08 14:02:09 | 000,000,030 | ---- | M] () -- C:\windows\Iedit_.INI
[2014/04/07 12:24:12 | 000,001,505 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PhotoDirector 4.lnk
[2014/04/06 15:25:32 | 000,001,997 | ---- | M] () -- C:\Users\Public\Desktop\DropStuff.lnk
[2014/04/06 15:25:32 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\StuffIt Expander.lnk
[2014/04/05 10:57:43 | 000,001,221 | ---- | M] () -- C:\Users\Georgette\Desktop\SyncBackFree.lnk
[2014/04/04 19:57:07 | 000,002,146 | ---- | M] () -- C:\Users\Public\Desktop\PhotoImpact Pro.lnk
[2014/04/04 18:27:26 | 000,000,376 | ---- | M] () -- C:\windows\ODBC.INI
[2014/04/04 15:52:58 | 000,774,402 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2014/04/04 14:40:53 | 000,004,776 | ---- | M] () -- C:\Users\Georgette\Desktop\SyncBack.exe - Shortcut.lnk
[2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/04/01 18:29:19 | 000,002,310 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2014/03/31 18:08:57 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional TryOut.lnk
[2014/03/31 13:15:30 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/03/31 13:15:30 | 000,007,488 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/03/31 13:15:30 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/03/31 12:41:25 | 000,001,256 | ---- | M] () -- C:\Users\Georgette\Desktop\Norton Installation Files.lnk
[2014/03/31 11:22:59 | 000,001,458 | ---- | M] () -- C:\Users\Georgette\Desktop\stocks.exe - Shortcut.lnk
[2014/03/30 18:30:22 | 000,016,284 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2014/03/30 18:30:21 | 000,016,284 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2014/03/30 17:43:09 | 000,001,023 | ---- | M] () -- C:\Users\Georgette\Desktop\Desktop Calendar.lnk
[2014/03/30 17:28:07 | 000,001,002 | ---- | M] () -- C:\Users\Georgette\Desktop\Desktop Calendar.exe - Shortcut.lnk
[2014/03/30 16:58:39 | 000,001,127 | ---- | M] () -- C:\Users\Georgette\Desktop\Microsoft Works.LNK
[2014/03/30 16:12:59 | 000,002,095 | ---- | M] () -- C:\Users\Public\Desktop\Canon MP Navigator EX 3.1.lnk
[2014/03/30 16:02:12 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\Canon MX870 series User Registration.LNK
[2014/03/30 15:48:08 | 000,002,093 | ---- | M] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk
[2014/03/30 15:47:00 | 000,002,354 | ---- | M] () -- C:\Users\Public\Desktop\Canon MX870 series On-screen Manual.lnk
[2014/03/30 14:36:48 | 000,001,114 | ---- | M] () -- C:\Users\Georgette\Application Data\Microsoft\Internet Explorer\Quick Launch\Moffsoft FreeCalc.lnk
[2014/03/30 14:26:56 | 000,000,758 | ---- | M] () -- C:\Users\Georgette\Desktop\Revo Uninstaller.lnk
[2014/03/29 13:05:59 | 000,000,258 | RHS- | M] () -- C:\Users\Georgette\ntuser.pol
========== Files Created - No Company Name ==========
[2014/04/25 09:04:42 | 893,408,456 | ---- | C] () -- C:\windows\MEMORY.DMP
[2014/04/24 18:27:02 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/23 14:05:13 | 000,035,000 | ---- | C] () -- C:\windows\SysNative\mxntdfg.exe
[2014/04/23 13:57:55 | 000,001,004 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SystemSuite 10 Professional.lnk
[2014/04/23 11:19:45 | 000,001,113 | ---- | C] () -- C:\Users\Georgette\Desktop\qaccess.exe - Shortcut.lnk
[2014/04/19 10:52:33 | 000,032,126 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\VT20140417.018
[2014/04/18 14:32:04 | 000,001,397 | ---- | C] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2014/04/18 14:08:09 | 000,002,148 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Manager.lnk
[2014/04/18 14:04:20 | 000,002,777 | ---- | C] () -- C:\Users\Public\Desktop\Greeting Card Factory Deluxe.lnk
[2014/04/13 12:10:30 | 000,000,000 | ---- | C] () -- C:\Users\Georgette\Documents\OKI 5500
[2014/04/13 11:16:44 | 000,002,340 | ---- | C] () -- C:\Users\Public\Desktop\iP4500 series On-screen Manual.lnk
[2014/04/11 12:02:19 | 000,002,076 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Digital Image Suite Anniversary Edition Library.lnk
[2014/04/11 12:01:46 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Digital Image Suite Anniversary Edition Editor.lnk
[2014/04/09 18:47:24 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\HP Memories Disc.lnk
[2014/04/09 18:46:10 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\HP Director.lnk
[2014/04/09 18:46:08 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo & Imaging.lnk
[2014/04/09 18:46:06 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2014/04/08 14:02:09 | 000,000,030 | ---- | C] () -- C:\windows\Iedit_.INI
[2014/04/07 12:24:10 | 000,001,505 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PhotoDirector 4.lnk
[2014/04/06 15:25:32 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\StuffIt Expander.lnk
[2014/04/06 15:25:31 | 000,001,997 | ---- | C] () -- C:\Users\Public\Desktop\DropStuff.lnk
[2014/04/05 10:57:43 | 000,001,221 | ---- | C] () -- C:\Users\Georgette\Desktop\SyncBackFree.lnk
[2014/04/04 19:57:07 | 000,002,146 | ---- | C] () -- C:\Users\Public\Desktop\PhotoImpact Pro.lnk
[2014/04/04 18:27:26 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2014/04/04 14:40:53 | 000,004,776 | ---- | C] () -- C:\Users\Georgette\Desktop\SyncBack.exe - Shortcut.lnk
[2014/04/01 18:28:15 | 001,851,767 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\Cat.DB
[2014/04/01 08:52:26 | 000,007,496 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\symds64.cat
[2014/04/01 08:52:26 | 000,007,458 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\symnet64.cat
[2014/04/01 08:52:26 | 000,007,450 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\iron.cat
[2014/04/01 08:52:26 | 000,007,446 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\ccsetx64.cat
[2014/04/01 08:52:26 | 000,007,438 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\symefa64.cat
[2014/04/01 08:52:26 | 000,007,406 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\srtspx64.cat
[2014/04/01 08:52:26 | 000,007,402 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\srtsp64.cat
[2014/04/01 08:52:26 | 000,003,435 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\symefa.inf
[2014/04/01 08:52:26 | 000,002,852 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\symds.inf
[2014/04/01 08:52:26 | 000,001,441 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\symnet.inf
[2014/04/01 08:52:26 | 000,001,437 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\srtsp64.inf
[2014/04/01 08:52:26 | 000,001,419 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\srtspx64.inf
[2014/04/01 08:52:26 | 000,000,853 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\ccsetx64.inf
[2014/04/01 08:52:26 | 000,000,772 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\iron.inf
[2014/04/01 08:52:20 | 000,008,942 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\symvtcer.dat
[2014/04/01 08:52:20 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\isolate.ini
[2014/03/31 18:08:54 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional TryOut.lnk
[2014/03/31 18:08:52 | 000,002,049 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller 7.0 TryOut.lnk
[2014/03/31 18:08:48 | 000,002,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 7.0 TryOut.lnk
[2014/03/31 18:08:43 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Designer 7.0 TryOut.lnk
[2014/03/31 18:08:41 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2014/03/31 13:15:30 | 000,007,488 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/03/31 13:15:30 | 000,000,855 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/03/31 13:15:25 | 000,002,310 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2014/03/31 12:59:29 | 000,008,202 | R--- | C] () -- C:\windows\SysNative\drivers\NSTx64\7DE07000.02B\ccSetx64.cat
[2014/03/31 12:59:29 | 000,000,855 | R--- | C] () -- C:\windows\SysNative\drivers\NSTx64\7DE07000.02B\ccSetx64.inf
[2014/03/31 12:59:29 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NSTx64\7DE07000.02B\isolate.ini
[2014/03/31 12:41:25 | 000,001,256 | ---- | C] () -- C:\Users\Georgette\Desktop\Norton Installation Files.lnk
[2014/03/31 11:22:59 | 000,001,458 | ---- | C] () -- C:\Users\Georgette\Desktop\stocks.exe - Shortcut.lnk
[2014/03/30 18:30:22 | 000,016,284 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2014/03/30 18:30:21 | 000,016,284 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2014/03/30 17:43:09 | 000,001,023 | ---- | C] () -- C:\Users\Georgette\Desktop\Desktop Calendar.lnk
[2014/03/30 17:28:07 | 000,001,002 | ---- | C] () -- C:\Users\Georgette\Desktop\Desktop Calendar.exe - Shortcut.lnk
[2014/03/30 16:58:39 | 000,001,127 | ---- | C] () -- C:\Users\Georgette\Desktop\Microsoft Works.LNK
[2014/03/30 16:58:32 | 000,002,786 | ---- | C] () -- C:\Users\Georgette\AppData\Roaming\wklnhst.dat
[2014/03/30 16:57:16 | 000,002,016 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2014/03/30 16:57:15 | 000,001,920 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2014/03/30 16:12:59 | 000,002,095 | ---- | C] () -- C:\Users\Public\Desktop\Canon MP Navigator EX 3.1.lnk
[2014/03/30 15:48:41 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\Canon MX870 series User Registration.LNK
[2014/03/30 15:48:06 | 000,002,093 | ---- | C] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk
[2014/03/30 15:47:00 | 000,002,354 | ---- | C] () -- C:\Users\Public\Desktop\Canon MX870 series On-screen Manual.lnk
[2014/03/30 15:46:22 | 000,015,360 | ---- | C] () -- C:\windows\SysWow64\CNC1743D.TBL
[2014/03/30 15:46:22 | 000,015,360 | ---- | C] () -- C:\windows\SysNative\CNC1743D.TBL
[2014/03/30 14:36:48 | 000,001,114 | ---- | C] () -- C:\Users\Georgette\Application Data\Microsoft\Internet Explorer\Quick Launch\Moffsoft FreeCalc.lnk
[2014/03/30 14:26:56 | 000,000,758 | ---- | C] () -- C:\Users\Georgette\Desktop\Revo Uninstaller.lnk
[2014/03/30 11:58:42 | 000,774,402 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2014/03/29 14:02:17 | 000,087,600 | ---- | C] () -- C:\windows\SysNative\cpwmon64.dll
[2014/03/29 13:05:59 | 000,000,258 | RHS- | C] () -- C:\Users\Georgette\ntuser.pol
[2014/03/28 11:17:10 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2014/01/29 23:02:42 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2014/01/29 23:02:22 | 000,077,312 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2014/01/29 23:02:20 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
========== ZeroAccess Check ==========
[2011/08/16 03:40:54 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\L
[2011/08/16 03:40:54 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\N
[2011/08/16 03:40:56 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\U
[2011/08/16 03:39:58 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\L
[2011/08/16 03:39:58 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\N
[2011/08/16 03:40:00 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\U
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/04/05 10:57:52 | 000,000,000 | ---D | M] -- C:\Users\Georgette\AppData\Roaming\2BrightSparks
[2014/04/20 12:30:55 | 000,000,000 | ---D | M] -- C:\Users\Georgette\AppData\Roaming\Avanquest
[2014/04/08 13:12:07 | 000,000,000 | ---D | M] -- C:\Users\Georgette\AppData\Roaming\Canon
[2014/03/28 16:17:09 | 000,000,000 | ---D | M] -- C:\Users\Georgette\AppData\Roaming\Nova Development
[2014/04/13 12:10:30 | 000,000,000 | ---D | M] -- C:\Users\Georgette\AppData\Roaming\OPHD
[2014/04/18 14:18:03 | 000,000,000 | ---D | M] -- C:\Users\Georgette\AppData\Roaming\Smith Micro
[2014/04/06 17:58:37 | 000,000,000 | ---D | M] -- C:\Users\Georgette\AppData\Roaming\SoftGrid Client
[2014/03/30 16:58:33 | 000,000,000 | ---D | M] -- C:\Users\Georgette\AppData\Roaming\Template
[2014/03/27 13:17:57 | 000,000,000 | ---D | M] -- C:\Users\Georgette\AppData\Roaming\Tific
[2014/03/30 11:59:21 | 000,000,000 | ---D | M] -- C:\Users\Georgette\AppData\Roaming\TP
[2014/04/07 13:45:03 | 000,000,000 | ---D | M] -- C:\Users\Georgette\AppData\Roaming\Ulead Systems
[2011/08/15 23:32:51 | 000,000,000 | ---D | M] -- C:\Users\Georgette\AppData\Roaming\Windows Live Writer
[2014/03/27 13:17:56 | 000,000,000 | ---D | M] -- C:\Users\Georgette\AppData\Roaming\WinPatrol
========== Purity Check ==========
========== Custom Scans ==========
========== Base Services ==========
SRV:64bit: - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 01:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 23:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/24 21:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 18:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 01:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/09 00:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 23:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 23:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 23:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 13:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 07:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 02:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/24 21:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 23:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 23:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/24 21:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 23:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 23:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 23:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 23:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 23:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 23:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 01:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 23:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 23:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 23:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 23:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 23:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 23:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 23:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 18:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 23:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 23:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
< %SYSTEMDRIVE%\*.exe >
< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 1459-B96F
Directory of C:\
07/14/2009 01:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\$Recycle.Bin\S-1-5-21-686678894-351749931-3012076338-1001
07/14/2009 01:08 AM <JUNCTION> $R10SAZG [C:\Users\Public\Videos]
08/15/2011 12:34 AM <JUNCTION> $R9WLLK4 [C:\Users\Georgette\Music]
07/14/2009 01:08 AM <JUNCTION> $RF7XEW2 [C:\Users\Public\Music]
07/14/2009 01:08 AM <JUNCTION> $RO55JTD [C:\Users\Public\Pictures]
08/15/2011 12:34 AM <JUNCTION> $RQY6QNV [C:\Users\Georgette\Videos]
08/15/2011 12:34 AM <JUNCTION> $RTHHD63 [C:\Users\Georgette\Pictures]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 01:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 01:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 01:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 01:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 01:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 01:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 01:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 01:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 01:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Georgette
08/15/2011 12:34 AM <JUNCTION> Application Data [C:\Users\Georgette\AppData\Roaming]
08/15/2011 12:34 AM <JUNCTION> Cookies [C:\Users\Georgette\AppData\Roaming\Microsoft\Windows\Cookies]
08/15/2011 12:34 AM <JUNCTION> Local Settings [C:\Users\Georgette\AppData\Local]
08/15/2011 12:34 AM <JUNCTION> My Documents [C:\Users\Georgette\Documents]
08/15/2011 12:34 AM <JUNCTION> NetHood [C:\Users\Georgette\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/15/2011 12:34 AM <JUNCTION> PrintHood [C:\Users\Georgette\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/15/2011 12:34 AM <JUNCTION> Recent [C:\Users\Georgette\AppData\Roaming\Microsoft\Windows\Recent]
08/15/2011 12:34 AM <JUNCTION> SendTo [C:\Users\Georgette\AppData\Roaming\Microsoft\Windows\SendTo]
08/15/2011 12:34 AM <JUNCTION> Start Menu [C:\Users\Georgette\AppData\Roaming\Microsoft\Windows\Start Menu]
08/15/2011 12:34 AM <JUNCTION> Templates [C:\Users\Georgette\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Georgette\AppData\Local
08/15/2011 12:34 AM <JUNCTION> Application Data [C:\Users\Georgette\AppData\Local]
08/15/2011 12:34 AM <JUNCTION> History [C:\Users\Georgette\AppData\Local\Microsoft\Windows\History]
08/15/2011 12:34 AM <JUNCTION> Temporary Internet Files [C:\Users\Georgette\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
03/28/2014 03:13 PM <JUNCTION> Application Data [C:\windows\system32\config\systemprofile\AppData\Roaming]
03/28/2014 03:13 PM <JUNCTION> Cookies [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
03/28/2014 03:13 PM <JUNCTION> Local Settings [C:\windows\system32\config\systemprofile\AppData\Local]
03/28/2014 03:13 PM <JUNCTION> My Documents [C:\windows\system32\config\systemprofile\Documents]
03/28/2014 03:13 PM <JUNCTION> NetHood [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/28/2014 03:13 PM <JUNCTION> PrintHood [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/28/2014 03:13 PM <JUNCTION> Recent [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
03/28/2014 03:13 PM <JUNCTION> SendTo [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
03/28/2014 03:13 PM <JUNCTION> Start Menu [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
03/28/2014 03:13 PM <JUNCTION> Templates [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
03/28/2014 03:13 PM <JUNCTION> Application Data [C:\windows\system32\config\systemprofile\AppData\Local]
03/28/2014 03:13 PM <JUNCTION> History [C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
03/28/2014 03:13 PM <JUNCTION> Temporary Internet Files [C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
03/28/2014 03:13 PM <JUNCTION> My Music [C:\windows\system32\config\systemprofile\Music]
03/28/2014 03:13 PM <JUNCTION> My Pictures [C:\windows\system32\config\systemprofile\Pictures]
03/28/2014 03:13 PM <JUNCTION> My Videos [C:\windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile
03/28/2014 03:13 PM <JUNCTION> Application Data [C:\windows\system32\config\systemprofile\AppData\Roaming]
03/28/2014 03:13 PM <JUNCTION> Cookies [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
03/28/2014 03:13 PM <JUNCTION> Local Settings [C:\windows\system32\config\systemprofile\AppData\Local]
03/28/2014 03:13 PM <JUNCTION> My Documents [C:\windows\system32\config\systemprofile\Documents]
03/28/2014 03:13 PM <JUNCTION> NetHood [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/28/2014 03:13 PM <JUNCTION> PrintHood [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/28/2014 03:13 PM <JUNCTION> Recent [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
03/28/2014 03:13 PM <JUNCTION> SendTo [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
03/28/2014 03:13 PM <JUNCTION> Start Menu [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
03/28/2014 03:13 PM <JUNCTION> Templates [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
03/28/2014 03:13 PM <JUNCTION> Application Data [C:\windows\system32\config\systemprofile\AppData\Local]
03/28/2014 03:13 PM <JUNCTION> History [C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
03/28/2014 03:13 PM <JUNCTION> Temporary Internet Files [C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
03/28/2014 03:13 PM <JUNCTION> My Music [C:\windows\system32\config\systemprofile\Music]
03/28/2014 03:13 PM <JUNCTION> My Pictures [C:\windows\system32\config\systemprofile\Pictures]
03/28/2014 03:13 PM <JUNCTION> My Videos [C:\windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
82 Dir(s) 401,939,247,104 bytes free
< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\pebuilder3110a\BartPE\I386\EXPLORER.EXE
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2004/08/09 14:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\SERVICES.EXE
< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\windows\SysNative\en-US\services.exe.mui
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
< MD5 for: SERVICES.HTML >
[2005/06/15 11:40:38 | 000,004,298 | ---- | M] () MD5=41E463AD8C2DAE5D11EDA05976FD8C35 -- C:\Program Files (x86)\BillP Studios\WinPatrol\services.html
< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\SyncBack\SyncBack\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\Georgette\Documents\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
< MD5 for: SERVICES.MSC >
[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\services.msc
[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
< MD5 for: SERVICES.PWP >
[2003/03/12 14:48:04 | 000,051,712 | ---- | M] () MD5=68A4771200006EEEF252167640677999 -- C:\$Recycle.Bin\S-1-5-21-686678894-351749931-3012076338-1001\$R4T85GP\LEXAR MEDIA (O)\company\BCS\services.pwp
[2003/03/12 14:48:04 | 000,051,712 | ---- | M] () MD5=68A4771200006EEEF252167640677999 -- C:\SyncBack\SyncBack\Lexar Media File Backup\LEXAR MEDIA (O)\company\BCS\services.pwp
[2003/03/12 14:48:04 | 000,051,712 | ---- | M] () MD5=68A4771200006EEEF252167640677999 -- C:\Users\Georgette\Documents\Lexar Media File Backup\LEXAR MEDIA (O)\company\BCS\services.pwp
< MD5 for: SERVICES.RCD >
[2014/04/27 17:56:11 | 000,089,226 | ---- | M] () MD5=D1D8E34EDF204E4067BB4A73AB17EE87 -- C:\_Backup.RC\windows\Services.rcd
< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2004/08/09 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\SVCHOST.EXE
[2014/04/03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2004/08/09 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\USERINIT.EXE
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004/08/09 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\WINLOGON.EXE
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014/04/03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
========== Files - Unicode (All) ==========
[2014/04/25 11:58:36 | 000,000,612 | ---- | M] ()(C:\Users\Georgette\Desktop\???????????????????????????L) -- C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㐴㔱㘱⸵䵘L
[2014/04/25 11:58:36 | 000,000,612 | ---- | C] ()(C:\Users\Georgette\Desktop\???????????????????????????L) -- C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㐴㔱㘱⸵䵘L
[2014/04/25 11:42:38 | 000,000,321 | ---- | M] ()(C:\Users\Georgette\Desktop\???????????????????????????L??????S) -- C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㐴㔰㠵⸳䵘L兂瀮晤匠噁䅅S
[2014/04/25 11:42:38 | 000,000,321 | ---- | C] ()(C:\Users\Georgette\Desktop\???????????????????????????L??????S) -- C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㐴㔰㠵⸳䵘L兂瀮晤匠噁䅅S
[2014/04/25 11:06:04 | 000,000,293 | ---- | M] ()(C:\Users\Georgette\Desktop\???????????????????????????L???????S) -- C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㌴㌸㐶⸲䵘L慂獬瀮晤匠噁䅅S
[2014/04/25 11:06:04 | 000,000,293 | ---- | C] ()(C:\Users\Georgette\Desktop\???????????????????????????L???????S) -- C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㌴㌸㐶⸲䵘L慂獬瀮晤匠噁䅅S
< End of report >
2nd Log follows
OTL Extras logfile created on: 4/28/2014 11:46:29 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Georgette\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.85 Gb Total Physical Memory | 3.48 Gb Available Physical Memory | 59.48% Memory free
11.70 Gb Paging File | 9.12 Gb Available in Paging File | 77.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906.34 Gb Total Space | 374.44 Gb Free Space | 41.31% Space Free | Partition Type: NTFS
Drive F: | 206.62 Gb Total Space | 0.30 Gb Free Space | 0.15% Space Free | Partition Type: NTFS
Drive H: | 465.73 Gb Total Space | 290.41 Gb Free Space | 62.36% Space Free | Partition Type: NTFS
Computer Name: MOTHERSHIP | User Name: Georgette | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Key error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Key error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DB11E46-77C1-4772-8F23-DD22A83A6902}" = rport=137 | protocol=17 | dir=out | app=system |
"{0E9BF936-763B-4551-9788-5039B12B967E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{136144C4-D288-400C-9B4E-7E7F9BF5436A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{15A3667C-6A89-4698-AC4E-C7F088E20C48}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2022B15D-286F-41D9-B79A-2D5A46918028}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2934C9A8-F55A-43C3-85D2-0BECD58F5A0D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3714EF3B-58FB-461F-BA2B-00E7D48097C6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3A0D8C40-1B24-48B1-84D9-B3E0D5D015F0}" = lport=137 | protocol=17 | dir=in | app=system |
"{4135E808-7FFB-4D5B-BBF1-647E195987F1}" = rport=139 | protocol=6 | dir=out | app=system |
"{46822832-556C-4FEF-AEF0-EA216DEA714E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A76E8BB-3020-4FA3-A4D1-562C163EC529}" = rport=138 | protocol=17 | dir=out | app=system |
"{6B81F429-6CDC-4D44-A81F-E56EA9790E5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6CCC0024-476E-43CF-9CE3-41530439A5D5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6DABCBF5-6D0C-4FA8-94CF-D917CA7FEBBF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72932240-B2E7-4CA7-83A2-63606CCC76E4}" = lport=445 | protocol=6 | dir=in | app=system |
"{9A1D2606-4C12-499A-9842-DEDA71D5DD92}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A19879D9-1F7A-469E-9BE9-770791EC9A18}" = lport=139 | protocol=6 | dir=in | app=system |
"{A3A7E8D3-8D4D-466B-BAF1-88FF1197D38D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B8198A3C-2F8C-47E1-A1EB-88F191586ADC}" = lport=138 | protocol=17 | dir=in | app=system |
"{B90986B7-007E-4A70-894F-83B8CFCC556A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C5052A43-2FA8-4159-9CD6-08AEFCCE2E31}" = rport=445 | protocol=6 | dir=out | app=system |
"{C5C09A8C-6B48-4F25-B113-E3611318067F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{CF5CA86F-1C08-427B-BE69-316039D72C10}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CF9B6057-2AC7-45DB-ACCB-76B4E6964617}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F0D71F7F-A920-4269-AC92-0E155CD2A148}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0445D7C4-7DF4-4B55-9823-409D95248389}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{108DEE29-F051-4FBB-B392-69C2015788AF}" = protocol=58 | dir=out | [email protected],-28546 |
"{12B92D55-A713-4B50-BFA9-40D17EB0ECD3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2357646E-2F61-499D-9B8F-2B829BBC0ED8}" = protocol=1 | dir=in | [email protected],-28543 |
"{24C062BE-AA74-4FB7-8301-4A2EEB55331C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2AD0F84C-1783-4BA3-9BEF-BE7AF2FDDE4F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{34DB7DBB-EF30-47A0-AD03-E7E1AD173364}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3745B5C9-0DC0-4600-9709-82C25681992F}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpqkygrp.exe |
"{4E6247B5-0A0C-4C93-98F2-9F46EFC4ABF3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5ED61A6A-F95A-47F9-B606-9D344DE4E1AF}" = protocol=1 | dir=out | [email protected],-28544 |
"{6135D51C-8CE0-427B-8798-5AAAD3733A10}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7B059C22-C150-44C8-8B02-43F22B93BBF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C977D3B-44FB-4C79-B951-26BB5DC7AF74}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpfccopy.exe |
"{7D751F53-D990-427C-BED7-FB08CA2BEAD9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{852B0A09-CC8E-4924-8963-88B9C4123B99}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8AE757DD-985F-4DCF-AEFB-7CCBFF00D350}" = protocol=58 | dir=in | [email protected],-28545 |
"{97DA33E8-4070-4495-8C14-5A7D73458FB4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9A88E021-9FAB-46B0-9874-5A1668BC9D2A}" = protocol=6 | dir=out | app=system |
"{9C086E9C-4887-46F9-9A8F-5871DA59EF67}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9C44865C-7F4B-4022-A381-B85D26AE01C1}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpqscnvw.exe |
"{AEF06971-13EF-412D-A1C2-09395D5406A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B9ECA3BC-F616-4CFE-8F81-144E54C5581E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C910DB5D-A374-448B-8BDF-1FFAD396DD4D}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpiscnapp.exe |
"{CF8E24D7-6D08-4682-AEE2-79FEAC437DEE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E3A73DCD-306B-404D-BC34-04D1E50A3B6E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{FD20B777-0F5C-4D4B-B717-DE813A9A5BF2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7B604AC7-B496-473F-A17C-489398E38BEA}" = HP Scanjet 2400
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{84481A87-2316-4923-8FAB-3BA8CA29323D}" = WinPatrol
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"CutePDF Writer Installation" = CutePDF Writer 3.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"MouseSuite98" = Mouse Suite
"PROSet" = Intel® Network Connections Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact Pro
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{27187175-3B3E-47C8-B336-4334F0CBF444}" = StuffIt Deluxe 9.5
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2C52D6EB-EE7E-45C4-AFB8-1242164A4A44}" = C5500n - C5800Ldn Series GDI Driver from OKI® Printing Solutions for Windows
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30A4DD1D-FD55-4CE4-BA01-758E00BC0228}" = Greeting Card Factory Deluxe 8.0
"{32F9BACF-FCD3-4B6A-AD85-255A449B6FA5}" = Roxio BackOnTrack
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39D4FB9C-9CDE-4449-BD2B-6AD4D376CFDC}" = Art Explosion Publisher Pro 2.0
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E105E1-6E85-4828-8699-4B0227BB118F}" = hpg2410
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44510C84-AE2A-4079-A75B-D44E68D73B9A}" = CyberLink PhotoDirector 4
"{44C05309-60F4-410B-BC32-31733CFF1A49}" = Microsoft Digital Image Suite Anniversary Edition Editor
"{45970CD1-D599-47D4-938F-3E9800D54ED1}" = Lenovo Driver and Application Installation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB259}" = Microsoft Digital Image Suite Anniversary Edition Library
"{5183D7AB-D09B-411F-A74E-BBAEA61C6505}" = Lenovo Eye Distance System
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A615007-721D-4063-B226-EA41EB6604B9}" = SystemSuite 10 Professional
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6F7ECD56-E224-4263-9B7E-158E5CECC43B}" = HP Photo and Imaging 2.1 - Scanjet 2400 Series
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{803E6DED-5050-4E3D-B26A-5915397362CD}" = Lenovo Screensaver
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{816F9A97-9889-43DA-A394-7AA45DD68BA0}" = Power Dial
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-8796-100000000002}" = Adobe Acrobat 7.0 - Tryout Professional - English, Français, Deutsch
"{B1D89E54-08B1-4542-A69B-E634AEF10A40}" = Seagate Manager Installer
"{B20F9D1C-A0A5-4cd8-8306-DE95842311B1}" = LevelOne WUA-0605 Wireless LAN Driver
"{B266E062-D6C5-485B-B426-51B152B041A6}" = Lenovo Tinian Fn PS/2 Keyboard Driver
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9ED6D06-6002-495E-A7BC-46E6AE386996}" = Lenovo Dynamic Brightness System
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29CBF73-C211-4616-898A-379A2679F990}" = ThemeWallpaper
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 7.0 - Tryout Professional - English, Français, Deutsch" = Adobe Acrobat 7.0 - Tryout Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Canon MX870 series User Registration" = Canon MX870 series User Registration
"Desktop Calendar_is1" = Desktop Calendar
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact Pro
"InstallShield_{27187175-3B3E-47C8-B336-4334F0CBF444}" = StuffIt Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"InstallShield_{44510C84-AE2A-4079-A75B-D44E68D73B9A}" = CyberLink PhotoDirector 4
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"InstallShield_{B1D89E54-08B1-4542-A69B-E634AEF10A40}" = Seagate Manager Installer
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"MoffFreeCalc_is1" = Moffsoft FreeCalc
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"N360" = Norton 360
"NST" = Norton Identity Safe
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PE Builder_is1" = PE Builder 3.1.10a
"PictureItSuite_v12" = Microsoft Digital Image Suite Anniversary Edition
"QuoteTracker_is1" = QuoteTracker
"Rapport_msi" = Trusteer Endpoint Protection
"Revo Uninstaller" = Revo Uninstaller 1.95
"SeaTools for Windows" = SeaTools for Windows
"SyncBackFree_is1" = SyncBackFree
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 4/16/2014 10:05:16 AM | Computer Name = Mothership | Source = WinMgmt | ID = 10
Description =
Error - 4/16/2014 10:10:27 AM | Computer Name = Mothership | Source = WinMgmt | ID = 10
Description =
Error - 4/16/2014 1:44:39 PM | Computer Name = Mothership | Source = WinMgmt | ID = 10
Description =
Error - 4/16/2014 1:46:04 PM | Computer Name = Mothership | Source = MsiInstaller | ID = 11921
Description =
Error - 4/17/2014 9:17:27 AM | Computer Name = Mothership | Source = WinMgmt | ID = 10
Description =
Error - 4/17/2014 2:13:53 PM | Computer Name = Mothership | Source = Application Error | ID = 1000
Description = Faulting application name: hpqkygrp.EXE, version: 13.0.0.131, time
stamp: 0x4a0c07e4 Faulting module name: hpgt2436.dll, version: 6.0.0.0, time stamp:
0x45addbb2 Exception code: 0xc0000005 Fault offset: 0x00003a63 Faulting process id:
0xe7c Faulting application start time: 0x01cf5a68c716589a Faulting application path:
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.EXE Faulting
module path: C:\Program Files (x86)\Common Files\Hewlett-Packard\Scanjet\DriverStore\hpgt2436.dll
Report
Id: 083f178f-c65c-11e3-a362-1078d2fc93c1
Error - 4/17/2014 2:15:04 PM | Computer Name = Mothership | Source = Application Error | ID = 1000
Description = Faulting application name: hpqkygrp.EXE, version: 13.0.0.131, time
stamp: 0x4a0c07e4 Faulting module name: hpgt2436.dll, version: 6.0.0.0, time stamp:
0x45addbb2 Exception code: 0xc0000005 Fault offset: 0x00003a63 Faulting process id:
0x1884 Faulting application start time: 0x01cf5a68f184ee79 Faulting application path:
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.EXE Faulting
module path: C:\Program Files (x86)\Common Files\Hewlett-Packard\Scanjet\DriverStore\hpgt2436.dll
Report
Id: 32500d8a-c65c-11e3-a362-1078d2fc93c1
Error - 4/17/2014 2:19:37 PM | Computer Name = Mothership | Source = Application Error | ID = 1000
Description = Faulting application name: hpqkygrp.EXE, version: 13.0.0.131, time
stamp: 0x4a0c07e4 Faulting module name: hpgt2436.dll, version: 6.0.0.0, time stamp:
0x45addbb2 Exception code: 0xc0000005 Fault offset: 0x00003a63 Faulting process id:
0x15c0 Faulting application start time: 0x01cf5a69935d6c72 Faulting application path:
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.EXE Faulting
module path: C:\Program Files (x86)\Common Files\Hewlett-Packard\Scanjet\DriverStore\hpgt2436.dll
Report
Id: d53dae06-c65c-11e3-a362-1078d2fc93c1
Error - 4/17/2014 2:19:42 PM | Computer Name = Mothership | Source = Application Error | ID = 1000
Description = Faulting application name: hpqkygrp.EXE, version: 13.0.0.131, time
stamp: 0x4a0c07e4 Faulting module name: hpgt2436.dll, version: 6.0.0.0, time stamp:
0x45addbb2 Exception code: 0xc0000005 Fault offset: 0x00003a63 Faulting process id:
0x1710 Faulting application start time: 0x01cf5a69974686fe Faulting application path:
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.EXE Faulting
module path: C:\Program Files (x86)\Common Files\Hewlett-Packard\Scanjet\DriverStore\hpgt2436.dll
Report
Id: d8116b75-c65c-11e3-a362-1078d2fc93c1
Error - 4/21/2014 8:59:46 AM | Computer Name = Mothership | Source = Application Error | ID = 1000
Description = Faulting application name: ccSvcHst.exe, version: 11.2.3.6, time stamp:
0x4fdbcf1d Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp:
0x521ea8e7 Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process id:
0x6d0 Faulting application start time: 0x01cf5a3f2ca35be8 Faulting application path:
C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe Faulting module path:
C:\windows\SysWOW64\ntdll.dll Report Id: d018cb29-c954-11e3-a362-1078d2fc93c1
[ System Events ]
Error - 4/25/2014 3:41:42 PM | Computer Name = Mothership | Source = bowser | ID = 8003
Description =
Error - 4/25/2014 3:45:06 PM | Computer Name = Mothership | Source = bowser | ID = 8003
Description =
Error - 4/25/2014 4:13:05 PM | Computer Name = Mothership | Source = bowser | ID = 8003
Description =
Error - 4/25/2014 4:25:09 PM | Computer Name = Mothership | Source = bowser | ID = 8003
Description =
Error - 4/25/2014 4:45:39 PM | Computer Name = Mothership | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.
Error - 4/25/2014 4:54:17 PM | Computer Name = Mothership | Source = bowser | ID = 8003
Description =
Error - 4/25/2014 5:06:52 PM | Computer Name = Mothership | Source = bowser | ID = 8003
Description =
Error - 4/25/2014 9:23:38 PM | Computer Name = Mothership | Source = Service Control Manager | ID = 7016
Description = The LitModeCtrl service has reported an invalid current state 32.
Error - 4/25/2014 9:24:21 PM | Computer Name = Mothership | Source = Service Control Manager | ID = 7016
Description = The LitModeCtrl service has reported an invalid current state 32.
Error - 4/25/2014 9:24:23 PM | Computer Name = Mothership | Source = Service Control Manager | ID = 7016
Description = The LitModeCtrl service has reported an invalid current state 32.
< End of report >
Security Check Log
Results of screen317's Security Check version 0.99.82
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avanquest SystemSuite
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 51
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 13.0.0.182
Mozilla Firefox (28.0)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
WinPatrol winpatrol.exe
Common Files AntiVirus SBAMSvc.exe
WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
Thank you for your time,
mammothcabin
:Commands
[createrestorepoint]
:OTL
[2014/04/25 11:58:36 | 000,000,612 | ---- | M] ()(C:\Users\Georgette\Desktop\???????????????????????????L) -- C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㐴㔱㘱⸵䵘L
[2014/04/25 11:58:36 | 000,000,612 | ---- | C] ()(C:\Users\Georgette\Desktop\???????????????????????????L) -- C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㐴㔱㘱⸵䵘L
[2014/04/25 11:42:38 | 000,000,321 | ---- | M] ()(C:\Users\Georgette\Desktop\???????????????????????????L??????S) -- C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㐴㔰㠵⸳䵘L兂瀮晤匠噁䅅S
[2014/04/25 11:42:38 | 000,000,321 | ---- | C] ()(C:\Users\Georgette\Desktop\???????????????????????????L??????S) -- C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㐴㔰㠵⸳䵘L兂瀮晤匠噁䅅S
[2014/04/25 11:06:04 | 000,000,293 | ---- | M] ()(C:\Users\Georgette\Desktop\???????????????????????????L???????S) -- C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㌴㌸㐶⸲䵘L慂獬瀮晤匠噁䅅S
[2014/04/25 11:06:04 | 000,000,293 | ---- | C] ()(C:\Users\Georgette\Desktop\???????????????????????????L???????S) -- C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㌴㌸㐶⸲䵘L慂獬瀮晤匠噁䅅S
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O4 - HKLM..\Run: [] File not found
O3 - HKLM\..\Toolbar: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\Avanquest\SystemSuite\avgssie.dll ()
:Files
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4
:Commands
[emptytemp]
Hello Valinorum,
Logs follow:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㐴㔱㘱⸵䵘L moved successfully.
File C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㐴㔱㘱⸵䵘L not found.
C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㐴㔰㠵⸳䵘L兂瀮晤匠噁䅅S moved successfully.
File C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㐴㔰㠵⸳䵘L兂瀮晤匠噁䅅S not found.
C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㌴㌸㐶⸲䵘L慂獬瀮晤匠噁䅅S moved successfully.
File C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㌴㌸㐶⸲䵘L慂獬瀮晤匠噁䅅S not found.
C:\windows\assembly\Desktop.ini moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
C:\Program Files (x86)\Avanquest\SystemSuite\avgssie.dll moved successfully.
========== FILES ==========
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Installing folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Installed folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\Z\ZAPF folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\Z folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\W\WEDDING folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\W\Wacky Action folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\W folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\V\VENETIAN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\V folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\U\UNIVERSI folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\U\Undercurrent folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\U folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\T\Troutkings folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\T\Tropical Script folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\T\THUNDERB folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\T\TANGO folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\T folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\S\SYMBOL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\S\Super Delicious folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\S\STENCIL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\S\SPROCKET folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\S\SNOW_CAP folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\S\Sneakerhead folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\S\Smarty Pants folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\S\SERIFA folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\S\SCRIPT folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\S\Salsa Mangos folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\S folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\R\ROUNDHAN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\R\Roller World folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\R\REVIVAL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\R folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\P\Princess folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\P\PLAYBILL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\P\PIRANESI folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\P\PARKAVEN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\P\PARISIAN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\P folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\O\OZ folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\O\Oyster Bar folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\O\ORATOR folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\O\ONYX folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\O\OLDDREAD folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\O\OCR folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\O folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\N\NEWS folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\N folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\M\MONOSPAC folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\M\MATT folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\M\Mandingo folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\M folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\L\LUCIA folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\L\LATIN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\L folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\K\KIS folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\K\KAUFMANN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\K folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\I\INFORMAL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\I\IMPERIAL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\I folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\H\HUXLEY folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\H\Holiday Springs folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\H\HOBO folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\H\Hawaiian Aloha folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\H folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\G\Grilled Cheese folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\G folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\F\FRAKTUR folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\F\FORMAL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\F\Fluffy Slacks folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\F folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\E\EXOTIC folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\E\ENGLISH folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\E\EMPIRE folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\E\EMBASSY folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\E\EGYPTIAN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\E folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\D\Dragline folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\D\DOM folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\D\DE_VINNE folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\D\DECORATE folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\D folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\C\Crazy Girlz folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\C\COPPERPL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\C\COMMERCI folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\C\ColdSpaghetti folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\C\Cheddar Salad folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\C\Candy Buzz folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\C\CANDIDA folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\C\CALLIGRA folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\C folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\B\Bleedblob folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\B\BLACKLET folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\B\Big Chump folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\B\BERNHARD folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\B\BARNUM-P folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\B\BAKERSIG folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\B folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\A\AMERICAN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\A\AACHEN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\A folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Salicylates list_files folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\Z\ZAPF folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\Z folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\W\WEDDING folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\W\Wacky Action folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\W folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\V\VENETIAN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\V folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\U\UNIVERSI folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\U\Undercurrent folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\U folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\T\Troutkings folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\T\Tropical Script folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\T\THUNDERB folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\T\TANGO folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\T folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\S\SYMBOL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\S\Super Delicious folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\S\STENCIL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\S\SPROCKET folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\S\SNOW_CAP folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\S\Sneakerhead folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\S\Smarty Pants folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\S\SERIFA folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\S\SCRIPT folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\S\Salsa Mangos folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\S folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\R\ROUNDHAN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\R\Roller World folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\R\REVIVAL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\R folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\P\Princess folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\P\PLAYBILL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\P\PIRANESI folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\P\PARKAVEN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\P\PARISIAN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\P folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\O\OZ folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\O\Oyster Bar folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\O\ORATOR folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\O\ONYX folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\O\OLDDREAD folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\O\OCR folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\O folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\N\NEWS folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\N folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\M\MONOSPAC folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\M\MATT folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\M\Mandingo folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\M folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\L\LUCIA folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\L\LATIN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\L folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\K\KIS folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\K\KAUFMANN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\K folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\I\INFORMAL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\I\IMPERIAL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\I folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\H\HUXLEY folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\H\Holiday Springs folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\H\HOBO folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\H\Hawaiian Aloha folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\H folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\G\Grilled Cheese folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\G folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\F\FRAKTUR folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\F\FORMAL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\F\Fluffy Slacks folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\F folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\E\EXOTIC folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\E\ENGLISH folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\E\EMPIRE folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\E\EMBASSY folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\E\EGYPTIAN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\E folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\D\Dragline folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\D\DOM folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\D\DE_VINNE folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\D\DECORATE folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\D folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\C\Crazy Girlz folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\C\COPPERPL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\C\COMMERCI folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\C\ColdSpaghetti folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\C\Cheddar Salad folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\C\Candy Buzz folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\C\CANDIDA folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\C\CALLIGRA folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\C folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\B\Bleedblob folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\B\BLACKLET folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\B\Big Chump folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\B\BERNHARD folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\B\BARNUM-P folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\B\BAKERSIG folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\B folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\A\AMERICAN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\A\AACHEN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\A folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4 folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Georgette
->Temp folder emptied: 14801875 bytes
->Temporary Internet Files folder emptied: 18311530 bytes
->Java cache emptied: 1163877 bytes
->FireFox cache emptied: 41002404 bytes
->Flash cache emptied: 21449 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1508968 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50528 bytes
RecycleBin emptied: 34674718134 bytes
Total Files Cleaned = 33,142.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04292014_105405
Files\Folders moved on Reboot...
File\Folder C:\Users\Georgette\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
C:\Users\Georgette\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
# AdwCleaner v3.205 - Report created 29/04/2014 at 13:59:06
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Georgette - MOTHERSHIP
# Running from : C:\Users\Georgette\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Georgette\Documents\Inbox
File Deleted : C:\Users\Georgette\AppData\Roaming\Mozilla\Firefox\Profiles\qqbrwb2d.default\searchplugins\safesearch.xml
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Uniblue
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v28.0 (en-US)
[ File : C:\Users\Georgette\AppData\Roaming\Mozilla\Firefox\Profiles\qqbrwb2d.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [1558 octets] - [29/04/2014 11:11:14]
AdwCleaner[S0].txt - [1454 octets] - [29/04/2014 13:59:06]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1514 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Georgette on Tue 04/29/2014 at 17:56:05.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{07263600-C9D7-4BF3-91EC-5BACBA19590C}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{088DD8EF-F965-4199-A393-54168A3AFF86}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{16BBAEC8-F56B-4EE8-A345-6E88D136238C}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{203AFBB0-A5D4-4CAC-82EE-7DC0F236281A}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{229C837F-B1D4-4E16-963D-7EEA09127567}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{2522ADC1-5E37-4C78-8B95-7078683658A6}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{27693C51-8778-4F5A-BAA5-6731CCBB6EBD}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{288E6EE6-3C7A-4518-9A75-96157D5BB0F7}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{2E084825-4CA5-4566-8F73-31C08E4A9223}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{2E6729DD-6C82-4E00-9B1B-021196AB1E01}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{304A7593-040F-4B46-A4F2-968722F4BA2B}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{30C96390-5B3D-4074-A233-AE1FA085BB26}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{316BD288-0F38-4686-BEE2-E1EB4F50608F}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{3274F6FE-1D4D-44E5-B309-D17FA722E715}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{34089BDB-E782-465E-8A67-F33CB91587F5}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{4138C80C-35D5-43EC-9C37-D4F3886A4B06}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{421445A9-F5D9-4375-879C-C229B9735F93}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{478AA8EF-84E3-4A60-88C6-5E086E006ECE}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{484FF655-6591-407D-8D07-4A429D4D8915}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{4898B2FE-0992-40D3-AAA8-AA6666FE23A5}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{4A002893-7FD8-4C91-A961-1874AAA7FB0D}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{4DCDA5E1-868D-4EAE-8C39-98A0A4A6BEF5}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{504A68B3-5365-4D28-838B-C2B8F7854E24}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{5C7E85EA-EA05-4DBF-BB56-9411502AF0A1}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{6CDE326C-EDE5-4A8F-9A82-116782DFF6A9}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{74EFF928-66A7-4991-9205-00DE2568AA81}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{79077AA2-5B30-458B-ACFF-DA945CD573D2}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{7E09B011-12D4-454F-B37A-0B59FA2D6F3C}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{886D8C41-2590-4E77-A3E6-9F214CF60914}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{8BF0314B-B4A0-47BA-9FC2-351EAF0CFDB0}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{8C0AB1C6-0983-41AE-87E9-40222621C6E4}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{8CEF6EF1-363B-410F-A74F-7F0DE832085C}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{8E6DA6E5-D833-40AE-B7A5-969EA8DCA7DE}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{91F4E072-4258-4D4D-8E04-07590A0AFA87}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{9BE35F57-7252-4700-9F3A-5F6B20974515}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{9C70665B-E78B-4534-B282-F1ED480A2436}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{A4F8BA32-20C4-484A-A836-CF03E0EA4240}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{A9A96EEB-D7A2-423B-ADB5-BEE0CBF1C88F}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{AD5C133B-D38B-4923-8399-BEC8F84CCFD8}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{BE53089D-7EFA-40A8-86E5-D4479553C133}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{C0A3B3B9-4B6D-4775-8CED-0F4FEDA28E70}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{C657D671-4EDA-4E8D-B2AE-264EAB79CF3A}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{CB8A4E3A-002B-48AA-ACB2-F647E58A57A2}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{CC6BBA8C-7C55-4D42-8B31-6D03AE04EA79}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{E2F9CC61-5EFF-41DA-9295-333246837039}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{E5031BA2-7A1C-4AB7-8443-EC6391466ACE}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{E6241601-C1D9-45C4-AF82-232683B1751B}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{F46963A0-D5A2-42A1-888D-B2009C59122D}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{F58C2649-DE0B-4492-93C0-5B59C8195611}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{F8D3087D-64E0-46BC-8EFF-733E474EDC7E}
~~~ FireFox
Emptied folder: C:\Users\Georgette\AppData\Roaming\mozilla\firefox\profiles\qqbrwb2d.default\minidumps [12 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/29/2014 at 18:03:35.55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thank you,
mammothcabin
It seems to be running okay, but other than the files appearing on my desktop I had not noticed any other problems. The files have not reappeared so I hope that means you got the malware. I really appreciate your help - I have never had something slip through the protection I had so had no idea what I needed to do. Do you recommend a specific vendor for internet security or is Norton okay?
Thank you so much,
Georgette
Hi Valinorum,
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/1/2014
Scan Time: 5:58:26 PM
Logfile: Malwarebytes Anti-Malware.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.01.12
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Georgette
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 262504
Time Elapsed: 10 min, 34 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=aa5f0c4adb30794b90f510aceee9e59d
# engine=18105
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-02 11:48:04
# local_time=2014-05-02 07:48:04 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3592 16777213 100 88 0 149607380 0 0
# compatibility_mode=5893 16776574 100 94 2078996 150574734 0 0
# scanned=1100013
# found=120
# cleaned=0
# scan_time=47711
sh=0020D4D2672AA9DB228E21795CD8D4976F367AD2 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.A potentially unwanted application" ac=I fn="C:\SyncBack\SyncBack\Backup\FileFort Backups\backup2011-04-15-1.bkz"
sh=4E8E690AC2FD3437C4AFC3B597D4CFCB037F20EA ft=1 fh=c38361e73e1b875e vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="C:\SyncBack\SyncBack\Downloads\7zip_installer_d162802 (1).exe"
sh=4E8E690AC2FD3437C4AFC3B597D4CFCB037F20EA ft=1 fh=c38361e73e1b875e vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="C:\SyncBack\SyncBack\Downloads\7zip_installer_d162802.exe"
sh=91EC186153FB33A4562204E4BE5631168C2BA206 ft=1 fh=eb969c333e6297d9 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\CuteWriter.exe"
sh=3C23D804B48678E3DE8337251A47AFE5B71D9BEF ft=1 fh=737130934ee7cf9c vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Dogpile.exe"
sh=8CBBB6B822A0217900F9AE7B14ECD23B19A37D73 ft=1 fh=f95d20c5fa5ec6ba vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\DPSetup.exe"
sh=107C5841249C0AD2EF50F5CA4DC6331B37497836 ft=1 fh=b7e28e7ff55299a0 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\rcsetup150.exe"
sh=695659596F4E2D37B5B3DE9A1A93F62C741E0FF2 ft=1 fh=929393d75e565337 vn="Win32/Toolbar.Conduit.S potentially unwanted application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Safari_Downloader.exe"
sh=D2682734FD1629CD29C148F66CD02C389E9556C9 ft=1 fh=15e5cab1edfd10d0 vn="a variant of Win32/AdWare.iBryte.Q application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Updater_Setup.exe"
sh=3C0B19925E2BD13AF6899E7E6A09B0CEB42A2CFA ft=1 fh=90d4ce8f86f9ad24 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Adobe\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\keygen.exe"
sh=D572444D3413FA4A21C60953421811D4FBADE9BC ft=1 fh=c1abb4c78b02907a vn="a variant of Win32/Keygen.CW potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Adobe\Adobe_Photosho (E)\keygen.exe"
sh=3C0B19925E2BD13AF6899E7E6A09B0CEB42A2CFA ft=1 fh=90d4ce8f86f9ad24 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\keygen.exe"
sh=08ABB0E27AA96B6E769605CFDB4C5F7977437D8C ft=1 fh=978c084eb0ff52b9 vn="a variant of Win32/Adware.ErrorRepairPro application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Alarms\erpsetup.exe"
sh=52F601DD7F4D4BD2AD47B6D80F0F84D9AB1317E2 ft=1 fh=60b7ec966425331c vn="a variant of Win32/Adware.ErrorRepairPro application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Alarms\jjreminder.exe"
sh=85D09393DA44107010279D3FE5C60460A9BDBEC0 ft=1 fh=4ac32d246a698927 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Backup\Windows 7 Versions\ffortsetup.exe"
sh=91EC186153FB33A4562204E4BE5631168C2BA206 ft=1 fh=eb969c333e6297d9 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\CutePDF\CuteWriter.exe"
sh=F3F9A2FCC53D1F555A0E5920A54214A1068AA6C9 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE.zip"
sh=0412AD87548CAEBD51A5F8A958BF7AF9951B5328 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen.rar"
sh=3C0B19925E2BD13AF6899E7E6A09B0CEB42A2CFA ft=1 fh=90d4ce8f86f9ad24 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen\keygen.exe"
sh=3C0B19925E2BD13AF6899E7E6A09B0CEB42A2CFA ft=1 fh=90d4ce8f86f9ad24 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\keygen.exe"
sh=C43593FDE66DDC46D492C55803608A4929A1D86E ft=1 fh=04fcfc269e3de2ea vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\File Recovery\rcsetup141.exe"
sh=44CDB5E61680A78D679DDC8F5E09FBCAD2671A99 ft=1 fh=a6f47056357cbbaa vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\PDF Converter\FoxitReader513.1201_enu_Setup.exe"
sh=44CDB5E61680A78D679DDC8F5E09FBCAD2671A99 ft=1 fh=a6f47056357cbbaa vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\PDF Converter\Phantom PDF Express.exe"
sh=4ADF9AE54F0E0B940ADCF70FF7E91AA3EA85F891 ft=1 fh=124855afca213dc3 vn="Win32/PrcView potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Spybot\SmitfraudFix.exe"
sh=ECAF2A056C1C346D0E4905C4E5894F222B4231AF ft=1 fh=506c14b1c4a55a4f vn="a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Unlocker\Unlocker1.9.1.exe"
sh=2D97A9EEA85476C564C7E8108085A632F7799077 ft=1 fh=b135027aa12705c2 vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="C:\SyncBack\SyncBack\Duplicates\Duplicates master file\Local Settings\Temp\ICD1.tmp\Toolbar_cobrand.EXE"
sh=2D97A9EEA85476C564C7E8108085A632F7799077 ft=1 fh=b135027aa12705c2 vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="C:\SyncBack\SyncBack\Local Settings\Temp\ICD1.tmp\Toolbar_cobrand.EXE"
sh=3C23D804B48678E3DE8337251A47AFE5B71D9BEF ft=1 fh=737130934ee7cf9c vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="C:\SyncBack\SyncBack\NEW LAPTOP2\Downloads\tbar.exe"
sh=3C23D804B48678E3DE8337251A47AFE5B71D9BEF ft=1 fh=737130934ee7cf9c vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="C:\SyncBack\SyncBack\NEW LAPTOP2\Kingston files\KINGSTON (E)\Downloads\tbar.exe"
sh=1E3FF58866D59D4658FE8ED7DCA3E9B73F86BD83 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z"
sh=D6356361CB5D33E62695230274A8C219D18884A5 ft=1 fh=758f4dd0748812c4 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll"
sh=9649EF58972F7D972A679B1E46563CDD79A91B79 ft=1 fh=ab34756841b05d74 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\SyncBack\SyncBack\Windows 8\classicshell-setup.exe"
sh=0020D4D2672AA9DB228E21795CD8D4976F367AD2 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.A potentially unwanted application" ac=I fn="C:\Users\Georgette\Documents\Backup\FileFort Backups\backup2011-04-15-1.bkz"
sh=91EC186153FB33A4562204E4BE5631168C2BA206 ft=1 fh=eb969c333e6297d9 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\CuteWriter.exe"
sh=3C23D804B48678E3DE8337251A47AFE5B71D9BEF ft=1 fh=737130934ee7cf9c vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="C:\Users\Georgette\Documents\Downloads\Dogpile.exe"
sh=8CBBB6B822A0217900F9AE7B14ECD23B19A37D73 ft=1 fh=f95d20c5fa5ec6ba vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\DPSetup.exe"
sh=107C5841249C0AD2EF50F5CA4DC6331B37497836 ft=1 fh=b7e28e7ff55299a0 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\rcsetup150.exe"
sh=695659596F4E2D37B5B3DE9A1A93F62C741E0FF2 ft=1 fh=929393d75e565337 vn="Win32/Toolbar.Conduit.S potentially unwanted application" ac=I fn="C:\Users\Georgette\Documents\Downloads\Safari_Downloader.exe"
sh=3C0B19925E2BD13AF6899E7E6A09B0CEB42A2CFA ft=1 fh=90d4ce8f86f9ad24 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\Adobe\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\keygen.exe"
sh=D572444D3413FA4A21C60953421811D4FBADE9BC ft=1 fh=c1abb4c78b02907a vn="a variant of Win32/Keygen.CW potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\Adobe\Adobe_Photosho (E)\keygen.exe"
sh=3C0B19925E2BD13AF6899E7E6A09B0CEB42A2CFA ft=1 fh=90d4ce8f86f9ad24 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\keygen.exe"
sh=08ABB0E27AA96B6E769605CFDB4C5F7977437D8C ft=1 fh=978c084eb0ff52b9 vn="a variant of Win32/Adware.ErrorRepairPro application" ac=I fn="C:\Users\Georgette\Documents\Downloads\Alarms\erpsetup.exe"
sh=52F601DD7F4D4BD2AD47B6D80F0F84D9AB1317E2 ft=1 fh=60b7ec966425331c vn="a variant of Win32/Adware.ErrorRepairPro application" ac=I fn="C:\Users\Georgette\Documents\Downloads\Alarms\jjreminder.exe"
sh=85D09393DA44107010279D3FE5C60460A9BDBEC0 ft=1 fh=4ac32d246a698927 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\Users\Georgette\Documents\Downloads\Backup\Windows 7 Versions\ffortsetup.exe"
sh=91EC186153FB33A4562204E4BE5631168C2BA206 ft=1 fh=eb969c333e6297d9 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\CutePDF\CuteWriter.exe"
sh=F3F9A2FCC53D1F555A0E5920A54214A1068AA6C9 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE.zip"
sh=0412AD87548CAEBD51A5F8A958BF7AF9951B5328 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen.rar"
sh=3C0B19925E2BD13AF6899E7E6A09B0CEB42A2CFA ft=1 fh=90d4ce8f86f9ad24 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen\keygen.exe"
sh=3C0B19925E2BD13AF6899E7E6A09B0CEB42A2CFA ft=1 fh=90d4ce8f86f9ad24 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\keygen.exe"
sh=C43593FDE66DDC46D492C55803608A4929A1D86E ft=1 fh=04fcfc269e3de2ea vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\File Recovery\rcsetup141.exe"
sh=44CDB5E61680A78D679DDC8F5E09FBCAD2671A99 ft=1 fh=a6f47056357cbbaa vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\PDF Converter\FoxitReader513.1201_enu_Setup.exe"
sh=44CDB5E61680A78D679DDC8F5E09FBCAD2671A99 ft=1 fh=a6f47056357cbbaa vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\PDF Converter\Phantom PDF Express.exe"
sh=23B050563A81A1C57DABA7805B1E3E6B4C874F2B ft=1 fh=b4fe666c57930953 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Georgette\Documents\Downloads\QuoteTracker\cbsidlm-cbsi183-QuoteTracker-BP-10046178.exe"
sh=4ADF9AE54F0E0B940ADCF70FF7E91AA3EA85F891 ft=1 fh=124855afca213dc3 vn="Win32/PrcView potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\Spybot\SmitfraudFix.exe"
sh=ECAF2A056C1C346D0E4905C4E5894F222B4231AF ft=1 fh=506c14b1c4a55a4f vn="a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="C:\Users\Georgette\Documents\Downloads\Unlocker\Unlocker1.9.1.exe"
sh=2D97A9EEA85476C564C7E8108085A632F7799077 ft=1 fh=b135027aa12705c2 vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="C:\Users\Georgette\Documents\Duplicates\Duplicates master file\Local Settings\Temp\ICD1.tmp\Toolbar_cobrand.EXE"
sh=2D97A9EEA85476C564C7E8108085A632F7799077 ft=1 fh=b135027aa12705c2 vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="C:\Users\Georgette\Documents\Local Settings\Temp\ICD1.tmp\Toolbar_cobrand.EXE"
sh=3C23D804B48678E3DE8337251A47AFE5B71D9BEF ft=1 fh=737130934ee7cf9c vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="C:\Users\Georgette\Documents\NEW LAPTOP2\Downloads\tbar.exe"
sh=3C23D804B48678E3DE8337251A47AFE5B71D9BEF ft=1 fh=737130934ee7cf9c vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="C:\Users\Georgette\Documents\NEW LAPTOP2\Kingston files\KINGSTON (E)\Downloads\tbar.exe"
sh=1E3FF58866D59D4658FE8ED7DCA3E9B73F86BD83 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z"
sh=D6356361CB5D33E62695230274A8C219D18884A5 ft=1 fh=758f4dd0748812c4 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll"
sh=9649EF58972F7D972A679B1E46563CDD79A91B79 ft=1 fh=ab34756841b05d74 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\Georgette\Documents\Windows 8\classicshell-setup.exe"
sh=23B050563A81A1C57DABA7805B1E3E6B4C874F2B ft=1 fh=b4fe666c57930953 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Georgette\Downloads\cbsidlm-cbsi183-QuoteTracker-BP-10046178.exe"
sh=3A5AADF9C98DC459914D5CF4D3E9D9029BB5472D ft=1 fh=898f8c7a865511cc vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Georgette\Downloads\CuteWriter.exe"
sh=AB339A71F828BB3C2F8A267543CFB2F8BBE33781 ft=1 fh=c71c00114fbbac42 vn="a variant of Win32/InstallCore.LQ potentially unwanted application" ac=I fn="C:\Users\Georgette\Downloads\PDFCreatorSetup.exe"
sh=5ED2FC8BDCE9721FB8F4262DFB96B594B5641A1C ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 151.zip"
sh=D731B9EE63604E9B2D7F3C2D21B87DFD718C76E3 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 246.zip"
sh=2DA9CA41EB7E50F79E821E7750400470702DC7B9 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 57.zip"
sh=4D9C104C77B6CB66DFA11CA908BCD10100C5A948 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 59.zip"
sh=E1A94F26F61624E296E3E672904B32908E1DD17F ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.ErrorRepairPro application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 61.zip"
sh=F59D51B1D62970B25E5E6FCB31DB0D6786027E7A ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 62.zip"
sh=DCC75B6CB8BD124503C3BF04E4584CDC84CCD887 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 63.zip"
sh=2C02C47A04B9A2E8A1ADB1C11A442C5CBB70C046 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.A potentially unwanted application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 65.zip"
sh=A01AEE0061DCABDEFBBB6BD36ACA5DCEEF381810 ft=0 fh=0000000000000000 vn="Win32/PrcView potentially unsafe application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 66.zip"
sh=32D6ABBB5C044F6829D9D4A7F1E46D943D68B816 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 67.zip"
sh=1ACDB79931265975F64A28691A63075E1A28FDA2 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 68.zip"
sh=89220A99DF82A7F32E4415D8C680461A92FE37CC ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 75.zip"
sh=3592EC366514BF299AE45CA5F03EF1BAF549DE08 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 76.zip"
sh=A0145EA9766BC01A469458964C35765472EE1520 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 77.zip"
sh=1438B81C3239BFCFA832261EAD3952879A695F72 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 78.zip"
sh=78665462E6EEC6C47F1BBBB951D508D9E70B7974 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.A potentially unwanted application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-24 190000\Backup files 30.zip"
sh=4187D7F55175A237C1ABC8BC29C3257DA3FA484A ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-31 190000\Backup files 3.zip"
sh=66683C6028B2B49CB0EC167A1D8C710D7840B7B9 ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-31 190000\Backup files 8.zip"
sh=3C23D804B48678E3DE8337251A47AFE5B71D9BEF ft=1 fh=737130934ee7cf9c vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="H:\OSCAR-PC\Downloads\tbar.exe"
sh=0020D4D2672AA9DB228E21795CD8D4976F367AD2 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.A potentially unwanted application" ac=I fn="H:\SyncBack\Georgette\Documents\Backup\FileFort Backups\backup2011-04-15-1.bkz"
sh=4E8E690AC2FD3437C4AFC3B597D4CFCB037F20EA ft=1 fh=c38361e73e1b875e vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\7zip_installer_d162802 (1).exe"
sh=4E8E690AC2FD3437C4AFC3B597D4CFCB037F20EA ft=1 fh=c38361e73e1b875e vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\7zip_installer_d162802.exe"
sh=91EC186153FB33A4562204E4BE5631168C2BA206 ft=1 fh=eb969c333e6297d9 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\CuteWriter.exe"
sh=3C23D804B48678E3DE8337251A47AFE5B71D9BEF ft=1 fh=737130934ee7cf9c vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Dogpile.exe"
sh=8CBBB6B822A0217900F9AE7B14ECD23B19A37D73 ft=1 fh=f95d20c5fa5ec6ba vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\DPSetup.exe"
sh=107C5841249C0AD2EF50F5CA4DC6331B37497836 ft=1 fh=b7e28e7ff55299a0 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\rcsetup150.exe"
sh=695659596F4E2D37B5B3DE9A1A93F62C741E0FF2 ft=1 fh=929393d75e565337 vn="Win32/Toolbar.Conduit.S potentially unwanted application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Safari_Downloader.exe"
sh=D2682734FD1629CD29C148F66CD02C389E9556C9 ft=1 fh=15e5cab1edfd10d0 vn="a variant of Win32/AdWare.iBryte.Q application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Updater_Setup.exe"
sh=3C0B19925E2BD13AF6899E7E6A09B0CEB42A2CFA ft=1 fh=90d4ce8f86f9ad24 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Adobe\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\keygen.exe"
sh=D572444D3413FA4A21C60953421811D4FBADE9BC ft=1 fh=c1abb4c78b02907a vn="a variant of Win32/Keygen.CW potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Adobe\Adobe_Photosho (E)\keygen.exe"
sh=3C0B19925E2BD13AF6899E7E6A09B0CEB42A2CFA ft=1 fh=90d4ce8f86f9ad24 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\keygen.exe"
sh=08ABB0E27AA96B6E769605CFDB4C5F7977437D8C ft=1 fh=978c084eb0ff52b9 vn="a variant of Win32/Adware.ErrorRepairPro application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Alarms\erpsetup.exe"
sh=52F601DD7F4D4BD2AD47B6D80F0F84D9AB1317E2 ft=1 fh=60b7ec966425331c vn="a variant of Win32/Adware.ErrorRepairPro application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Alarms\jjreminder.exe"
sh=85D09393DA44107010279D3FE5C60460A9BDBEC0 ft=1 fh=4ac32d246a698927 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Backup\Windows 7 Versions\ffortsetup.exe"
sh=91EC186153FB33A4562204E4BE5631168C2BA206 ft=1 fh=eb969c333e6297d9 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\CutePDF\CuteWriter.exe"
sh=F3F9A2FCC53D1F555A0E5920A54214A1068AA6C9 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE.zip"
sh=0412AD87548CAEBD51A5F8A958BF7AF9951B5328 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen.rar"
sh=3C0B19925E2BD13AF6899E7E6A09B0CEB42A2CFA ft=1 fh=90d4ce8f86f9ad24 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen\keygen.exe"
sh=3C0B19925E2BD13AF6899E7E6A09B0CEB42A2CFA ft=1 fh=90d4ce8f86f9ad24 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\keygen.exe"
sh=C43593FDE66DDC46D492C55803608A4929A1D86E ft=1 fh=04fcfc269e3de2ea vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\File Recovery\rcsetup141.exe"
sh=44CDB5E61680A78D679DDC8F5E09FBCAD2671A99 ft=1 fh=a6f47056357cbbaa vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\PDF Converter\FoxitReader513.1201_enu_Setup.exe"
sh=44CDB5E61680A78D679DDC8F5E09FBCAD2671A99 ft=1 fh=a6f47056357cbbaa vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\PDF Converter\Phantom PDF Express.exe"
sh=23B050563A81A1C57DABA7805B1E3E6B4C874F2B ft=1 fh=b4fe666c57930953 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\QuoteTracker\cbsidlm-cbsi183-QuoteTracker-BP-10046178.exe"
sh=4ADF9AE54F0E0B940ADCF70FF7E91AA3EA85F891 ft=1 fh=124855afca213dc3 vn="Win32/PrcView potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Spybot\SmitfraudFix.exe"
sh=ECAF2A056C1C346D0E4905C4E5894F222B4231AF ft=1 fh=506c14b1c4a55a4f vn="a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Unlocker\Unlocker1.9.1.exe"
sh=2D97A9EEA85476C564C7E8108085A632F7799077 ft=1 fh=b135027aa12705c2 vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="H:\SyncBack\Georgette\Documents\Duplicates\Duplicates master file\Local Settings\Temp\ICD1.tmp\Toolbar_cobrand.EXE"
sh=2D97A9EEA85476C564C7E8108085A632F7799077 ft=1 fh=b135027aa12705c2 vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="H:\SyncBack\Georgette\Documents\Local Settings\Temp\ICD1.tmp\Toolbar_cobrand.EXE"
sh=3C23D804B48678E3DE8337251A47AFE5B71D9BEF ft=1 fh=737130934ee7cf9c vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="H:\SyncBack\Georgette\Documents\NEW LAPTOP2\Downloads\tbar.exe"
sh=3C23D804B48678E3DE8337251A47AFE5B71D9BEF ft=1 fh=737130934ee7cf9c vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="H:\SyncBack\Georgette\Documents\NEW LAPTOP2\Kingston files\KINGSTON (E)\Downloads\tbar.exe"
sh=1E3FF58866D59D4658FE8ED7DCA3E9B73F86BD83 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z"
sh=D6356361CB5D33E62695230274A8C219D18884A5 ft=1 fh=758f4dd0748812c4 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll"
sh=9649EF58972F7D972A679B1E46563CDD79A91B79 ft=1 fh=ab34756841b05d74 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="H:\SyncBack\Georgette\Documents\Windows 8\classicshell-setup.exe"
sh=23B050563A81A1C57DABA7805B1E3E6B4C874F2B ft=1 fh=b4fe666c57930953 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="H:\SyncBack\Georgette\Downloads\cbsidlm-cbsi183-QuoteTracker-BP-10046178.exe"
sh=3A5AADF9C98DC459914D5CF4D3E9D9029BB5472D ft=1 fh=898f8c7a865511cc vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Downloads\CuteWriter.exe"
sh=AB339A71F828BB3C2F8A267543CFB2F8BBE33781 ft=1 fh=c71c00114fbbac42 vn="a variant of Win32/InstallCore.LQ potentially unwanted application" ac=I fn="H:\SyncBack\Georgette\Downloads\PDFCreatorSetup.exe"
Thank you,
Georgette
:Commands
[createrestorepoint]
:Files
H:\SyncBack\Georgette\Downloads\PDFCreatorSetup.exe
H:\SyncBack\Georgette\Downloads\CuteWriter.exe
H:\SyncBack\Georgette\Downloads\cbsidlm-cbsi183-QuoteTracker-BP-10046178.exe
H:\SyncBack\Georgette\Documents\Windows 8\classicshell-setup.exe
H:\SyncBack\Georgette\Documents\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll
H:\SyncBack\Georgette\Documents\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z
H:\SyncBack\Georgette\Documents\NEW LAPTOP2\Kingston files\KINGSTON (E)\Downloads\tbar.exe
H:\SyncBack\Georgette\Documents\NEW LAPTOP2\Downloads\tbar.exe
H:\SyncBack\Georgette\Documents\Local Settings\Temp\ICD1.tmp\Toolbar_cobrand.EXE
H:\SyncBack\Georgette\Documents\Duplicates\Duplicates master file\Local Settings\Temp\ICD1.tmp\Toolbar_cobrand.EXE
H:\SyncBack\Georgette\Documents\Downloads\Unlocker\Unlocker1.9.1.exe
H:\SyncBack\Georgette\Documents\Downloads\Spybot\SmitfraudFix.exe
H:\SyncBack\Georgette\Documents\Downloads\QuoteTracker\cbsidlm-cbsi183-QuoteTracker-BP-10046178.exe
H:\SyncBack\Georgette\Documents\Downloads\PDF Converter\Phantom PDF Express.exe
H:\SyncBack\Georgette\Documents\Downloads\PDF Converter\FoxitReader513.1201_enu_Setup.exe
H:\SyncBack\Georgette\Documents\Downloads\File Recovery\rcsetup141.exe
H:\SyncBack\Georgette\Documents\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\keygen.exe
H:\SyncBack\Georgette\Documents\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen
H:\SyncBack\Georgette\Documents\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen.rar
H:\SyncBack\Georgette\Documents\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE.zip
H:\SyncBack\Georgette\Documents\Downloads\CutePDF\CuteWriter.exe
H:\SyncBack\Georgette\Documents\Downloads\Backup\Windows 7 Versions\ffortsetup.exe
H:\SyncBack\Georgette\Documents\Downloads\Alarms\jjreminder.exe
H:\SyncBack\Georgette\Documents\Downloads\Alarms\erpsetup.exe
H:\SyncBack\Georgette\Documents\Downloads\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE
H:\SyncBack\Georgette\Documents\Downloads\Adobe\Adobe_Photosho (E)\keygen.exe
H:\SyncBack\Georgette\Documents\Downloads\Adobe\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE
H:\SyncBack\Georgette\Documents\Downloads\Updater_Setup.exe
H:\SyncBack\Georgette\Documents\Downloads\Safari_Downloader.exe
H:\SyncBack\Georgette\Documents\Downloads\rcsetup150.exe
H:\SyncBack\Georgette\Documents\Downloads\DPSetup.exe
H:\SyncBack\Georgette\Documents\Downloads\Dogpile.exe
H:\SyncBack\Georgette\Documents\Downloads\CuteWriter.exe
H:\SyncBack\Georgette\Documents\Downloads\7zip_installer_d162802.exe
H:\SyncBack\Georgette\Documents\Downloads\7zip_installer_d162802 (1).exe
H:\SyncBack\Georgette\Documents\Backup\FileFort Backups\backup2011-04-15-1.bkz
H:\OSCAR-PC\Downloads\tbar.exe
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-31 190000\Backup files 8.zip
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-31 190000\Backup files 3.zip
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-24 190000\Backup files 30.zip
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 78.zip
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 77.zip
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 76.zip
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 75.zip
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 68.zip
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 67.zip
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 66.zip
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 65.zip
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 63.zip
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 62.zip
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 61.zip
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 59.zip
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 57.zip
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 246.zip
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 151.zip
C:\Users\Georgette\Downloads\PDFCreatorSetup.exe
C:\Users\Georgette\Downloads\CuteWriter.exe
C:\Users\Georgette\Downloads\cbsidlm-cbsi183-QuoteTracker-BP-10046178.exe
C:\Users\Georgette\Documents\Windows 8\classicshell-setup.exe
C:\Users\Georgette\Documents\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll
C:\Users\Georgette\Documents\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z
C:\Users\Georgette\Documents\NEW LAPTOP2\Kingston files\KINGSTON (E)\Downloads\tbar.exe
C:\Users\Georgette\Documents\NEW LAPTOP2\Downloads\tbar.exe
C:\Users\Georgette\Documents\Local Settings\Temp\ICD1.tmp\Toolbar_cobrand.EXE
C:\Users\Georgette\Documents\Duplicates\Duplicates master file\Local Settings\Temp\ICD1.tmp\
C:\Users\Georgette\Documents\Downloads\Unlocker\Unlocker1.9.1.exe
C:\Users\Georgette\Documents\Downloads\Spybot
C:\Users\Georgette\Documents\Downloads\QuoteTracker\cbsidlm-cbsi183-QuoteTracker-BP-10046178.exe
C:\Users\Georgette\Documents\Downloads\PDF Converter\Phantom PDF Express.exe
C:\Users\Georgette\Documents\Downloads\PDF Converter\FoxitReader513.1201_enu_Setup.exe
C:\Users\Georgette\Documents\Downloads\File Recovery\rcsetup141.exe
C:\Users\Georgette\Documents\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE
C:\Users\Georgette\Documents\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen
C:\Users\Georgette\Documents\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen.rar
C:\Users\Georgette\Documents\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE.zip
C:\Users\Georgette\Documents\Downloads\CutePDF
C:\Users\Georgette\Documents\Downloads\Backup\Windows 7 Versions\ffortsetup.exe
C:\Users\Georgette\Documents\Downloads\Alarms\jjreminder.exe
C:\Users\Georgette\Documents\Downloads\Alarms\erpsetup.exe
C:\Users\Georgette\Documents\Downloads\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE
C:\Users\Georgette\Documents\Downloads\Adobe\Adobe_Photosho (E)\keygen.exe
c:\Users\Georgette\Documents\Downloads\Safari_Downloader.exe
C:\Users\Georgette\Documents\Downloads\rcsetup150.exe
C:\Users\Georgette\Documents\Downloads\DPSetup.exe
C:\Users\Georgette\Documents\Downloads\Dogpile.exe
C:\Users\Georgette\Documents\Downloads\CuteWriter.exe
C:\Users\Georgette\Documents\Backup\FileFort Backups\backup2011-04-15-1.bkz
C:\SyncBack\SyncBack\Windows 8\classicshell-setup.exe
C:\SyncBack\SyncBack\ProgramData\APN\APN-Stub\W3IV6-G
C:\SyncBack\SyncBack\NEW LAPTOP2\Kingston files\KINGSTON (E)\Downloads\tbar.exe
C:\SyncBack\SyncBack\NEW LAPTOP2\Downloads\tbar.exe
C:\SyncBack\SyncBack\Local Settings\Temp\ICD1.tmp\Toolbar_cobrand.EXE
C:\SyncBack\SyncBack\Downloads\Unlocker\
C:\SyncBack\SyncBack\Downloads\Spybot\
C:\SyncBack\SyncBack\Downloads\PDF Converter\Phantom PDF Express.exe
C:\SyncBack\SyncBack\Downloads\PDF Converter\FoxitReader513.1201_enu_Setup.exe
C:\SyncBack\SyncBack\Downloads\File Recovery\rcsetup141.exe
C:\SyncBack\SyncBack\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE
C:\SyncBack\SyncBack\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen
C:\SyncBack\SyncBack\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen.rar
C:\SyncBack\SyncBack\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE.zip
C:\SyncBack\SyncBack\Downloads\CutePDF\
C:\SyncBack\SyncBack\Downloads\Backup\Windows 7 Versions\ffortsetup.exe
C:\SyncBack\SyncBack\Downloads\Alarms\jjreminder.exe
C:\SyncBack\SyncBack\Downloads\Alarms\erpsetup.exe
C:\SyncBack\SyncBack\Downloads\Adobe\Adobe_Photosho (E)\keygen.exe
c:\SyncBack\SyncBack\Downloads\Updater_Setup.exe
C:\SyncBack\SyncBack\Downloads\Safari_Downloader.exe
C:\SyncBack\SyncBack\Downloads\rcsetup150.exe
C:\SyncBack\SyncBack\Downloads\DPSetup.exe
C:\SyncBack\SyncBack\Downloads\Dogpile.exe
C:\SyncBack\SyncBack\Downloads\CuteWriter.exe
C:\SyncBack\SyncBack\Downloads\7zip_installer_d162802.exe
C:\SyncBack\SyncBack\Downloads\7zip_installer_d162802 (1).exe
C:\SyncBack\SyncBack\Backup\FileFort Backups\backup2011-04-15-1.bkz
:Commands
[emptytemp]
Hello Valinorum,
The system seems to be running fine.
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
H:\SyncBack\Georgette\Downloads\PDFCreatorSetup.exe moved successfully.
H:\SyncBack\Georgette\Downloads\CuteWriter.exe moved successfully.
H:\SyncBack\Georgette\Downloads\cbsidlm-cbsi183-QuoteTracker-BP-10046178.exe moved successfully.
H:\SyncBack\Georgette\Documents\Windows 8\classicshell-setup.exe moved successfully.
H:\SyncBack\Georgette\Documents\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll moved successfully.
H:\SyncBack\Georgette\Documents\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z moved successfully.
H:\SyncBack\Georgette\Documents\NEW LAPTOP2\Kingston files\KINGSTON (E)\Downloads\tbar.exe moved successfully.
H:\SyncBack\Georgette\Documents\NEW LAPTOP2\Downloads\tbar.exe moved successfully.
H:\SyncBack\Georgette\Documents\Local Settings\Temp\ICD1.tmp\Toolbar_cobrand.EXE moved successfully.
H:\SyncBack\Georgette\Documents\Duplicates\Duplicates master file\Local Settings\Temp\ICD1.tmp\Toolbar_cobrand.EXE moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Unlocker\Unlocker1.9.1.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Spybot\SmitfraudFix.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\QuoteTracker\cbsidlm-cbsi183-QuoteTracker-BP-10046178.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\PDF Converter\Phantom PDF Express.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\PDF Converter\FoxitReader513.1201_enu_Setup.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\File Recovery\rcsetup141.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\keygen.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen folder moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen.rar moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE.zip moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\CutePDF\CuteWriter.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Backup\Windows 7 Versions\ffortsetup.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Alarms\jjreminder.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Alarms\erpsetup.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE folder moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Adobe\Adobe_Photosho (E)\keygen.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Adobe\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\Adobe Photoshop Elements\directx9 folder moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Adobe\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\Adobe Photoshop Elements folder moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Adobe\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\Adobe Partner Programs\North America folder moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Adobe\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\Adobe Partner Programs\International folder moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Adobe\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\Adobe Partner Programs folder moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Adobe\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE folder moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Updater_Setup.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Safari_Downloader.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\rcsetup150.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\DPSetup.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Dogpile.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\CuteWriter.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\7zip_installer_d162802.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\7zip_installer_d162802 (1).exe moved successfully.
H:\SyncBack\Georgette\Documents\Backup\FileFort Backups\backup2011-04-15-1.bkz moved successfully.
H:\OSCAR-PC\Downloads\tbar.exe moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-31 190000\Backup files 8.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-31 190000\Backup files 3.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-24 190000\Backup files 30.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 78.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 77.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 76.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 75.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 68.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 67.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 66.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 65.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 63.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 62.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 61.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 59.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 57.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 246.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 151.zip moved successfully.
C:\Users\Georgette\Downloads\PDFCreatorSetup.exe moved successfully.
C:\Users\Georgette\Downloads\CuteWriter.exe moved successfully.
C:\Users\Georgette\Downloads\cbsidlm-cbsi183-QuoteTracker-BP-10046178.exe moved successfully.
C:\Users\Georgette\Documents\Windows 8\classicshell-setup.exe moved successfully.
C:\Users\Georgette\Documents\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll moved successfully.
C:\Users\Georgette\Documents\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z moved successfully.
C:\Users\Georgette\Documents\NEW LAPTOP2\Kingston files\KINGSTON (E)\Downloads\tbar.exe moved successfully.
C:\Users\Georgette\Documents\NEW LAPTOP2\Downloads\tbar.exe moved successfully.
C:\Users\Georgette\Documents\Local Settings\Temp\ICD1.tmp\Toolbar_cobrand.EXE moved successfully.
C:\Users\Georgette\Documents\Duplicates\Duplicates master file\Local Settings\Temp\ICD1.tmp folder moved successfully.
C:\Users\Georgette\Documents\Downloads\Unlocker\Unlocker1.9.1.exe moved successfully.
C:\Users\Georgette\Documents\Downloads\Spybot folder moved successfully.
C:\Users\Georgette\Documents\Downloads\QuoteTracker\cbsidlm-cbsi183-QuoteTracker-BP-10046178.exe moved successfully.
C:\Users\Georgette\Documents\Downloads\PDF Converter\Phantom PDF Express.exe moved successfully.
C:\Users\Georgette\Documents\Downloads\PDF Converter\FoxitReader513.1201_enu_Setup.exe moved successfully.
C:\Users\Georgette\Documents\Downloads\File Recovery\rcsetup141.exe moved successfully.
C:\Users\Georgette\Documents\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE folder moved successfully.
C:\Users\Georgette\Documents\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen folder moved successfully.
C:\Users\Georgette\Documents\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen.rar moved successfully.
C:\Users\Georgette\Documents\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE.zip moved successfully.
C:\Users\Georgette\Documents\Downloads\CutePDF\AutoSave folder moved successfully.
C:\Users\Georgette\Documents\Downloads\CutePDF folder moved successfully.
C:\Users\Georgette\Documents\Downloads\Backup\Windows 7 Versions\ffortsetup.exe moved successfully.
C:\Users\Georgette\Documents\Downloads\Alarms\jjreminder.exe moved successfully.
C:\Users\Georgette\Documents\Downloads\Alarms\erpsetup.exe moved successfully.
C:\Users\Georgette\Documents\Downloads\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE folder moved successfully.
C:\Users\Georgette\Documents\Downloads\Adobe\Adobe_Photosho (E)\keygen.exe moved successfully.
c:\Users\Georgette\Documents\Downloads\Safari_Downloader.exe moved successfully.
C:\Users\Georgette\Documents\Downloads\rcsetup150.exe moved successfully.
C:\Users\Georgette\Documents\Downloads\DPSetup.exe moved successfully.
C:\Users\Georgette\Documents\Downloads\Dogpile.exe moved successfully.
C:\Users\Georgette\Documents\Downloads\CuteWriter.exe moved successfully.
C:\Users\Georgette\Documents\Backup\FileFort Backups\backup2011-04-15-1.bkz moved successfully.
C:\SyncBack\SyncBack\Windows 8\classicshell-setup.exe moved successfully.
C:\SyncBack\SyncBack\ProgramData\APN\APN-Stub\W3IV6-G folder moved successfully.
C:\SyncBack\SyncBack\NEW LAPTOP2\Kingston files\KINGSTON (E)\Downloads\tbar.exe moved successfully.
C:\SyncBack\SyncBack\NEW LAPTOP2\Downloads\tbar.exe moved successfully.
C:\SyncBack\SyncBack\Local Settings\Temp\ICD1.tmp\Toolbar_cobrand.EXE moved successfully.
C:\SyncBack\SyncBack\Downloads\Unlocker folder moved successfully.
C:\SyncBack\SyncBack\Downloads\Spybot folder moved successfully.
C:\SyncBack\SyncBack\Downloads\PDF Converter\Phantom PDF Express.exe moved successfully.
C:\SyncBack\SyncBack\Downloads\PDF Converter\FoxitReader513.1201_enu_Setup.exe moved successfully.
C:\SyncBack\SyncBack\Downloads\File Recovery\rcsetup141.exe moved successfully.
C:\SyncBack\SyncBack\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE folder moved successfully.
C:\SyncBack\SyncBack\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen folder moved successfully.
C:\SyncBack\SyncBack\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen.rar moved successfully.
C:\SyncBack\SyncBack\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE.zip moved successfully.
C:\SyncBack\SyncBack\Downloads\CutePDF\AutoSave folder moved successfully.
C:\SyncBack\SyncBack\Downloads\CutePDF folder moved successfully.
C:\SyncBack\SyncBack\Downloads\Backup\Windows 7 Versions\ffortsetup.exe moved successfully.
C:\SyncBack\SyncBack\Downloads\Alarms\jjreminder.exe moved successfully.
C:\SyncBack\SyncBack\Downloads\Alarms\erpsetup.exe moved successfully.
C:\SyncBack\SyncBack\Downloads\Adobe\Adobe_Photosho (E)\keygen.exe moved successfully.
c:\SyncBack\SyncBack\Downloads\Updater_Setup.exe moved successfully.
C:\SyncBack\SyncBack\Downloads\Safari_Downloader.exe moved successfully.
C:\SyncBack\SyncBack\Downloads\rcsetup150.exe moved successfully.
C:\SyncBack\SyncBack\Downloads\DPSetup.exe moved successfully.
C:\SyncBack\SyncBack\Downloads\Dogpile.exe moved successfully.
C:\SyncBack\SyncBack\Downloads\CuteWriter.exe moved successfully.
C:\SyncBack\SyncBack\Downloads\7zip_installer_d162802.exe moved successfully.
C:\SyncBack\SyncBack\Downloads\7zip_installer_d162802 (1).exe moved successfully.
C:\SyncBack\SyncBack\Backup\FileFort Backups\backup2011-04-15-1.bkz moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Georgette
->Temp folder emptied: 36187 bytes
->Temporary Internet Files folder emptied: 13503472 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5290149 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 524896 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 311299480 bytes
Total Files Cleaned = 315.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05022014_145006
Files\Folders moved on Reboot...
C:\Users\Georgette\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Georgette\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Thank you,
mammothcabin
♣ Removal of Tools and Quarantined Files ♣
♣ Prevention and Future Guidelines ♣
Hello Valinorum,
I have followed the last set of instructions, I think I may try avast, Norton has become a nuisance warning of errors that have to be repaired. I had been looking for another anti-virus. Some of the items I have been doing but there are some that I had not been updating such as Java, etc. I did not realize the importance of keeping them updated. So perhaps I will avoid this by being more proactive. Thank you again for all your assistance.
# DelFix v10.7 - Logfile created 02/05/2014 at 17:52:16
# Updated 27/04/2014 by Xplode
# Username : Georgette - MOTHERSHIP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
~ Activating UAC ... OK
~ Removing disinfection tools ...
Deleted : C:\_OTL
Deleted : C:\AdwCleaner
Deleted : C:\Users\Georgette\Desktop\JRT.txt
Deleted : C:\Users\Georgette\Downloads\AdwCleaner.exe
Deleted : C:\Users\Georgette\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Georgette\Downloads\Extras.Txt
Deleted : C:\Users\Georgette\Downloads\JRT.exe
Deleted : C:\Users\Georgette\Downloads\OTL.Txt
Deleted : C:\Users\Georgette\Downloads\OTL.exe
Deleted : C:\Users\Georgette\Downloads\SecurityCheck.exe
Deleted : C:\Users\Georgette\Documents\Downloads\Silent Runners.vbs
Deleted : C:\Users\Georgette\Documents\Downloads\Startup Programs (VIXEN) 2006-01-12 14.53.22.txt
Deleted : C:\Users\Georgette\Documents\Downloads\Startup Programs (VIXEN) 2006-01-12 14.55.06.txt
Deleted : C:\Users\Georgette\Documents\Downloads\Startup Programs (VIXEN) 2006-01-13 10.08.07.txt
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
~ Creating registry backup ... OK
~ Cleaning system restore ...
Deleted : RP #51 [Installed Java 7 Update 55 | 05/01/2014 21:21:10]
Deleted : RP #52 [Windows Update | 05/02/2014 16:26:01]
Deleted : RP #53 [OTL Restore Point - 5/2/2014 2:50:17 PM | 05/02/2014 18:50:17]
New restore point created !
~ Resetting system settings ... OK
########## - EOF - ##########
Regards,
mammothcabin
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.