Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Foreign language files keep appearing on my desktop [Solved]

Started by mammothcabin , Apr 26 2014 09:09 AM

This topic is locked

#1
mammothcabin

Posted 26 April 2014 - 09:09 AM

New Member

Member
7 posts

Files keep appearing on my desktop I think the text is Japanese - 㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㐴㘱〰⸶䵘L

I have scanned with Norton and Malware Bytes. No results. I am really concerned as they appear everyday after deleting them.

#2
Valinorum

Posted 26 April 2014 - 09:52 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Hi mammothcabin,

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
Please do not install any new software while we are working on this system as it may hinder our process.
Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
Please do not try to fix anything without being ask.
Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
If you are confused about any instruction stop and ask. Do not keep on going.
Do not repeat the steps if you face any problems.
I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

Note: Please, bare in mind that I am still a trainee and my replies need to be reviewed by my teachers before I post them to you which requires time as both teachers and helpers are volunteers here. Take it as a good thing because now you have two people examining your problem. I really hope that we will be able to send you home with a smile on your face.

Step #1 Scan with OTL
- Please download OldTimer's Listit from one of the following locations and save it to your Desktop.
  Download Link 1
  Download Link 2
  Downlaod LInk 3
- Copy and Paste the following code inside the Custom Scans/Fixes box;
```
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
dir "%systemdrive%\*" /S /A:L /C
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT
```
- Click the Quick Scan button;
- After the scan two logs will be produced;
- Copy and paste the content of the logs in your next reply

Step #2 Scan with Security Check
- Download Security Check by screen317 to your Desktop from any of the following location;
  - Link 1
  - Link 2
- Right click on the program and choose Run as Administrator;
- After the checking a log will appear;
- Copy and Paste the content of the log in your next reply.

Required Log(s):
- OTL Log(s) --
  - OTl.txt;
  - Extras.txt
- Security Check Log

Regards,
Valinorum

#3
mammothcabin

Posted 28 April 2014 - 10:29 AM

New Member

Topic Starter
Member
7 posts

Hello Valinorum,

Here are the logs.

OTL logfile created on: 4/28/2014 11:46:29 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Georgette\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.85 Gb Total Physical Memory | 3.48 Gb Available Physical Memory | 59.48% Memory free
11.70 Gb Paging File | 9.12 Gb Available in Paging File | 77.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906.34 Gb Total Space | 374.44 Gb Free Space | 41.31% Space Free | Partition Type: NTFS
Drive F: | 206.62 Gb Total Space | 0.30 Gb Free Space | 0.15% Space Free | Partition Type: NTFS
Drive H: | 465.73 Gb Total Space | 290.41 Gb Free Space | 62.36% Space Free | Partition Type: NTFS

Computer Name: MOTHERSHIP | User Name: Georgette | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/28 11:28:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Georgette\Downloads\OTL.exe
PRC - [2014/04/14 00:00:58 | 002,484,504 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2014/04/14 00:00:58 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/03/22 17:58:09 | 000,527,936 | ---- | M] (BillP Studios) -- F:\Program Files\WinPatrol\WinPatrol.exe
PRC - [2014/03/15 04:40:21 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccsvchst.exe
PRC - [2011/03/21 17:12:54 | 000,020,480 | ---- | M] () -- C:\Windows\jmesoft\JME_LOAD.exe
PRC - [2011/03/21 17:06:46 | 000,118,784 | ---- | M] (Lenovo) -- C:\Windows\jmesoft\hotkey.exe
PRC - [2011/03/15 23:47:40 | 000,032,768 | ---- | M] () -- C:\Windows\jmesoft\Service.exe
PRC - [2010/10/21 13:11:00 | 000,144,672 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe
PRC - [2010/10/08 12:49:40 | 000,285,696 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe
PRC - [2010/10/05 09:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 09:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/26 15:30:52 | 000,163,840 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe
PRC - [2010/09/09 14:46:14 | 000,081,920 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Power Dial\LitModeCtrl.exe
PRC - [2010/09/09 14:19:08 | 000,265,216 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe
PRC - [2010/08/30 02:07:34 | 000,096,752 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe
PRC - [2010/03/15 11:41:32 | 000,442,368 | ---- | M] (Tinnes Software) -- C:\Program Files (x86)\Desktop Calendar\Desktop Calendar.exe
PRC - [2010/02/22 13:29:56 | 001,012,080 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Common Files\AntiVirus\SBAMSvc.exe
PRC - [2010/02/04 16:13:42 | 000,529,688 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Avanquest\SystemSuite\MXTask.exe
PRC - [2009/12/04 19:59:28 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
PRC - [2009/12/03 23:25:32 | 000,050,456 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Avanquest\SystemSuite\MXTask2.exe
PRC - [2009/09/30 14:19:30 | 000,049,152 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe
PRC - [2008/07/30 14:23:02 | 000,177,448 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2006/02/17 12:44:28 | 000,197,632 | ---- | M] (Nu2 Productions) -- C:\pebuilder3110a\pebuilder.exe

========== Modules (No Company Name) ==========

MOD - [2014/04/15 14:46:13 | 001,125,592 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2014/03/31 08:51:12 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\13372e3b6a7e4126d48827a30c2c1d9a\Microsoft.VisualBasic.ni.dll
MOD - [2014/03/31 08:47:19 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/03/28 14:33:50 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll
MOD - [2014/03/28 14:31:29 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
MOD - [2014/03/28 14:31:18 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/03/28 14:31:17 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\faf3ae85f2470505e1b32d2154de60ef\System.EnterpriseServices.ni.dll
MOD - [2014/03/28 14:31:17 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\cd3556d1162e8f7df77611c9c4253f7c\System.Transactions.ni.dll
MOD - [2014/03/28 14:31:16 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\fe1942c05eda4f9744f80afb4ae76a2d\System.Data.ni.dll
MOD - [2014/03/28 14:31:09 | 014,340,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll
MOD - [2014/03/28 14:30:55 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/03/28 14:30:53 | 012,238,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
MOD - [2014/03/28 14:30:46 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/03/28 14:30:42 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/03/28 14:30:40 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/03/28 14:30:39 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/03/28 14:30:35 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/03/23 17:04:20 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2014/03/15 04:40:39 | 003,642,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/02/17 23:46:30 | 000,643,948 | ---- | M] () -- F:\Program Files\WinPatrol\sqlite3.dll
MOD - [2010/11/20 23:24:08 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/10/21 13:11:08 | 000,086,304 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Greeting Card Factory Deluxe 8.0\AddressBookCore.dll
MOD - [2010/10/21 13:11:00 | 000,144,672 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe
MOD - [2010/10/21 12:50:28 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Greeting Card Factory Deluxe 8.0\en-US\ReminderApp.resources.dll
MOD - [2010/09/20 21:55:52 | 000,182,272 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Brightness System\ddcHelperWraper.dll
MOD - [2010/09/20 13:08:10 | 000,210,432 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Brightness System\KeyStoneAdapter.dll
MOD - [2010/09/09 14:19:30 | 000,210,432 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Eye Distance System\KeyStoneAdapter.dll
MOD - [2010/09/09 14:18:58 | 000,211,456 | ---- | M] () -- C:\Program Files\Lenovo\Lenovo Eye Distance System\VideoPlayer.dll
MOD - [2009/12/04 20:04:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
MOD - [2009/12/04 19:59:54 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
MOD - [2009/06/10 17:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2008/12/30 14:09:34 | 002,088,960 | ---- | M] () -- C:\Program Files\Lenovo\Power Dial\LitModeSwitchRes.dll
MOD - [2007/12/31 13:27:42 | 000,007,168 | ---- | M] () -- C:\Windows\jmesoft\VistaVolume.dll
MOD - [2005/11/29 08:55:34 | 000,411,648 | ---- | M] () -- C:\pebuilder3110a\StarBurn.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/03/06 04:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/09 14:46:14 | 000,081,920 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files\Lenovo\Power Dial\LitModeCtrl.exe -- (LitModeCtrl)
SRV:64bit: - [2009/09/30 14:19:30 | 000,049,152 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe -- (LenovoCOMSvc)
SRV:64bit: - [2007/05/29 17:47:54 | 000,020,480 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\Windows\SysNative\spool\drivers\x64\3\OPHDLDCS.EXE -- (OKI OPHD DCS Loader)
SRV - [2014/04/14 00:00:58 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2014/03/15 04:40:31 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/11 16:45:00 | 000,130,104 | R--- | M] (Symantec Corporation) [Unknown (-1) | Unknown] -- C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\NST.exe -- (NCO)
SRV - [2014/01/29 23:02:44 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360)
SRV - [2011/03/15 23:47:40 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\jmesoft\Service.exe -- (JME Keyboard)
SRV - [2010/10/05 09:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 09:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/08/30 02:07:34 | 000,096,752 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe -- (CEEBC40A-FDED-4C59-B354-939132350B01)
SRV - [2010/02/22 13:29:56 | 001,012,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files (x86)\Common Files\AntiVirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/02/04 16:13:42 | 000,529,688 | ---- | M] (Avanquest Software) [Auto | Running] -- C:\Program Files (x86)\Avanquest\SystemSuite\MXTask.exe -- (SystemSuite Task Manager)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/30 14:23:26 | 000,161,064 | ---- | M] (Seagate Technology LLC) [Disabled | Stopped] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2007/05/29 17:47:54 | 000,020,480 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\windows\system32\spool\DRIVERS\x64\3\OPHDLDCS.EXE -- (OKI OPHD DCS Loader)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/04/14 00:01:06 | 000,316,312 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2014/03/31 13:15:30 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2014/01/29 23:02:28 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/10/01 22:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/27 15:23:26 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DE07000.02B\ccSetx64.sys -- (ccSet_NST)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/05 22:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 22:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/07 00:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/05/21 21:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/17 22:13:32 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 22:13:22 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2012/04/17 21:42:14 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/21 01:34:55 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2011/05/21 01:34:55 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/25 06:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 12:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/21 02:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/07/20 05:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/21 17:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/15 08:17:56 | 000,082,992 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (sbtis)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/04/08 09:43:04 | 000,020,832 | ---- | M] (Nicomsoft Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ddcdrv.sys -- (WinI2C-DDC)
DRV:64bit: - [2006/11/09 06:04:00 | 000,026,112 | R--- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PELMOUSE.SYS -- (pelmouse)
DRV:64bit: - [2006/11/09 06:04:00 | 000,023,040 | R--- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PELUSBlf.SYS -- (pelusblf)
DRV - [2014/04/23 14:33:08 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20140428.001\ex64.sys -- (NAVEX15)
DRV - [2014/04/23 14:33:08 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/04/23 14:33:08 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20140428.001\eng64.sys -- (NAVENG)
DRV - [2014/04/15 14:46:11 | 000,606,672 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys -- (RapportCerberus_59849)
DRV - [2014/04/14 00:01:06 | 000,397,848 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2014/04/14 00:01:06 | 000,282,968 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2014/04/09 18:47:21 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\windows\SysWow64\drivers\AFS.SYS -- (AFS)
DRV - [2014/03/31 14:54:19 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/03/28 16:33:00 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\IPSDefs\20140427.002\IDSviA64.sys -- (IDSVia64)
DRV - [2014/03/19 01:34:28 | 001,525,976 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\BASHDefs\20140409.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/03/22 21:13:08 | 000,015,712 | ---- | M] (Nicomsoft Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\ddcdrv.sys -- (WinI2C-DDC)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=LEND&bmod=LEND
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=LEND&bmod=LEND
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ND_enUS445US445
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{D0E1D5BF-70B0-47B0-A8D1-12B13FEEF54E}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Privatelee"
FF - prefs.js..browser.search.selectedEngine: "Privatelee"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7BE6C1199F-E687-42da-8C24-E7770CC3AE66%7D:2.0.4
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2012.5.22.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.43\coFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\IPSFF [2014/03/31 14:55:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\coFFPlgn\ [2014/04/27 17:58:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4d855a8a-1536-4aa8-bf99-da2362910205}: C:\Program Files (x86)\Avanquest\SystemSuite\FirefoxDV [2014/04/23 13:57:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\Avanquest\SystemSuite\Firefox [2014/04/23 13:57:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/03/28 15:47:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georgette\AppData\Roaming\Mozilla\Extensions
[2014/04/04 15:08:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georgette\AppData\Roaming\Mozilla\Firefox\Profiles\qqbrwb2d.default\extensions
[2014/04/04 15:08:00 | 000,024,626 | ---- | M] () (No name found) -- C:\Users\Georgette\AppData\Roaming\Mozilla\Firefox\Profiles\qqbrwb2d.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
[2014/03/28 17:50:43 | 000,002,050 | ---- | M] () -- C:\Users\Georgette\AppData\Roaming\Mozilla\Firefox\Profiles\qqbrwb2d.default\searchplugins\privatelee.xml
[2014/04/27 11:10:09 | 000,002,494 | ---- | M] () -- C:\Users\Georgette\AppData\Roaming\Mozilla\Firefox\Profiles\qqbrwb2d.default\searchplugins\safesearch.xml
[2014/03/28 15:44:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/28 15:44:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/04/27 17:58:13 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\COFFPLGN

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.43\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\Avanquest\SystemSuite\avgssie.dll ()
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DataVault Object) - {8373ADC0-6330-11DD-9D77-22C856D89593} - C:\Program Files (x86)\Avanquest\SystemSuite\IE_ContextMenu_Vault.dll (Avanquest Software)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.43\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Mouse Suite 98 Daemon] C:\windows\SysNative\ICO.EXE (Primax Electronics Ltd.)
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe (Lenovo)
O4 - HKLM..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe ()
O4 - HKLM..\Run: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo)
O4 - HKLM..\Run: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [ModeSwitch] C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe (Lenovo)
O4 - HKLM..\Run: [ReminderApp] C:\Program Files (x86)\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe ()
O4 - HKLM..\Run: [SetDefaultSCR] C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe (Lenovo)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Desktop Calendar] C:\Program Files (x86)\Desktop Calendar\Desktop Calendar.exe (Tinnes Software)
O4 - HKCU..\Run: [WinPatrol] F:\Program Files\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 184.63.96.68 184.63.96.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64D9B841-87A2-4172-B731-A3ABBEA11425}: DhcpNameServer = 184.63.96.68 184.63.96.69
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/10 17:08:00 | 000,000,067 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/04/27 11:09:28 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{8CEF6EF1-363B-410F-A74F-7F0DE832085C}
[2014/04/27 10:48:57 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{3274F6FE-1D4D-44E5-B309-D17FA722E715}
[2014/04/25 16:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PE Builder
[2014/04/25 16:57:18 | 000,000,000 | ---D | C] -- C:\pebuilder3110a
[2014/04/25 09:04:54 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2014/04/25 09:00:03 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{229C837F-B1D4-4E16-963D-7EEA09127567}
[2014/04/24 18:27:59 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/24 18:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/24 18:26:44 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/04/24 18:26:44 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/04/24 18:26:44 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/04/24 18:26:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/24 18:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/24 13:59:08 | 000,000,000 | ---D | C] -- C:\Users\Georgette\Documents\WebStore
[2014/04/24 08:59:56 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{4898B2FE-0992-40D3-AAA8-AA6666FE23A5}
[2014/04/23 17:42:10 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\Akamai
[2014/04/23 14:37:50 | 000,082,992 | ---- | C] (Sunbelt Software) -- C:\windows\SysNative\drivers\sbtis.sys
[2014/04/23 14:05:13 | 000,027,472 | ---- | C] (Sunbelt Software) -- C:\windows\SysNative\sbbd.exe
[2014/04/23 14:05:13 | 000,026,144 | ---- | C] (Avanquest Software) -- C:\windows\SysNative\drivers\mxRCycle.sys
[2014/04/23 13:13:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014/04/23 08:59:54 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{91F4E072-4258-4D4D-8E04-07590A0AFA87}
[2014/04/22 08:39:44 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{A9A96EEB-D7A2-423B-ADB5-BEE0CBF1C88F}
[2014/04/21 09:00:01 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{34089BDB-E782-465E-8A67-F33CB91587F5}
[2014/04/20 11:52:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BVRP Software
[2014/04/20 11:49:02 | 000,000,000 | RHSD | C] -- C:\_Backup.RC
[2014/04/20 11:48:51 | 000,000,000 | -H-D | C] -- C:\_Backup
[2014/04/20 11:43:09 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\Avanquest
[2014/04/20 11:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest
[2014/04/20 11:42:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AntiVirus
[2014/04/20 11:42:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avanquest
[2014/04/20 09:00:11 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{BE53089D-7EFA-40A8-86E5-D4479553C133}
[2014/04/19 08:59:55 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{7E09B011-12D4-454F-B37A-0B59FA2D6F3C}
[2014/04/18 14:50:40 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\Nova Development
[2014/04/18 14:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/04/18 14:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2014/04/18 14:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Seagate
[2014/04/18 14:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2014/04/18 13:57:48 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations
[2014/04/18 13:57:30 | 000,000,000 | -HSD | C] -- C:\windows\ftpcache
[2014/04/18 13:51:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nova Development
[2014/04/17 22:27:41 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{F8D3087D-64E0-46BC-8EFF-733E474EDC7E}
[2014/04/17 08:59:55 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{478AA8EF-84E3-4A60-88C6-5E086E006ECE}
[2014/04/16 08:46:23 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{203AFBB0-A5D4-4CAC-82EE-7DC0F236281A}
[2014/04/15 14:45:58 | 000,316,312 | ---- | C] (Trusteer Ltd.) -- C:\windows\SysNative\drivers\RapportKE64.sys
[2014/04/15 14:43:22 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\Trusteer
[2014/04/15 14:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
[2014/04/15 14:42:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trusteer
[2014/04/15 14:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusteer
[2014/04/15 14:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX870 series
[2014/04/15 14:11:15 | 000,000,000 | -HSD | C] -- C:\Users\Georgette\AppData\Local\EmieUserList
[2014/04/15 14:11:15 | 000,000,000 | -HSD | C] -- C:\Users\Georgette\AppData\Local\EmieSiteList
[2014/04/15 09:21:52 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\Hewlett-Packard
[2014/04/15 08:16:07 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{9C70665B-E78B-4534-B282-F1ED480A2436}
[2014/04/14 13:54:31 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{8E6DA6E5-D833-40AE-B7A5-969EA8DCA7DE}
[2014/04/13 21:01:55 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{F58C2649-DE0B-4492-93C0-5B59C8195611}
[2014/04/13 12:10:30 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\OPHD
[2014/04/13 11:56:58 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\ElevatedDiagnostics
[2014/04/13 11:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\OPHD
[2014/04/13 11:35:47 | 000,148,992 | ---- | C] (Oki Data Corporation) -- C:\windows\SysNative\OPDMN025.DLL
[2014/04/13 11:35:47 | 000,054,784 | ---- | C] (Oki Data Corporation) -- C:\windows\SysNative\OPUSBEXT.DLL
[2014/04/13 11:35:47 | 000,039,424 | ---- | C] (Oki Data Corporation) -- C:\windows\SysNative\OPCLB025.DLL
[2014/04/13 11:35:46 | 000,072,704 | ---- | C] (Oki Data Corporation) -- C:\windows\SysNative\OPE02LOC.DLL
[2014/04/13 11:35:46 | 000,065,536 | ---- | C] (Oki Data Corporation) -- C:\windows\SysNative\OPSLD025.DLL
[2014/04/13 11:35:46 | 000,039,936 | ---- | C] (Oki Data Corporation) -- C:\windows\SysNative\OPUSB025.DLL
[2014/04/13 11:35:46 | 000,039,936 | ---- | C] (Oki Data Corporation) -- C:\windows\SysNative\OPEXTUAC.DLL
[2014/04/13 11:35:46 | 000,039,424 | ---- | C] (Oki Data Corporation) -- C:\windows\SysNative\OPC02LOC.DLL
[2014/04/13 11:35:46 | 000,037,376 | ---- | C] (Oki Data Corporation) -- C:\windows\SysNative\OPDVA025.DLL
[2014/04/13 11:35:45 | 000,000,000 | ---D | C] -- C:\OKIDATA
[2014/04/13 11:35:12 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\InstallShield
[2014/04/13 11:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4500 series Manual
[2014/04/13 08:59:55 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{4DCDA5E1-868D-4EAE-8C39-98A0A4A6BEF5}
[2014/04/12 08:59:53 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{5C7E85EA-EA05-4DBF-BB56-9411502AF0A1}
[2014/04/11 12:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Digital Image Suite Anniversary Edition
[2014/04/11 11:40:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Digital Image 2006
[2014/04/11 08:59:56 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{CC6BBA8C-7C55-4D42-8B31-6D03AE04EA79}
[2014/04/09 19:12:16 | 000,000,000 | ---D | C] -- C:\Users\Georgette\Documents\ScanJet2400
[2014/04/09 19:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2014/04/09 19:08:26 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\HP
[2014/04/09 19:08:23 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\HP
[2014/04/09 19:05:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2014/04/09 19:05:21 | 000,000,000 | ---D | C] -- C:\UniScan
[2014/04/09 19:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2014/04/09 19:04:55 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2014/04/09 19:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2014/04/09 18:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2014/04/09 18:47:21 | 000,077,004 | ---- | C] (Oak Technology Inc.) -- C:\windows\SysWow64\drivers\AFS.SYS
[2014/04/09 18:47:14 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\Share-to-Web Upload Folder
[2014/04/09 18:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard
[2014/04/09 18:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Share-to-Web
[2014/04/09 18:45:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2014/04/09 18:45:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2014/04/09 18:45:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2014/04/09 18:43:19 | 000,000,000 | ---D | C] -- C:\col8884
[2014/04/09 18:42:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2014/04/09 18:41:27 | 000,000,000 | ---D | C] -- C:\col1832
[2014/04/09 09:00:07 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{C0A3B3B9-4B6D-4775-8CED-0F4FEDA28E70}
[2014/04/08 13:12:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2014/04/08 08:59:54 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{288E6EE6-3C7A-4518-9A75-96157D5BB0F7}
[2014/04/07 13:45:03 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\Ulead Systems
[2014/04/07 12:46:53 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\Cyberlink
[2014/04/07 12:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nikon
[2014/04/07 12:24:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PhotoDirector 4
[2014/04/07 12:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2014/04/07 08:59:54 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{CB8A4E3A-002B-48AA-ACB2-F647E58A57A2}
[2014/04/06 18:30:38 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2014/04/06 17:56:26 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\Smith Micro
[2014/04/06 16:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/04/06 16:37:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/04/06 16:37:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/04/06 16:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/04/06 16:35:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/04/06 16:04:28 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{E5031BA2-7A1C-4AB7-8443-EC6391466ACE}
[2014/04/06 14:38:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StuffIt Deluxe
[2014/04/06 14:38:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smith Micro
[2014/04/05 10:57:52 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\2BrightSparks
[2014/04/05 10:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2BrightSparks
[2014/04/05 10:57:40 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\2BrightSparks
[2014/04/05 10:57:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2BrightSparks
[2014/04/05 10:55:41 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\Programs
[2014/04/05 08:54:20 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{2E084825-4CA5-4566-8F73-31C08E4A9223}
[2014/04/04 19:11:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ulead Systems
[2014/04/04 19:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoImpact Pro
[2014/04/04 18:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2014/04/04 18:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2014/04/04 18:25:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
[2014/04/04 18:18:26 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2014/04/04 10:13:38 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{484FF655-6591-407D-8D07-4A429D4D8915}
[2014/04/03 11:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2014/04/03 11:15:11 | 000,000,000 | ---D | C] -- C:\windows\Migration
[2014/04/03 11:09:24 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{79077AA2-5B30-458B-ACFF-DA945CD573D2}
[2014/04/03 08:21:44 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{316BD288-0F38-4686-BEE2-E1EB4F50608F}
[2014/04/02 08:33:50 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{088DD8EF-F965-4199-A393-54168A3AFF86}
[2014/04/01 10:33:26 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\Adobe
[2014/04/01 10:06:33 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{F46963A0-D5A2-42A1-888D-B2009C59122D}
[2014/04/01 08:52:26 | 001,129,120 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0604010.00E\symefa64.sys
[2014/04/01 08:52:26 | 000,737,952 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0604010.00E\srtsp64.sys
[2014/04/01 08:52:26 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0604010.00E\symds64.sys
[2014/04/01 08:52:26 | 000,405,624 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0604010.00E\symnets.sys
[2014/04/01 08:52:26 | 000,190,072 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0604010.00E\ironx64.sys
[2014/04/01 08:52:26 | 000,167,072 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0604010.00E\ccsetx64.sys
[2014/04/01 08:52:26 | 000,037,536 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\0604010.00E\srtspx64.sys
[2014/04/01 08:52:20 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64\0604010.00E
[2014/03/31 18:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2014/03/31 18:08:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014/03/31 18:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2014/03/31 18:08:10 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\spool
[2014/03/31 18:08:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2014/03/31 18:06:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2014/03/31 13:15:30 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/03/31 13:15:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2014/03/31 13:15:30 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2014/03/31 13:14:34 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64
[2014/03/31 13:14:33 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2014/03/31 13:14:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2014/03/31 12:59:32 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NSTx64\7DE07000.02B\ccSetx64.sys
[2014/03/31 12:59:29 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NSTx64
[2014/03/31 12:59:29 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NSTx64\7DE07000.02B
[2014/03/31 12:59:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
[2014/03/31 12:59:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Identity Safe
[2014/03/31 12:46:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2014/03/31 12:41:25 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2014/03/31 11:04:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuoteTracker
[2014/03/31 08:56:41 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{4138C80C-35D5-43EC-9C37-D4F3886A4B06}
[2014/03/30 18:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/03/30 18:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/03/30 18:27:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/03/30 17:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop Calendar
[2014/03/30 16:58:33 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\Template
[2014/03/30 16:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2014/03/30 16:55:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2014/03/30 16:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2014/03/30 16:11:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2014/03/30 16:11:08 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\Canon
[2014/03/30 16:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX870 series User Registration
[2014/03/30 15:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2014/03/30 15:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX870 series Manual
[2014/03/30 15:46:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2014/03/30 15:46:25 | 000,000,000 | -H-D | C] -- C:\windows\SysNative\CanonIJ Uninstaller Information
[2014/03/30 15:45:57 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2014/03/30 15:45:52 | 000,000,000 | ---D | C] -- C:\windows\SysNative\STRING
[2014/03/30 15:45:50 | 000,000,000 | ---D | C] -- C:\windows\SysNative\CHM
[2014/03/30 15:40:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2014/03/30 14:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moffsoft FreeCalc
[2014/03/30 14:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Moffsoft FreeCalc
[2014/03/30 14:26:56 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/03/30 14:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2014/03/30 13:31:34 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\Devolutions
[2014/03/30 12:00:06 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\Microsoft Help
[2014/03/30 12:00:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2014/03/30 11:59:08 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\SoftGrid Client
[2014/03/30 11:59:08 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\SoftGrid Client
[2014/03/30 11:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2014/03/30 11:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/03/30 11:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2014/03/30 11:58:18 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Roaming\TP
[2014/03/30 11:01:38 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\{4A002893-7FD8-4C91-A961-1874AAA7FB0D}
[2014/03/29 14:04:49 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\CutePDF Writer
[2014/03/29 14:02:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPLGS
[2014/03/29 14:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
[2014/03/29 14:02:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acro Software
[2014/03/29 13:54:28 | 000,000,000 | ---D | C] -- C:\Users\Georgette\AppData\Local\Macromedia
[2014/03/29 13:51:15 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2011/05/21 01:28:38 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe

========== Files - Modified Within 30 Days ==========

[2014/04/28 11:33:39 | 000,020,688 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/28 11:33:39 | 000,020,688 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/28 11:23:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/04/27 17:55:38 | 000,455,961 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2014/04/27 17:54:23 | 417,665,023 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/27 13:26:01 | 000,782,164 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/04/27 13:26:01 | 000,662,100 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/04/27 13:26:01 | 000,121,710 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/04/26 10:40:47 | 000,002,786 | ---- | M] () -- C:\Users\Georgette\AppData\Roaming\wklnhst.dat
[2014/04/25 10:05:57 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/25 09:04:42 | 893,408,456 | ---- | M] () -- C:\windows\MEMORY.DMP
[2014/04/24 18:27:03 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/24 17:47:01 | 000,002,453 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2014/04/23 14:41:33 | 000,527,688 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/04/23 12:46:17 | 000,002,284 | ---- | M] () -- C:\Users\Georgette\Desktop\Lenovo Rescue System.lnk
[2014/04/23 11:19:45 | 000,001,113 | ---- | M] () -- C:\Users\Georgette\Desktop\qaccess.exe - Shortcut.lnk
[2014/04/19 09:10:41 | 000,032,126 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\VT20140417.018
[2014/04/18 14:32:06 | 000,001,397 | ---- | M] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2014/04/18 14:08:10 | 000,002,148 | ---- | M] () -- C:\Users\Public\Desktop\Seagate Manager.lnk
[2014/04/18 14:04:21 | 000,002,777 | ---- | M] () -- C:\Users\Public\Desktop\Greeting Card Factory Deluxe.lnk
[2014/04/14 00:01:06 | 000,316,312 | ---- | M] (Trusteer Ltd.) -- C:\windows\SysNative\drivers\RapportKE64.sys
[2014/04/13 12:10:46 | 000,000,000 | ---- | M] () -- C:\Users\Georgette\Documents\OKI 5500
[2014/04/13 11:17:07 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\iP4500 series On-screen Manual.lnk
[2014/04/11 12:02:20 | 000,002,076 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Digital Image Suite Anniversary Edition Library.lnk
[2014/04/11 12:01:46 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Digital Image Suite Anniversary Edition Editor.lnk
[2014/04/11 11:30:33 | 001,851,767 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\Cat.DB
[2014/04/09 18:47:24 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\HP Memories Disc.lnk
[2014/04/09 18:47:21 | 000,077,004 | ---- | M] (Oak Technology Inc.) -- C:\windows\SysWow64\drivers\AFS.SYS
[2014/04/09 18:46:11 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\HP Director.lnk
[2014/04/09 18:46:10 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo & Imaging.lnk
[2014/04/08 14:02:09 | 000,000,030 | ---- | M] () -- C:\windows\Iedit_.INI
[2014/04/07 12:24:12 | 000,001,505 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PhotoDirector 4.lnk
[2014/04/06 15:25:32 | 000,001,997 | ---- | M] () -- C:\Users\Public\Desktop\DropStuff.lnk
[2014/04/06 15:25:32 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\StuffIt Expander.lnk
[2014/04/05 10:57:43 | 000,001,221 | ---- | M] () -- C:\Users\Georgette\Desktop\SyncBackFree.lnk
[2014/04/04 19:57:07 | 000,002,146 | ---- | M] () -- C:\Users\Public\Desktop\PhotoImpact Pro.lnk
[2014/04/04 18:27:26 | 000,000,376 | ---- | M] () -- C:\windows\ODBC.INI
[2014/04/04 15:52:58 | 000,774,402 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2014/04/04 14:40:53 | 000,004,776 | ---- | M] () -- C:\Users\Georgette\Desktop\SyncBack.exe - Shortcut.lnk
[2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/04/01 18:29:19 | 000,002,310 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2014/03/31 18:08:57 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional TryOut.lnk
[2014/03/31 13:15:30 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/03/31 13:15:30 | 000,007,488 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/03/31 13:15:30 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/03/31 12:41:25 | 000,001,256 | ---- | M] () -- C:\Users\Georgette\Desktop\Norton Installation Files.lnk
[2014/03/31 11:22:59 | 000,001,458 | ---- | M] () -- C:\Users\Georgette\Desktop\stocks.exe - Shortcut.lnk
[2014/03/30 18:30:22 | 000,016,284 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2014/03/30 18:30:21 | 000,016,284 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2014/03/30 17:43:09 | 000,001,023 | ---- | M] () -- C:\Users\Georgette\Desktop\Desktop Calendar.lnk
[2014/03/30 17:28:07 | 000,001,002 | ---- | M] () -- C:\Users\Georgette\Desktop\Desktop Calendar.exe - Shortcut.lnk
[2014/03/30 16:58:39 | 000,001,127 | ---- | M] () -- C:\Users\Georgette\Desktop\Microsoft Works.LNK
[2014/03/30 16:12:59 | 000,002,095 | ---- | M] () -- C:\Users\Public\Desktop\Canon MP Navigator EX 3.1.lnk
[2014/03/30 16:02:12 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\Canon MX870 series User Registration.LNK
[2014/03/30 15:48:08 | 000,002,093 | ---- | M] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk
[2014/03/30 15:47:00 | 000,002,354 | ---- | M] () -- C:\Users\Public\Desktop\Canon MX870 series On-screen Manual.lnk
[2014/03/30 14:36:48 | 000,001,114 | ---- | M] () -- C:\Users\Georgette\Application Data\Microsoft\Internet Explorer\Quick Launch\Moffsoft FreeCalc.lnk
[2014/03/30 14:26:56 | 000,000,758 | ---- | M] () -- C:\Users\Georgette\Desktop\Revo Uninstaller.lnk
[2014/03/29 13:05:59 | 000,000,258 | RHS- | M] () -- C:\Users\Georgette\ntuser.pol

========== Files Created - No Company Name ==========

[2014/04/25 09:04:42 | 893,408,456 | ---- | C] () -- C:\windows\MEMORY.DMP
[2014/04/24 18:27:02 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/23 14:05:13 | 000,035,000 | ---- | C] () -- C:\windows\SysNative\mxntdfg.exe
[2014/04/23 13:57:55 | 000,001,004 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SystemSuite 10 Professional.lnk
[2014/04/23 11:19:45 | 000,001,113 | ---- | C] () -- C:\Users\Georgette\Desktop\qaccess.exe - Shortcut.lnk
[2014/04/19 10:52:33 | 000,032,126 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\VT20140417.018
[2014/04/18 14:32:04 | 000,001,397 | ---- | C] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2014/04/18 14:08:09 | 000,002,148 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Manager.lnk
[2014/04/18 14:04:20 | 000,002,777 | ---- | C] () -- C:\Users\Public\Desktop\Greeting Card Factory Deluxe.lnk
[2014/04/13 12:10:30 | 000,000,000 | ---- | C] () -- C:\Users\Georgette\Documents\OKI 5500
[2014/04/13 11:16:44 | 000,002,340 | ---- | C] () -- C:\Users\Public\Desktop\iP4500 series On-screen Manual.lnk
[2014/04/11 12:02:19 | 000,002,076 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Digital Image Suite Anniversary Edition Library.lnk
[2014/04/11 12:01:46 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Digital Image Suite Anniversary Edition Editor.lnk
[2014/04/09 18:47:24 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\HP Memories Disc.lnk
[2014/04/09 18:46:10 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\HP Director.lnk
[2014/04/09 18:46:08 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo & Imaging.lnk
[2014/04/09 18:46:06 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2014/04/08 14:02:09 | 000,000,030 | ---- | C] () -- C:\windows\Iedit_.INI
[2014/04/07 12:24:10 | 000,001,505 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PhotoDirector 4.lnk
[2014/04/06 15:25:32 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\StuffIt Expander.lnk
[2014/04/06 15:25:31 | 000,001,997 | ---- | C] () -- C:\Users\Public\Desktop\DropStuff.lnk
[2014/04/05 10:57:43 | 000,001,221 | ---- | C] () -- C:\Users\Georgette\Desktop\SyncBackFree.lnk
[2014/04/04 19:57:07 | 000,002,146 | ---- | C] () -- C:\Users\Public\Desktop\PhotoImpact Pro.lnk
[2014/04/04 18:27:26 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2014/04/04 14:40:53 | 000,004,776 | ---- | C] () -- C:\Users\Georgette\Desktop\SyncBack.exe - Shortcut.lnk
[2014/04/01 18:28:15 | 001,851,767 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\Cat.DB
[2014/04/01 08:52:26 | 000,007,496 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\symds64.cat
[2014/04/01 08:52:26 | 000,007,458 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\symnet64.cat
[2014/04/01 08:52:26 | 000,007,450 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\iron.cat
[2014/04/01 08:52:26 | 000,007,446 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\ccsetx64.cat
[2014/04/01 08:52:26 | 000,007,438 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\symefa64.cat
[2014/04/01 08:52:26 | 000,007,406 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\srtspx64.cat
[2014/04/01 08:52:26 | 000,007,402 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\srtsp64.cat
[2014/04/01 08:52:26 | 000,003,435 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\symefa.inf
[2014/04/01 08:52:26 | 000,002,852 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\symds.inf
[2014/04/01 08:52:26 | 000,001,441 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\symnet.inf
[2014/04/01 08:52:26 | 000,001,437 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\srtsp64.inf
[2014/04/01 08:52:26 | 000,001,419 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\srtspx64.inf
[2014/04/01 08:52:26 | 000,000,853 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\ccsetx64.inf
[2014/04/01 08:52:26 | 000,000,772 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\iron.inf
[2014/04/01 08:52:20 | 000,008,942 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\symvtcer.dat
[2014/04/01 08:52:20 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\0604010.00E\isolate.ini
[2014/03/31 18:08:54 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional TryOut.lnk
[2014/03/31 18:08:52 | 000,002,049 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller 7.0 TryOut.lnk
[2014/03/31 18:08:48 | 000,002,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 7.0 TryOut.lnk
[2014/03/31 18:08:43 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Designer 7.0 TryOut.lnk
[2014/03/31 18:08:41 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2014/03/31 13:15:30 | 000,007,488 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/03/31 13:15:30 | 000,000,855 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/03/31 13:15:25 | 000,002,310 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2014/03/31 12:59:29 | 000,008,202 | R--- | C] () -- C:\windows\SysNative\drivers\NSTx64\7DE07000.02B\ccSetx64.cat
[2014/03/31 12:59:29 | 000,000,855 | R--- | C] () -- C:\windows\SysNative\drivers\NSTx64\7DE07000.02B\ccSetx64.inf
[2014/03/31 12:59:29 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NSTx64\7DE07000.02B\isolate.ini
[2014/03/31 12:41:25 | 000,001,256 | ---- | C] () -- C:\Users\Georgette\Desktop\Norton Installation Files.lnk
[2014/03/31 11:22:59 | 000,001,458 | ---- | C] () -- C:\Users\Georgette\Desktop\stocks.exe - Shortcut.lnk
[2014/03/30 18:30:22 | 000,016,284 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2014/03/30 18:30:21 | 000,016,284 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2014/03/30 17:43:09 | 000,001,023 | ---- | C] () -- C:\Users\Georgette\Desktop\Desktop Calendar.lnk
[2014/03/30 17:28:07 | 000,001,002 | ---- | C] () -- C:\Users\Georgette\Desktop\Desktop Calendar.exe - Shortcut.lnk
[2014/03/30 16:58:39 | 000,001,127 | ---- | C] () -- C:\Users\Georgette\Desktop\Microsoft Works.LNK
[2014/03/30 16:58:32 | 000,002,786 | ---- | C] () -- C:\Users\Georgette\AppData\Roaming\wklnhst.dat
[2014/03/30 16:57:16 | 000,002,016 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2014/03/30 16:57:15 | 000,001,920 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2014/03/30 16:12:59 | 000,002,095 | ---- | C] () -- C:\Users\Public\Desktop\Canon MP Navigator EX 3.1.lnk
[2014/03/30 15:48:41 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\Canon MX870 series User Registration.LNK
[2014/03/30 15:48:06 | 000,002,093 | ---- | C] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk
[2014/03/30 15:47:00 | 000,002,354 | ---- | C] () -- C:\Users\Public\Desktop\Canon MX870 series On-screen Manual.lnk
[2014/03/30 15:46:22 | 000,015,360 | ---- | C] () -- C:\windows\SysWow64\CNC1743D.TBL
[2014/03/30 15:46:22 | 000,015,360 | ---- | C] () -- C:\windows\SysNative\CNC1743D.TBL
[2014/03/30 14:36:48 | 000,001,114 | ---- | C] () -- C:\Users\Georgette\Application Data\Microsoft\Internet Explorer\Quick Launch\Moffsoft FreeCalc.lnk
[2014/03/30 14:26:56 | 000,000,758 | ---- | C] () -- C:\Users\Georgette\Desktop\Revo Uninstaller.lnk
[2014/03/30 11:58:42 | 000,774,402 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2014/03/29 14:02:17 | 000,087,600 | ---- | C] () -- C:\windows\SysNative\cpwmon64.dll
[2014/03/29 13:05:59 | 000,000,258 | RHS- | C] () -- C:\Users\Georgette\ntuser.pol
[2014/03/28 11:17:10 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2014/01/29 23:02:42 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2014/01/29 23:02:22 | 000,077,312 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2014/01/29 23:02:20 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin

========== ZeroAccess Check ==========

[2011/08/16 03:40:54 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\L
[2011/08/16 03:40:54 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\N
[2011/08/16 03:40:56 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\U
[2011/08/16 03:39:58 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\L
[2011/08/16 03:39:58 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\N
[2011/08/16 03:40:00 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\U
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/04/05 10:57:52 | 000,000,000 | ---D | M] -- C:\Users\Georgette\AppData\Roaming\2BrightSparks
[2014/04/20 12:30:55 | 000,000,000 | ---D | M] -- C:\Users\Georgette\AppData\Roaming\Avanquest
[2014/04/08 13:12:07 | 000,000,000 | ---D | M] -- C:\Users\Georgette\AppData\Roaming\Canon
[2014/03/28 16:17:09 | 000,000,000 | ---D | M] -- C:\Users\Georgette\AppData\Roaming\Nova Development
[2014/04/13 12:10:30 | 000,000,000 | ---D | M] -- C:\Users\Georgette\AppData\Roaming\OPHD
[2014/04/18 14:18:03 | 000,000,000 | ---D | M] -- C:\Users\Georgette\AppData\Roaming\Smith Micro
[2014/04/06 17:58:37 | 000,000,000 | ---D | M] -- C:\Users\Georgette\AppData\Roaming\SoftGrid Client
[2014/03/30 16:58:33 | 000,000,000 | ---D | M] -- C:\Users\Georgette\AppData\Roaming\Template
[2014/03/27 13:17:57 | 000,000,000 | ---D | M] -- C:\Users\Georgette\AppData\Roaming\Tific
[2014/03/30 11:59:21 | 000,000,000 | ---D | M] -- C:\Users\Georgette\AppData\Roaming\TP
[2014/04/07 13:45:03 | 000,000,000 | ---D | M] -- C:\Users\Georgette\AppData\Roaming\Ulead Systems
[2011/08/15 23:32:51 | 000,000,000 | ---D | M] -- C:\Users\Georgette\AppData\Roaming\Windows Live Writer
[2014/03/27 13:17:56 | 000,000,000 | ---D | M] -- C:\Users\Georgette\AppData\Roaming\WinPatrol

========== Purity Check ==========

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 01:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 23:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/24 21:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 18:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 01:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/09 00:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 23:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 23:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 23:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 13:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 07:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 02:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/24 21:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 23:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 23:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/24 21:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 23:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 23:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 23:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 23:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 23:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 23:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 01:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 23:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 23:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 23:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 23:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 23:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 23:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 23:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 18:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 23:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 23:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 1459-B96F
Directory of C:\
07/14/2009 01:08 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
Directory of C:\$Recycle.Bin\S-1-5-21-686678894-351749931-3012076338-1001
07/14/2009 01:08 AM    <JUNCTION>     $R10SAZG [C:\Users\Public\Videos]
08/15/2011 12:34 AM    <JUNCTION>     $R9WLLK4 [C:\Users\Georgette\Music]
07/14/2009 01:08 AM    <JUNCTION>     $RF7XEW2 [C:\Users\Public\Music]
07/14/2009 01:08 AM    <JUNCTION>     $RO55JTD [C:\Users\Public\Pictures]
08/15/2011 12:34 AM    <JUNCTION>     $RQY6QNV [C:\Users\Georgette\Videos]
08/15/2011 12:34 AM    <JUNCTION>     $RTHHD63 [C:\Users\Georgette\Pictures]
               0 File(s)              0 bytes
Directory of C:\ProgramData
07/14/2009 01:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009 01:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users
07/14/2009 01:08 AM    <SYMLINKD>     All Users [C:\ProgramData]
07/14/2009 01:08 AM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
Directory of C:\Users\All Users
07/14/2009 01:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009 01:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009 01:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\Default
07/14/2009 01:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 01:08 AM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 01:08 AM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/14/2009 01:08 AM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 01:08 AM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 01:08 AM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 01:08 AM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 01:08 AM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 01:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/14/2009 01:08 AM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 01:08 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 01:08 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/14/2009 01:08 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/14/2009 01:08 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
Directory of C:\Users\Georgette
08/15/2011 12:34 AM    <JUNCTION>     Application Data [C:\Users\Georgette\AppData\Roaming]
08/15/2011 12:34 AM    <JUNCTION>     Cookies [C:\Users\Georgette\AppData\Roaming\Microsoft\Windows\Cookies]
08/15/2011 12:34 AM    <JUNCTION>     Local Settings [C:\Users\Georgette\AppData\Local]
08/15/2011 12:34 AM    <JUNCTION>     My Documents [C:\Users\Georgette\Documents]
08/15/2011 12:34 AM    <JUNCTION>     NetHood [C:\Users\Georgette\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/15/2011 12:34 AM    <JUNCTION>     PrintHood [C:\Users\Georgette\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/15/2011 12:34 AM    <JUNCTION>     Recent [C:\Users\Georgette\AppData\Roaming\Microsoft\Windows\Recent]
08/15/2011 12:34 AM    <JUNCTION>     SendTo [C:\Users\Georgette\AppData\Roaming\Microsoft\Windows\SendTo]
08/15/2011 12:34 AM    <JUNCTION>     Start Menu [C:\Users\Georgette\AppData\Roaming\Microsoft\Windows\Start Menu]
08/15/2011 12:34 AM    <JUNCTION>     Templates [C:\Users\Georgette\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\Georgette\AppData\Local
08/15/2011 12:34 AM    <JUNCTION>     Application Data [C:\Users\Georgette\AppData\Local]
08/15/2011 12:34 AM    <JUNCTION>     History [C:\Users\Georgette\AppData\Local\Microsoft\Windows\History]
08/15/2011 12:34 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Georgette\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
Directory of C:\Windows\System32\config\systemprofile
03/28/2014 03:13 PM    <JUNCTION>     Application Data [C:\windows\system32\config\systemprofile\AppData\Roaming]
03/28/2014 03:13 PM    <JUNCTION>     Cookies [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
03/28/2014 03:13 PM    <JUNCTION>     Local Settings [C:\windows\system32\config\systemprofile\AppData\Local]
03/28/2014 03:13 PM    <JUNCTION>     My Documents [C:\windows\system32\config\systemprofile\Documents]
03/28/2014 03:13 PM    <JUNCTION>     NetHood [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/28/2014 03:13 PM    <JUNCTION>     PrintHood [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/28/2014 03:13 PM    <JUNCTION>     Recent [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
03/28/2014 03:13 PM    <JUNCTION>     SendTo [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
03/28/2014 03:13 PM    <JUNCTION>     Start Menu [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
03/28/2014 03:13 PM    <JUNCTION>     Templates [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
03/28/2014 03:13 PM    <JUNCTION>     Application Data [C:\windows\system32\config\systemprofile\AppData\Local]
03/28/2014 03:13 PM    <JUNCTION>     History [C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
03/28/2014 03:13 PM    <JUNCTION>     Temporary Internet Files [C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
03/28/2014 03:13 PM    <JUNCTION>     My Music [C:\windows\system32\config\systemprofile\Music]
03/28/2014 03:13 PM    <JUNCTION>     My Pictures [C:\windows\system32\config\systemprofile\Pictures]
03/28/2014 03:13 PM    <JUNCTION>     My Videos [C:\windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile
03/28/2014 03:13 PM    <JUNCTION>     Application Data [C:\windows\system32\config\systemprofile\AppData\Roaming]
03/28/2014 03:13 PM    <JUNCTION>     Cookies [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
03/28/2014 03:13 PM    <JUNCTION>     Local Settings [C:\windows\system32\config\systemprofile\AppData\Local]
03/28/2014 03:13 PM    <JUNCTION>     My Documents [C:\windows\system32\config\systemprofile\Documents]
03/28/2014 03:13 PM    <JUNCTION>     NetHood [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/28/2014 03:13 PM    <JUNCTION>     PrintHood [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/28/2014 03:13 PM    <JUNCTION>     Recent [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
03/28/2014 03:13 PM    <JUNCTION>     SendTo [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
03/28/2014 03:13 PM    <JUNCTION>     Start Menu [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
03/28/2014 03:13 PM    <JUNCTION>     Templates [C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
03/28/2014 03:13 PM    <JUNCTION>     Application Data [C:\windows\system32\config\systemprofile\AppData\Local]
03/28/2014 03:13 PM    <JUNCTION>     History [C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
03/28/2014 03:13 PM    <JUNCTION>     Temporary Internet Files [C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
03/28/2014 03:13 PM    <JUNCTION>     My Music [C:\windows\system32\config\systemprofile\Music]
03/28/2014 03:13 PM    <JUNCTION>     My Pictures [C:\windows\system32\config\systemprofile\Pictures]
03/28/2014 03:13 PM    <JUNCTION>     My Videos [C:\windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              82 Dir(s) 401,939,247,104 bytes free

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\pebuilder3110a\BartPE\I386\EXPLORER.EXE
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2004/08/09 14:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\SERVICES.EXE

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\windows\SysNative\en-US\services.exe.mui
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.HTML >
[2005/06/15 11:40:38 | 000,004,298 | ---- | M] () MD5=41E463AD8C2DAE5D11EDA05976FD8C35 -- C:\Program Files (x86)\BillP Studios\WinPatrol\services.html

< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\SyncBack\SyncBack\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\Georgette\Documents\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\services.msc
[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.PWP >
[2003/03/12 14:48:04 | 000,051,712 | ---- | M] () MD5=68A4771200006EEEF252167640677999 -- C:\$Recycle.Bin\S-1-5-21-686678894-351749931-3012076338-1001\$R4T85GP\LEXAR MEDIA (O)\company\BCS\services.pwp
[2003/03/12 14:48:04 | 000,051,712 | ---- | M] () MD5=68A4771200006EEEF252167640677999 -- C:\SyncBack\SyncBack\Lexar Media File Backup\LEXAR MEDIA (O)\company\BCS\services.pwp
[2003/03/12 14:48:04 | 000,051,712 | ---- | M] () MD5=68A4771200006EEEF252167640677999 -- C:\Users\Georgette\Documents\Lexar Media File Backup\LEXAR MEDIA (O)\company\BCS\services.pwp

< MD5 for: SERVICES.RCD >
[2014/04/27 17:56:11 | 000,089,226 | ---- | M] () MD5=D1D8E34EDF204E4067BB4A73AB17EE87 -- C:\_Backup.RC\windows\Services.rcd

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2004/08/09 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\SVCHOST.EXE
[2014/04/03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/09 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\USERINIT.EXE
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/09 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\WINLOGON.EXE
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014/04/03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe

========== Files - Unicode (All) ==========
[2014/04/25 11:58:36 | 000,000,612 | ---- | M] ()(C:\Users\Georgette\Desktop\???????????????????????????L) -- C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㐴㔱㘱⸵䵘L
[2014/04/25 11:58:36 | 000,000,612 | ---- | C] ()(C:\Users\Georgette\Desktop\???????????????????????????L) -- C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㐴㔱㘱⸵䵘L
[2014/04/25 11:42:38 | 000,000,321 | ---- | M] ()(C:\Users\Georgette\Desktop\???????????????????????????L??????S) -- C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㐴㔰㠵⸳䵘L兂瀮晤匠噁䅅S
[2014/04/25 11:42:38 | 000,000,321 | ---- | C] ()(C:\Users\Georgette\Desktop\???????????????????????????L??????S) -- C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㐴㔰㠵⸳䵘L兂瀮晤匠噁䅅S
[2014/04/25 11:06:04 | 000,000,293 | ---- | M] ()(C:\Users\Georgette\Desktop\???????????????????????????L???????S) -- C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㌴㌸㐶⸲䵘L慂獬瀮晤匠噁䅅S
[2014/04/25 11:06:04 | 000,000,293 | ---- | C] ()(C:\Users\Georgette\Desktop\???????????????????????????L???????S) -- C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㌴㌸㐶⸲䵘L慂獬瀮晤匠噁䅅S

< End of report >

2nd Log follows

OTL Extras logfile created on: 4/28/2014 11:46:29 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Georgette\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.85 Gb Total Physical Memory | 3.48 Gb Available Physical Memory | 59.48% Memory free
11.70 Gb Paging File | 9.12 Gb Available in Paging File | 77.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906.34 Gb Total Space | 374.44 Gb Free Space | 41.31% Space Free | Partition Type: NTFS
Drive F: | 206.62 Gb Total Space | 0.30 Gb Free Space | 0.15% Space Free | Partition Type: NTFS
Drive H: | 465.73 Gb Total Space | 290.41 Gb Free Space | 62.36% Space Free | Partition Type: NTFS

Computer Name: MOTHERSHIP | User Name: Georgette | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Key error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Key error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DB11E46-77C1-4772-8F23-DD22A83A6902}" = rport=137 | protocol=17 | dir=out | app=system |
"{0E9BF936-763B-4551-9788-5039B12B967E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{136144C4-D288-400C-9B4E-7E7F9BF5436A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{15A3667C-6A89-4698-AC4E-C7F088E20C48}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2022B15D-286F-41D9-B79A-2D5A46918028}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2934C9A8-F55A-43C3-85D2-0BECD58F5A0D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3714EF3B-58FB-461F-BA2B-00E7D48097C6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3A0D8C40-1B24-48B1-84D9-B3E0D5D015F0}" = lport=137 | protocol=17 | dir=in | app=system |
"{4135E808-7FFB-4D5B-BBF1-647E195987F1}" = rport=139 | protocol=6 | dir=out | app=system |
"{46822832-556C-4FEF-AEF0-EA216DEA714E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A76E8BB-3020-4FA3-A4D1-562C163EC529}" = rport=138 | protocol=17 | dir=out | app=system |
"{6B81F429-6CDC-4D44-A81F-E56EA9790E5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6CCC0024-476E-43CF-9CE3-41530439A5D5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6DABCBF5-6D0C-4FA8-94CF-D917CA7FEBBF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72932240-B2E7-4CA7-83A2-63606CCC76E4}" = lport=445 | protocol=6 | dir=in | app=system |
"{9A1D2606-4C12-499A-9842-DEDA71D5DD92}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A19879D9-1F7A-469E-9BE9-770791EC9A18}" = lport=139 | protocol=6 | dir=in | app=system |
"{A3A7E8D3-8D4D-466B-BAF1-88FF1197D38D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B8198A3C-2F8C-47E1-A1EB-88F191586ADC}" = lport=138 | protocol=17 | dir=in | app=system |
"{B90986B7-007E-4A70-894F-83B8CFCC556A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C5052A43-2FA8-4159-9CD6-08AEFCCE2E31}" = rport=445 | protocol=6 | dir=out | app=system |
"{C5C09A8C-6B48-4F25-B113-E3611318067F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{CF5CA86F-1C08-427B-BE69-316039D72C10}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CF9B6057-2AC7-45DB-ACCB-76B4E6964617}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F0D71F7F-A920-4269-AC92-0E155CD2A148}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0445D7C4-7DF4-4B55-9823-409D95248389}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{108DEE29-F051-4FBB-B392-69C2015788AF}" = protocol=58 | dir=out | [email protected],-28546 |
"{12B92D55-A713-4B50-BFA9-40D17EB0ECD3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2357646E-2F61-499D-9B8F-2B829BBC0ED8}" = protocol=1 | dir=in | [email protected],-28543 |
"{24C062BE-AA74-4FB7-8301-4A2EEB55331C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2AD0F84C-1783-4BA3-9BEF-BE7AF2FDDE4F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{34DB7DBB-EF30-47A0-AD03-E7E1AD173364}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3745B5C9-0DC0-4600-9709-82C25681992F}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpqkygrp.exe |
"{4E6247B5-0A0C-4C93-98F2-9F46EFC4ABF3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5ED61A6A-F95A-47F9-B606-9D344DE4E1AF}" = protocol=1 | dir=out | [email protected],-28544 |
"{6135D51C-8CE0-427B-8798-5AAAD3733A10}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7B059C22-C150-44C8-8B02-43F22B93BBF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C977D3B-44FB-4C79-B951-26BB5DC7AF74}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpfccopy.exe |
"{7D751F53-D990-427C-BED7-FB08CA2BEAD9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{852B0A09-CC8E-4924-8963-88B9C4123B99}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8AE757DD-985F-4DCF-AEFB-7CCBFF00D350}" = protocol=58 | dir=in | [email protected],-28545 |
"{97DA33E8-4070-4495-8C14-5A7D73458FB4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9A88E021-9FAB-46B0-9874-5A1668BC9D2A}" = protocol=6 | dir=out | app=system |
"{9C086E9C-4887-46F9-9A8F-5871DA59EF67}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9C44865C-7F4B-4022-A381-B85D26AE01C1}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpqscnvw.exe |
"{AEF06971-13EF-412D-A1C2-09395D5406A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B9ECA3BC-F616-4CFE-8F81-144E54C5581E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C910DB5D-A374-448B-8BDF-1FFAD396DD4D}" = dir=in | app=c:\program files (x86)\hewlett-packard\digital imaging\bin\hpiscnapp.exe |
"{CF8E24D7-6D08-4682-AEE2-79FEAC437DEE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E3A73DCD-306B-404D-BC34-04D1E50A3B6E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{FD20B777-0F5C-4D4B-B717-DE813A9A5BF2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7B604AC7-B496-473F-A17C-489398E38BEA}" = HP Scanjet 2400
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{84481A87-2316-4923-8FAB-3BA8CA29323D}" = WinPatrol
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"CutePDF Writer Installation" = CutePDF Writer 3.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"MouseSuite98" = Mouse Suite
"PROSet" = Intel® Network Connections Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact Pro
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{27187175-3B3E-47C8-B336-4334F0CBF444}" = StuffIt Deluxe 9.5
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2C52D6EB-EE7E-45C4-AFB8-1242164A4A44}" = C5500n - C5800Ldn Series GDI Driver from OKI® Printing Solutions for Windows
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30A4DD1D-FD55-4CE4-BA01-758E00BC0228}" = Greeting Card Factory Deluxe 8.0
"{32F9BACF-FCD3-4B6A-AD85-255A449B6FA5}" = Roxio BackOnTrack
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39D4FB9C-9CDE-4449-BD2B-6AD4D376CFDC}" = Art Explosion Publisher Pro 2.0
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E105E1-6E85-4828-8699-4B0227BB118F}" = hpg2410
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44510C84-AE2A-4079-A75B-D44E68D73B9A}" = CyberLink PhotoDirector 4
"{44C05309-60F4-410B-BC32-31733CFF1A49}" = Microsoft Digital Image Suite Anniversary Edition Editor
"{45970CD1-D599-47D4-938F-3E9800D54ED1}" = Lenovo Driver and Application Installation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB259}" = Microsoft Digital Image Suite Anniversary Edition Library
"{5183D7AB-D09B-411F-A74E-BBAEA61C6505}" = Lenovo Eye Distance System
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A615007-721D-4063-B226-EA41EB6604B9}" = SystemSuite 10 Professional
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6F7ECD56-E224-4263-9B7E-158E5CECC43B}" = HP Photo and Imaging 2.1 - Scanjet 2400 Series
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{803E6DED-5050-4E3D-B26A-5915397362CD}" = Lenovo Screensaver
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{816F9A97-9889-43DA-A394-7AA45DD68BA0}" = Power Dial
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-8796-100000000002}" = Adobe Acrobat 7.0 - Tryout Professional - English, Français, Deutsch
"{B1D89E54-08B1-4542-A69B-E634AEF10A40}" = Seagate Manager Installer
"{B20F9D1C-A0A5-4cd8-8306-DE95842311B1}" = LevelOne WUA-0605 Wireless LAN Driver
"{B266E062-D6C5-485B-B426-51B152B041A6}" = Lenovo Tinian Fn PS/2 Keyboard Driver
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9ED6D06-6002-495E-A7BC-46E6AE386996}" = Lenovo Dynamic Brightness System
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29CBF73-C211-4616-898A-379A2679F990}" = ThemeWallpaper
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 7.0 - Tryout Professional - English, Français, Deutsch" = Adobe Acrobat 7.0 - Tryout Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Canon MX870 series User Registration" = Canon MX870 series User Registration
"Desktop Calendar_is1" = Desktop Calendar
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact Pro
"InstallShield_{27187175-3B3E-47C8-B336-4334F0CBF444}" = StuffIt Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"InstallShield_{44510C84-AE2A-4079-A75B-D44E68D73B9A}" = CyberLink PhotoDirector 4
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"InstallShield_{B1D89E54-08B1-4542-A69B-E634AEF10A40}" = Seagate Manager Installer
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"MoffFreeCalc_is1" = Moffsoft FreeCalc
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"N360" = Norton 360
"NST" = Norton Identity Safe
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PE Builder_is1" = PE Builder 3.1.10a
"PictureItSuite_v12" = Microsoft Digital Image Suite Anniversary Edition
"QuoteTracker_is1" = QuoteTracker
"Rapport_msi" = Trusteer Endpoint Protection
"Revo Uninstaller" = Revo Uninstaller 1.95
"SeaTools for Windows" = SeaTools for Windows
"SyncBackFree_is1" = SyncBackFree
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/16/2014 10:05:16 AM | Computer Name = Mothership | Source = WinMgmt | ID = 10
Description =

Error - 4/16/2014 10:10:27 AM | Computer Name = Mothership | Source = WinMgmt | ID = 10
Description =

Error - 4/16/2014 1:44:39 PM | Computer Name = Mothership | Source = WinMgmt | ID = 10
Description =

Error - 4/16/2014 1:46:04 PM | Computer Name = Mothership | Source = MsiInstaller | ID = 11921
Description =

Error - 4/17/2014 9:17:27 AM | Computer Name = Mothership | Source = WinMgmt | ID = 10
Description =

Error - 4/17/2014 2:13:53 PM | Computer Name = Mothership | Source = Application Error | ID = 1000
Description = Faulting application name: hpqkygrp.EXE, version: 13.0.0.131, time
stamp: 0x4a0c07e4 Faulting module name: hpgt2436.dll, version: 6.0.0.0, time stamp:
0x45addbb2 Exception code: 0xc0000005 Fault offset: 0x00003a63 Faulting process id:
0xe7c Faulting application start time: 0x01cf5a68c716589a Faulting application path:
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.EXE Faulting
module path: C:\Program Files (x86)\Common Files\Hewlett-Packard\Scanjet\DriverStore\hpgt2436.dll
Report
Id: 083f178f-c65c-11e3-a362-1078d2fc93c1

Error - 4/17/2014 2:15:04 PM | Computer Name = Mothership | Source = Application Error | ID = 1000
Description = Faulting application name: hpqkygrp.EXE, version: 13.0.0.131, time
stamp: 0x4a0c07e4 Faulting module name: hpgt2436.dll, version: 6.0.0.0, time stamp:
0x45addbb2 Exception code: 0xc0000005 Fault offset: 0x00003a63 Faulting process id:
0x1884 Faulting application start time: 0x01cf5a68f184ee79 Faulting application path:
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.EXE Faulting
module path: C:\Program Files (x86)\Common Files\Hewlett-Packard\Scanjet\DriverStore\hpgt2436.dll
Report
Id: 32500d8a-c65c-11e3-a362-1078d2fc93c1

Error - 4/17/2014 2:19:37 PM | Computer Name = Mothership | Source = Application Error | ID = 1000
Description = Faulting application name: hpqkygrp.EXE, version: 13.0.0.131, time
stamp: 0x4a0c07e4 Faulting module name: hpgt2436.dll, version: 6.0.0.0, time stamp:
0x45addbb2 Exception code: 0xc0000005 Fault offset: 0x00003a63 Faulting process id:
0x15c0 Faulting application start time: 0x01cf5a69935d6c72 Faulting application path:
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.EXE Faulting
module path: C:\Program Files (x86)\Common Files\Hewlett-Packard\Scanjet\DriverStore\hpgt2436.dll
Report
Id: d53dae06-c65c-11e3-a362-1078d2fc93c1

Error - 4/17/2014 2:19:42 PM | Computer Name = Mothership | Source = Application Error | ID = 1000
Description = Faulting application name: hpqkygrp.EXE, version: 13.0.0.131, time
stamp: 0x4a0c07e4 Faulting module name: hpgt2436.dll, version: 6.0.0.0, time stamp:
0x45addbb2 Exception code: 0xc0000005 Fault offset: 0x00003a63 Faulting process id:
0x1710 Faulting application start time: 0x01cf5a69974686fe Faulting application path:
C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.EXE Faulting
module path: C:\Program Files (x86)\Common Files\Hewlett-Packard\Scanjet\DriverStore\hpgt2436.dll
Report
Id: d8116b75-c65c-11e3-a362-1078d2fc93c1

Error - 4/21/2014 8:59:46 AM | Computer Name = Mothership | Source = Application Error | ID = 1000
Description = Faulting application name: ccSvcHst.exe, version: 11.2.3.6, time stamp:
0x4fdbcf1d Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp:
0x521ea8e7 Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting process id:
0x6d0 Faulting application start time: 0x01cf5a3f2ca35be8 Faulting application path:
C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe Faulting module path:
C:\windows\SysWOW64\ntdll.dll Report Id: d018cb29-c954-11e3-a362-1078d2fc93c1

[ System Events ]
Error - 4/25/2014 3:41:42 PM | Computer Name = Mothership | Source = bowser | ID = 8003
Description =

Error - 4/25/2014 3:45:06 PM | Computer Name = Mothership | Source = bowser | ID = 8003
Description =

Error - 4/25/2014 4:13:05 PM | Computer Name = Mothership | Source = bowser | ID = 8003
Description =

Error - 4/25/2014 4:25:09 PM | Computer Name = Mothership | Source = bowser | ID = 8003
Description =

Error - 4/25/2014 4:45:39 PM | Computer Name = Mothership | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 4/25/2014 4:54:17 PM | Computer Name = Mothership | Source = bowser | ID = 8003
Description =

Error - 4/25/2014 5:06:52 PM | Computer Name = Mothership | Source = bowser | ID = 8003
Description =

Error - 4/25/2014 9:23:38 PM | Computer Name = Mothership | Source = Service Control Manager | ID = 7016
Description = The LitModeCtrl service has reported an invalid current state 32.

Error - 4/25/2014 9:24:21 PM | Computer Name = Mothership | Source = Service Control Manager | ID = 7016
Description = The LitModeCtrl service has reported an invalid current state 32.

Error - 4/25/2014 9:24:23 PM | Computer Name = Mothership | Source = Service Control Manager | ID = 7016
Description = The LitModeCtrl service has reported an invalid current state 32.

< End of report >

Security Check Log

Results of screen317's Security Check version 0.99.82
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avanquest SystemSuite
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 51
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 13.0.0.182
Mozilla Firefox (28.0)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
WinPatrol winpatrol.exe
Common Files AntiVirus SBAMSvc.exe
WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

Thank you for your time,

mammothcabin

#4
Valinorum

Posted 28 April 2014 - 12:59 PM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Hi mammothcabin,

Step #3 Uninstall Programs
I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.
- Yahoo! Toolbar

Step #4 Fix with OTL
- Re-run OTL by right clicking and choosing Run as administrator;
- Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').
  :Commands
  [createrestorepoint]
  
  :OTL
  [2014/04/25 11:58:36 | 000,000,612 | ---- | M] ()(C:\Users\Georgette\Desktop\???????????????????????????L) -- C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㐴㔱㘱⸵䵘L
  [2014/04/25 11:58:36 | 000,000,612 | ---- | C] ()(C:\Users\Georgette\Desktop\???????????????????????????L) -- C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㐴㔱㘱⸵䵘L
  [2014/04/25 11:42:38 | 000,000,321 | ---- | M] ()(C:\Users\Georgette\Desktop\???????????????????????????L??????S) -- C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㐴㔰㠵⸳䵘L兂瀮晤匠噁䅅S
  [2014/04/25 11:42:38 | 000,000,321 | ---- | C] ()(C:\Users\Georgette\Desktop\???????????????????????????L??????S) -- C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㐴㔰㠵⸳䵘L兂瀮晤匠噁䅅S
  [2014/04/25 11:06:04 | 000,000,293 | ---- | M] ()(C:\Users\Georgette\Desktop\???????????????????????????L???????S) -- C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㌴㌸㐶⸲䵘L慂獬瀮晤匠噁䅅S
  [2014/04/25 11:06:04 | 000,000,293 | ---- | C] ()(C:\Users\Georgette\Desktop\???????????????????????????L???????S) -- C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㌴㌸㐶⸲䵘L慂獬瀮晤匠噁䅅S
  [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
  O1364bit: - gopher Prefix: missing
  O13 - gopher Prefix: missing
  O4 - HKLM..\Run: [] File not found
  O3 - HKLM\..\Toolbar: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
  O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\Avanquest\SystemSuite\avgssie.dll ()
  
  :Files
  C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q
  C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4
  
  :Commands
  [emptytemp]
- Click on "Run Fix" and let the program run unhindered;
- Your PC will reboot automatically and a log will be opened;
- Please post it in your next reply.

Step #5 Fix with AdwCleaner
- Download AdwCleaner by Xplode to your Desktop from the following link.
  - Download Link #1
  - Download Link #2
- Right-click on AdwCleaner.exe and choose Run as administrator;
- Click on Scan and let the program run unhindered;
- When done, click on Clean and allow the system to reboot after it is done;
- A log will be opened automatically after the restart;
- Copy and Paste the contents of this log in your reply.

Step #6 Fix with Junkware Removal Tool
Download Junkware Removal Tool by thisisu to your Desktop from the link below.
Download Link 1
Download Link 2
- Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
- Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
- Please be patient as the tool cleans your system;
- After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
- Copy and Paste the contents of the log in your next reply.

Required Log(s):
- OTL Fix Log
- AdwCleaner Log
- Junkware Removal Tool Log

Regards,
Valinorum

#5
mammothcabin

Posted 29 April 2014 - 04:50 PM

New Member

Topic Starter
Member
7 posts

Hello Valinorum,

Logs follow:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㐴㔱㘱⸵䵘L moved successfully.
File C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㐴㔱㘱⸵䵘L not found.
C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㐴㔰㠵⸳䵘L兂瀮晤匠噁䅅S moved successfully.
File C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㐴㔰㠵⸳䵘L兂瀮晤匠噁䅅S not found.
C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㌴㌸㐶⸲䵘L慂獬瀮晤匠噁䅅S moved successfully.
File C:\Users\Georgette\Desktop\㩃啜敳獲䝜佅䝒繅就灁䑰瑡屡潌慣屬敔灭呜偍㌱㠹㌴㌸㐶⸲䵘L慂獬瀮晤匠噁䅅S not found.
C:\windows\assembly\Desktop.ini moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
C:\Program Files (x86)\Avanquest\SystemSuite\avgssie.dll moved successfully.
========== FILES ==========
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Installing folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Installed folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\Z\ZAPF folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\Z folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\W\WEDDING folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\W\Wacky Action folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\W folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\V\VENETIAN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\V folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\U\UNIVERSI folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\U\Undercurrent folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\U folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\T\Troutkings folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\T\Tropical Script folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\T\THUNDERB folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\T\TANGO folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\T folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\S\SYMBOL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\S\Super Delicious folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\S\STENCIL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\S\SPROCKET folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\S\SNOW_CAP folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\S\Sneakerhead folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\S\Smarty Pants folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\S\SERIFA folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\S\SCRIPT folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\S\Salsa Mangos folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\S folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\R\ROUNDHAN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\R\Roller World folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\R\REVIVAL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\R folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\P\Princess folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\P\PLAYBILL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\P\PIRANESI folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\P\PARKAVEN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\P\PARISIAN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\P folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\O\OZ folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\O\Oyster Bar folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\O\ORATOR folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\O\ONYX folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\O\OLDDREAD folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\O\OCR folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\O folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\N\NEWS folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\N folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\M\MONOSPAC folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\M\MATT folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\M\Mandingo folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\M folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\L\LUCIA folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\L\LATIN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\L folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\K\KIS folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\K\KAUFMANN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\K folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\I\INFORMAL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\I\IMPERIAL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\I folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\H\HUXLEY folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\H\Holiday Springs folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\H\HOBO folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\H\Hawaiian Aloha folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\H folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\G\Grilled Cheese folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\G folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\F\FRAKTUR folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\F\FORMAL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\F\Fluffy Slacks folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\F folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\E\EXOTIC folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\E\ENGLISH folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\E\EMPIRE folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\E\EMBASSY folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\E\EGYPTIAN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\E folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\D\Dragline folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\D\DOM folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\D\DE_VINNE folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\D\DECORATE folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\D folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\C\Crazy Girlz folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\C\COPPERPL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\C\COMMERCI folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\C\ColdSpaghetti folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\C\Cheddar Salad folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\C\Candy Buzz folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\C\CANDIDA folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\C\CALLIGRA folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\C folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\B\Bleedblob folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\B\BLACKLET folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\B\Big Chump folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\B\BERNHARD folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\B\BARNUM-P folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\B\BAKERSIG folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\B folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\A\AMERICAN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\A\AACHEN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts\A folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q\Fonts folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RKTR98Q folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Salicylates list_files folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\Z\ZAPF folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\Z folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\W\WEDDING folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\W\Wacky Action folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\W folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\V\VENETIAN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\V folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\U\UNIVERSI folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\U\Undercurrent folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\U folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\T\Troutkings folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\T\Tropical Script folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\T\THUNDERB folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\T\TANGO folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\T folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\S\SYMBOL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\S\Super Delicious folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\S\STENCIL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\S\SPROCKET folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\S\SNOW_CAP folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\S\Sneakerhead folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\S\Smarty Pants folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\S\SERIFA folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\S\SCRIPT folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\S\Salsa Mangos folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\S folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\R\ROUNDHAN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\R\Roller World folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\R\REVIVAL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\R folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\P\Princess folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\P\PLAYBILL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\P\PIRANESI folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\P\PARKAVEN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\P\PARISIAN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\P folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\O\OZ folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\O\Oyster Bar folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\O\ORATOR folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\O\ONYX folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\O\OLDDREAD folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\O\OCR folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\O folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\N\NEWS folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\N folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\M\MONOSPAC folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\M\MATT folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\M\Mandingo folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\M folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\L\LUCIA folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\L\LATIN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\L folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\K\KIS folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\K\KAUFMANN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\K folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\I\INFORMAL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\I\IMPERIAL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\I folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\H\HUXLEY folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\H\Holiday Springs folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\H\HOBO folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\H\Hawaiian Aloha folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\H folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\G\Grilled Cheese folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\G folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\F\FRAKTUR folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\F\FORMAL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\F\Fluffy Slacks folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\F folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\E\EXOTIC folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\E\ENGLISH folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\E\EMPIRE folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\E\EMBASSY folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\E\EGYPTIAN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\E folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\D\Dragline folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\D\DOM folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\D\DE_VINNE folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\D\DECORATE folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\D folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\C\Crazy Girlz folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\C\COPPERPL folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\C\COMMERCI folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\C\ColdSpaghetti folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\C\Cheddar Salad folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\C\Candy Buzz folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\C\CANDIDA folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\C\CALLIGRA folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\C folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\B\Bleedblob folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\B\BLACKLET folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\B\Big Chump folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\B\BERNHARD folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\B\BARNUM-P folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\B\BAKERSIG folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\B folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\A\AMERICAN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\A\AACHEN folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts\A folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts\Fonts folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4\Fonts folder moved successfully.
C:\$Recycle.bin\S-1-5-21-686678894-351749931-3012076338-1001\$RWNN6R4 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Georgette
->Temp folder emptied: 14801875 bytes
->Temporary Internet Files folder emptied: 18311530 bytes
->Java cache emptied: 1163877 bytes
->FireFox cache emptied: 41002404 bytes
->Flash cache emptied: 21449 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1508968 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50528 bytes
RecycleBin emptied: 34674718134 bytes

Total Files Cleaned = 33,142.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 04292014_105405

Files\Folders moved on Reboot...
File\Folder C:\Users\Georgette\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
C:\Users\Georgette\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

# AdwCleaner v3.205 - Report created 29/04/2014 at 13:59:06
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Georgette - MOTHERSHIP
# Running from : C:\Users\Georgette\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Georgette\Documents\Inbox
File Deleted : C:\Users\Georgette\AppData\Roaming\Mozilla\Firefox\Profiles\qqbrwb2d.default\searchplugins\safesearch.xml

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Uniblue

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Georgette\AppData\Roaming\Mozilla\Firefox\Profiles\qqbrwb2d.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [1558 octets] - [29/04/2014 11:11:14]
AdwCleaner[S0].txt - [1454 octets] - [29/04/2014 13:59:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1514 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Georgette on Tue 04/29/2014 at 17:56:05.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{07263600-C9D7-4BF3-91EC-5BACBA19590C}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{088DD8EF-F965-4199-A393-54168A3AFF86}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{16BBAEC8-F56B-4EE8-A345-6E88D136238C}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{203AFBB0-A5D4-4CAC-82EE-7DC0F236281A}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{229C837F-B1D4-4E16-963D-7EEA09127567}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{2522ADC1-5E37-4C78-8B95-7078683658A6}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{27693C51-8778-4F5A-BAA5-6731CCBB6EBD}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{288E6EE6-3C7A-4518-9A75-96157D5BB0F7}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{2E084825-4CA5-4566-8F73-31C08E4A9223}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{2E6729DD-6C82-4E00-9B1B-021196AB1E01}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{304A7593-040F-4B46-A4F2-968722F4BA2B}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{30C96390-5B3D-4074-A233-AE1FA085BB26}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{316BD288-0F38-4686-BEE2-E1EB4F50608F}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{3274F6FE-1D4D-44E5-B309-D17FA722E715}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{34089BDB-E782-465E-8A67-F33CB91587F5}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{4138C80C-35D5-43EC-9C37-D4F3886A4B06}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{421445A9-F5D9-4375-879C-C229B9735F93}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{478AA8EF-84E3-4A60-88C6-5E086E006ECE}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{484FF655-6591-407D-8D07-4A429D4D8915}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{4898B2FE-0992-40D3-AAA8-AA6666FE23A5}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{4A002893-7FD8-4C91-A961-1874AAA7FB0D}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{4DCDA5E1-868D-4EAE-8C39-98A0A4A6BEF5}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{504A68B3-5365-4D28-838B-C2B8F7854E24}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{5C7E85EA-EA05-4DBF-BB56-9411502AF0A1}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{6CDE326C-EDE5-4A8F-9A82-116782DFF6A9}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{74EFF928-66A7-4991-9205-00DE2568AA81}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{79077AA2-5B30-458B-ACFF-DA945CD573D2}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{7E09B011-12D4-454F-B37A-0B59FA2D6F3C}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{886D8C41-2590-4E77-A3E6-9F214CF60914}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{8BF0314B-B4A0-47BA-9FC2-351EAF0CFDB0}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{8C0AB1C6-0983-41AE-87E9-40222621C6E4}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{8CEF6EF1-363B-410F-A74F-7F0DE832085C}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{8E6DA6E5-D833-40AE-B7A5-969EA8DCA7DE}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{91F4E072-4258-4D4D-8E04-07590A0AFA87}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{9BE35F57-7252-4700-9F3A-5F6B20974515}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{9C70665B-E78B-4534-B282-F1ED480A2436}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{A4F8BA32-20C4-484A-A836-CF03E0EA4240}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{A9A96EEB-D7A2-423B-ADB5-BEE0CBF1C88F}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{AD5C133B-D38B-4923-8399-BEC8F84CCFD8}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{BE53089D-7EFA-40A8-86E5-D4479553C133}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{C0A3B3B9-4B6D-4775-8CED-0F4FEDA28E70}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{C657D671-4EDA-4E8D-B2AE-264EAB79CF3A}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{CB8A4E3A-002B-48AA-ACB2-F647E58A57A2}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{CC6BBA8C-7C55-4D42-8B31-6D03AE04EA79}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{E2F9CC61-5EFF-41DA-9295-333246837039}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{E5031BA2-7A1C-4AB7-8443-EC6391466ACE}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{E6241601-C1D9-45C4-AF82-232683B1751B}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{F46963A0-D5A2-42A1-888D-B2009C59122D}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{F58C2649-DE0B-4492-93C0-5B59C8195611}
Successfully deleted: [Empty Folder] C:\Users\Georgette\appdata\local\{F8D3087D-64E0-46BC-8EFF-733E474EDC7E}

~~~ FireFox

Emptied folder: C:\Users\Georgette\AppData\Roaming\mozilla\firefox\profiles\qqbrwb2d.default\minidumps [12 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/29/2014 at 18:03:35.55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thank you,

mammothcabin

#6
Valinorum

Posted 30 April 2014 - 12:25 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

How is your system running?

#7
mammothcabin

Posted 30 April 2014 - 09:36 AM

New Member

Topic Starter
Member
7 posts

It seems to be running okay, but other than the files appearing on my desktop I had not noticed any other problems. The files have not reappeared so I hope that means you got the malware. I really appreciate your help - I have never had something slip through the protection I had so had no idea what I needed to do. Do you recommend a specific vendor for internet security or is Norton okay?

Thank you so much,

Georgette

#8
Valinorum

Posted 30 April 2014 - 09:41 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Await my instruction while I analyze for any dormants and remnants of the malwares. Norton is fine. If it is a new kind of variant or an encrypted one, anti-virus can be fooled. I will explain more about safety measures after I am sure that your system is malware free.

#9
Valinorum

Posted 30 April 2014 - 11:35 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Hi mammothcabin,

Step #7 Scan with Malwarebytes' Anti-Malware
- Download Malwarebytes' Anti-Malware from the suitable link below --
- Double-click mbam-setup.exe to install the application.
- Before clicking Finish perform the following actions --
  - Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
  - Check the box beside Launch Malwarebytes Anti-Malware
- Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
- Click on Setting--
  - Navigate to the tab Detection and Protection and check all the boxes under Detection Options
- From the Dashboard click on Scan Now;
- If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
- On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
- Copy and Paste the contents of the log in your next reply.

Step #8 ESET Online Scanner
Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
- Download esetsmartinstaller_enu.exe by clicking here.
- Right-click on the program and choose Run as administrator.
- Accept their terms and condition and proceed.
- Install Add-On/Active X if prompted.
- From the Computer Scan Setting --
  - Uncheck the box beside Remove Found Threats;
  - Check the box beside Scan archives
- Click on Advanced Setting and check the following boxes--
  - Scan for potentially unwanted applications
  - Scan for potentially unsafe applications
  - Enable Anti-Stealth Technology
- Click on Start and wait for the virus signature database to update.
- The online scan will begin automatically and can take several hours.
  - Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
- After the Scan finishes --
  - If no threats were found:
    - Put a checkmark in Uninstall application on close.
    - Close the program and report that nothing was found
  - If threats were found:
    - Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
    - Copy and Paste contents of the log file in your next reply.
Note: Enable your security programs afterwards.

Required Log(s):
- Malwarebytes' Anti-Malware Log;
- ESET Scan Log

Regards,
Valinorum

#10
mammothcabin

Posted 02 May 2014 - 07:30 AM

New Member

Topic Starter
Member
7 posts

Hi Valinorum,

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/1/2014
Scan Time: 5:58:26 PM
Logfile: Malwarebytes Anti-Malware.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.01.12
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Georgette

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 262504
Time Elapsed: 10 min, 34 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=aa5f0c4adb30794b90f510aceee9e59d
# engine=18105
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-02 11:48:04
# local_time=2014-05-02 07:48:04 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3592 16777213 100 88 0 149607380 0 0
# compatibility_mode=5893 16776574 100 94 2078996 150574734 0 0
# scanned=1100013
# found=120
# cleaned=0
# scan_time=47711
sh=0020D4D2672AA9DB228E21795CD8D4976F367AD2 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.A potentially unwanted application" ac=I fn="C:\SyncBack\SyncBack\Backup\FileFort Backups\backup2011-04-15-1.bkz"
sh=4E8E690AC2FD3437C4AFC3B597D4CFCB037F20EA ft=1 fh=c38361e73e1b875e vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="C:\SyncBack\SyncBack\Downloads\7zip_installer_d162802 (1).exe"
sh=4E8E690AC2FD3437C4AFC3B597D4CFCB037F20EA ft=1 fh=c38361e73e1b875e vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="C:\SyncBack\SyncBack\Downloads\7zip_installer_d162802.exe"
sh=91EC186153FB33A4562204E4BE5631168C2BA206 ft=1 fh=eb969c333e6297d9 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\CuteWriter.exe"
sh=3C23D804B48678E3DE8337251A47AFE5B71D9BEF ft=1 fh=737130934ee7cf9c vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Dogpile.exe"
sh=8CBBB6B822A0217900F9AE7B14ECD23B19A37D73 ft=1 fh=f95d20c5fa5ec6ba vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\DPSetup.exe"
sh=107C5841249C0AD2EF50F5CA4DC6331B37497836 ft=1 fh=b7e28e7ff55299a0 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\rcsetup150.exe"
sh=695659596F4E2D37B5B3DE9A1A93F62C741E0FF2 ft=1 fh=929393d75e565337 vn="Win32/Toolbar.Conduit.S potentially unwanted application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Safari_Downloader.exe"
sh=D2682734FD1629CD29C148F66CD02C389E9556C9 ft=1 fh=15e5cab1edfd10d0 vn="a variant of Win32/AdWare.iBryte.Q application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Updater_Setup.exe"
sh=3C0B19925E2BD13AF6899E7E6A09B0CEB42A2CFA ft=1 fh=90d4ce8f86f9ad24 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Adobe\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\keygen.exe"
sh=D572444D3413FA4A21C60953421811D4FBADE9BC ft=1 fh=c1abb4c78b02907a vn="a variant of Win32/Keygen.CW potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Adobe\Adobe_Photosho (E)\keygen.exe"
sh=3C0B19925E2BD13AF6899E7E6A09B0CEB42A2CFA ft=1 fh=90d4ce8f86f9ad24 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\keygen.exe"
sh=08ABB0E27AA96B6E769605CFDB4C5F7977437D8C ft=1 fh=978c084eb0ff52b9 vn="a variant of Win32/Adware.ErrorRepairPro application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Alarms\erpsetup.exe"
sh=52F601DD7F4D4BD2AD47B6D80F0F84D9AB1317E2 ft=1 fh=60b7ec966425331c vn="a variant of Win32/Adware.ErrorRepairPro application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Alarms\jjreminder.exe"
sh=85D09393DA44107010279D3FE5C60460A9BDBEC0 ft=1 fh=4ac32d246a698927 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Backup\Windows 7 Versions\ffortsetup.exe"
sh=91EC186153FB33A4562204E4BE5631168C2BA206 ft=1 fh=eb969c333e6297d9 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\CutePDF\CuteWriter.exe"
sh=F3F9A2FCC53D1F555A0E5920A54214A1068AA6C9 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE.zip"
sh=0412AD87548CAEBD51A5F8A958BF7AF9951B5328 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen.rar"
sh=3C0B19925E2BD13AF6899E7E6A09B0CEB42A2CFA ft=1 fh=90d4ce8f86f9ad24 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen\keygen.exe"
sh=3C0B19925E2BD13AF6899E7E6A09B0CEB42A2CFA ft=1 fh=90d4ce8f86f9ad24 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\keygen.exe"
sh=C43593FDE66DDC46D492C55803608A4929A1D86E ft=1 fh=04fcfc269e3de2ea vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\File Recovery\rcsetup141.exe"
sh=44CDB5E61680A78D679DDC8F5E09FBCAD2671A99 ft=1 fh=a6f47056357cbbaa vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\PDF Converter\FoxitReader513.1201_enu_Setup.exe"
sh=44CDB5E61680A78D679DDC8F5E09FBCAD2671A99 ft=1 fh=a6f47056357cbbaa vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\PDF Converter\Phantom PDF Express.exe"
sh=4ADF9AE54F0E0B940ADCF70FF7E91AA3EA85F891 ft=1 fh=124855afca213dc3 vn="Win32/PrcView potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Spybot\SmitfraudFix.exe"
sh=ECAF2A056C1C346D0E4905C4E5894F222B4231AF ft=1 fh=506c14b1c4a55a4f vn="a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="C:\SyncBack\SyncBack\Downloads\Unlocker\Unlocker1.9.1.exe"
sh=2D97A9EEA85476C564C7E8108085A632F7799077 ft=1 fh=b135027aa12705c2 vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="C:\SyncBack\SyncBack\Duplicates\Duplicates master file\Local Settings\Temp\ICD1.tmp\Toolbar_cobrand.EXE"
sh=2D97A9EEA85476C564C7E8108085A632F7799077 ft=1 fh=b135027aa12705c2 vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="C:\SyncBack\SyncBack\Local Settings\Temp\ICD1.tmp\Toolbar_cobrand.EXE"
sh=3C23D804B48678E3DE8337251A47AFE5B71D9BEF ft=1 fh=737130934ee7cf9c vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="C:\SyncBack\SyncBack\NEW LAPTOP2\Downloads\tbar.exe"
sh=3C23D804B48678E3DE8337251A47AFE5B71D9BEF ft=1 fh=737130934ee7cf9c vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="C:\SyncBack\SyncBack\NEW LAPTOP2\Kingston files\KINGSTON (E)\Downloads\tbar.exe"
sh=1E3FF58866D59D4658FE8ED7DCA3E9B73F86BD83 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z"
sh=D6356361CB5D33E62695230274A8C219D18884A5 ft=1 fh=758f4dd0748812c4 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\SyncBack\SyncBack\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll"
sh=9649EF58972F7D972A679B1E46563CDD79A91B79 ft=1 fh=ab34756841b05d74 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\SyncBack\SyncBack\Windows 8\classicshell-setup.exe"
sh=0020D4D2672AA9DB228E21795CD8D4976F367AD2 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.A potentially unwanted application" ac=I fn="C:\Users\Georgette\Documents\Backup\FileFort Backups\backup2011-04-15-1.bkz"
sh=91EC186153FB33A4562204E4BE5631168C2BA206 ft=1 fh=eb969c333e6297d9 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\CuteWriter.exe"
sh=3C23D804B48678E3DE8337251A47AFE5B71D9BEF ft=1 fh=737130934ee7cf9c vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="C:\Users\Georgette\Documents\Downloads\Dogpile.exe"
sh=8CBBB6B822A0217900F9AE7B14ECD23B19A37D73 ft=1 fh=f95d20c5fa5ec6ba vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\DPSetup.exe"
sh=107C5841249C0AD2EF50F5CA4DC6331B37497836 ft=1 fh=b7e28e7ff55299a0 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\rcsetup150.exe"
sh=695659596F4E2D37B5B3DE9A1A93F62C741E0FF2 ft=1 fh=929393d75e565337 vn="Win32/Toolbar.Conduit.S potentially unwanted application" ac=I fn="C:\Users\Georgette\Documents\Downloads\Safari_Downloader.exe"
sh=3C0B19925E2BD13AF6899E7E6A09B0CEB42A2CFA ft=1 fh=90d4ce8f86f9ad24 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\Adobe\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\keygen.exe"
sh=D572444D3413FA4A21C60953421811D4FBADE9BC ft=1 fh=c1abb4c78b02907a vn="a variant of Win32/Keygen.CW potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\Adobe\Adobe_Photosho (E)\keygen.exe"
sh=3C0B19925E2BD13AF6899E7E6A09B0CEB42A2CFA ft=1 fh=90d4ce8f86f9ad24 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\keygen.exe"
sh=08ABB0E27AA96B6E769605CFDB4C5F7977437D8C ft=1 fh=978c084eb0ff52b9 vn="a variant of Win32/Adware.ErrorRepairPro application" ac=I fn="C:\Users\Georgette\Documents\Downloads\Alarms\erpsetup.exe"
sh=52F601DD7F4D4BD2AD47B6D80F0F84D9AB1317E2 ft=1 fh=60b7ec966425331c vn="a variant of Win32/Adware.ErrorRepairPro application" ac=I fn="C:\Users\Georgette\Documents\Downloads\Alarms\jjreminder.exe"
sh=85D09393DA44107010279D3FE5C60460A9BDBEC0 ft=1 fh=4ac32d246a698927 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\Users\Georgette\Documents\Downloads\Backup\Windows 7 Versions\ffortsetup.exe"
sh=91EC186153FB33A4562204E4BE5631168C2BA206 ft=1 fh=eb969c333e6297d9 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\CutePDF\CuteWriter.exe"
sh=F3F9A2FCC53D1F555A0E5920A54214A1068AA6C9 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE.zip"
sh=0412AD87548CAEBD51A5F8A958BF7AF9951B5328 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen.rar"
sh=3C0B19925E2BD13AF6899E7E6A09B0CEB42A2CFA ft=1 fh=90d4ce8f86f9ad24 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen\keygen.exe"
sh=3C0B19925E2BD13AF6899E7E6A09B0CEB42A2CFA ft=1 fh=90d4ce8f86f9ad24 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\keygen.exe"
sh=C43593FDE66DDC46D492C55803608A4929A1D86E ft=1 fh=04fcfc269e3de2ea vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\File Recovery\rcsetup141.exe"
sh=44CDB5E61680A78D679DDC8F5E09FBCAD2671A99 ft=1 fh=a6f47056357cbbaa vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\PDF Converter\FoxitReader513.1201_enu_Setup.exe"
sh=44CDB5E61680A78D679DDC8F5E09FBCAD2671A99 ft=1 fh=a6f47056357cbbaa vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\PDF Converter\Phantom PDF Express.exe"
sh=23B050563A81A1C57DABA7805B1E3E6B4C874F2B ft=1 fh=b4fe666c57930953 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Georgette\Documents\Downloads\QuoteTracker\cbsidlm-cbsi183-QuoteTracker-BP-10046178.exe"
sh=4ADF9AE54F0E0B940ADCF70FF7E91AA3EA85F891 ft=1 fh=124855afca213dc3 vn="Win32/PrcView potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\Downloads\Spybot\SmitfraudFix.exe"
sh=ECAF2A056C1C346D0E4905C4E5894F222B4231AF ft=1 fh=506c14b1c4a55a4f vn="a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="C:\Users\Georgette\Documents\Downloads\Unlocker\Unlocker1.9.1.exe"
sh=2D97A9EEA85476C564C7E8108085A632F7799077 ft=1 fh=b135027aa12705c2 vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="C:\Users\Georgette\Documents\Duplicates\Duplicates master file\Local Settings\Temp\ICD1.tmp\Toolbar_cobrand.EXE"
sh=2D97A9EEA85476C564C7E8108085A632F7799077 ft=1 fh=b135027aa12705c2 vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="C:\Users\Georgette\Documents\Local Settings\Temp\ICD1.tmp\Toolbar_cobrand.EXE"
sh=3C23D804B48678E3DE8337251A47AFE5B71D9BEF ft=1 fh=737130934ee7cf9c vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="C:\Users\Georgette\Documents\NEW LAPTOP2\Downloads\tbar.exe"
sh=3C23D804B48678E3DE8337251A47AFE5B71D9BEF ft=1 fh=737130934ee7cf9c vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="C:\Users\Georgette\Documents\NEW LAPTOP2\Kingston files\KINGSTON (E)\Downloads\tbar.exe"
sh=1E3FF58866D59D4658FE8ED7DCA3E9B73F86BD83 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z"
sh=D6356361CB5D33E62695230274A8C219D18884A5 ft=1 fh=758f4dd0748812c4 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Users\Georgette\Documents\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll"
sh=9649EF58972F7D972A679B1E46563CDD79A91B79 ft=1 fh=ab34756841b05d74 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\Georgette\Documents\Windows 8\classicshell-setup.exe"
sh=23B050563A81A1C57DABA7805B1E3E6B4C874F2B ft=1 fh=b4fe666c57930953 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Georgette\Downloads\cbsidlm-cbsi183-QuoteTracker-BP-10046178.exe"
sh=3A5AADF9C98DC459914D5CF4D3E9D9029BB5472D ft=1 fh=898f8c7a865511cc vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Georgette\Downloads\CuteWriter.exe"
sh=AB339A71F828BB3C2F8A267543CFB2F8BBE33781 ft=1 fh=c71c00114fbbac42 vn="a variant of Win32/InstallCore.LQ potentially unwanted application" ac=I fn="C:\Users\Georgette\Downloads\PDFCreatorSetup.exe"
sh=5ED2FC8BDCE9721FB8F4262DFB96B594B5641A1C ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 151.zip"
sh=D731B9EE63604E9B2D7F3C2D21B87DFD718C76E3 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 246.zip"
sh=2DA9CA41EB7E50F79E821E7750400470702DC7B9 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 57.zip"
sh=4D9C104C77B6CB66DFA11CA908BCD10100C5A948 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 59.zip"
sh=E1A94F26F61624E296E3E672904B32908E1DD17F ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.ErrorRepairPro application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 61.zip"
sh=F59D51B1D62970B25E5E6FCB31DB0D6786027E7A ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 62.zip"
sh=DCC75B6CB8BD124503C3BF04E4584CDC84CCD887 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 63.zip"
sh=2C02C47A04B9A2E8A1ADB1C11A442C5CBB70C046 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.A potentially unwanted application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 65.zip"
sh=A01AEE0061DCABDEFBBB6BD36ACA5DCEEF381810 ft=0 fh=0000000000000000 vn="Win32/PrcView potentially unsafe application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 66.zip"
sh=32D6ABBB5C044F6829D9D4A7F1E46D943D68B816 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 67.zip"
sh=1ACDB79931265975F64A28691A63075E1A28FDA2 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 68.zip"
sh=89220A99DF82A7F32E4415D8C680461A92FE37CC ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 75.zip"
sh=3592EC366514BF299AE45CA5F03EF1BAF549DE08 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 76.zip"
sh=A0145EA9766BC01A469458964C35765472EE1520 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 77.zip"
sh=1438B81C3239BFCFA832261EAD3952879A695F72 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 78.zip"
sh=78665462E6EEC6C47F1BBBB951D508D9E70B7974 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.A potentially unwanted application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-24 190000\Backup files 30.zip"
sh=4187D7F55175A237C1ABC8BC29C3257DA3FA484A ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-31 190000\Backup files 3.zip"
sh=66683C6028B2B49CB0EC167A1D8C710D7840B7B9 ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-31 190000\Backup files 8.zip"
sh=3C23D804B48678E3DE8337251A47AFE5B71D9BEF ft=1 fh=737130934ee7cf9c vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="H:\OSCAR-PC\Downloads\tbar.exe"
sh=0020D4D2672AA9DB228E21795CD8D4976F367AD2 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.A potentially unwanted application" ac=I fn="H:\SyncBack\Georgette\Documents\Backup\FileFort Backups\backup2011-04-15-1.bkz"
sh=4E8E690AC2FD3437C4AFC3B597D4CFCB037F20EA ft=1 fh=c38361e73e1b875e vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\7zip_installer_d162802 (1).exe"
sh=4E8E690AC2FD3437C4AFC3B597D4CFCB037F20EA ft=1 fh=c38361e73e1b875e vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\7zip_installer_d162802.exe"
sh=91EC186153FB33A4562204E4BE5631168C2BA206 ft=1 fh=eb969c333e6297d9 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\CuteWriter.exe"
sh=3C23D804B48678E3DE8337251A47AFE5B71D9BEF ft=1 fh=737130934ee7cf9c vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Dogpile.exe"
sh=8CBBB6B822A0217900F9AE7B14ECD23B19A37D73 ft=1 fh=f95d20c5fa5ec6ba vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\DPSetup.exe"
sh=107C5841249C0AD2EF50F5CA4DC6331B37497836 ft=1 fh=b7e28e7ff55299a0 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\rcsetup150.exe"
sh=695659596F4E2D37B5B3DE9A1A93F62C741E0FF2 ft=1 fh=929393d75e565337 vn="Win32/Toolbar.Conduit.S potentially unwanted application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Safari_Downloader.exe"
sh=D2682734FD1629CD29C148F66CD02C389E9556C9 ft=1 fh=15e5cab1edfd10d0 vn="a variant of Win32/AdWare.iBryte.Q application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Updater_Setup.exe"
sh=3C0B19925E2BD13AF6899E7E6A09B0CEB42A2CFA ft=1 fh=90d4ce8f86f9ad24 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Adobe\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\keygen.exe"
sh=D572444D3413FA4A21C60953421811D4FBADE9BC ft=1 fh=c1abb4c78b02907a vn="a variant of Win32/Keygen.CW potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Adobe\Adobe_Photosho (E)\keygen.exe"
sh=3C0B19925E2BD13AF6899E7E6A09B0CEB42A2CFA ft=1 fh=90d4ce8f86f9ad24 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\keygen.exe"
sh=08ABB0E27AA96B6E769605CFDB4C5F7977437D8C ft=1 fh=978c084eb0ff52b9 vn="a variant of Win32/Adware.ErrorRepairPro application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Alarms\erpsetup.exe"
sh=52F601DD7F4D4BD2AD47B6D80F0F84D9AB1317E2 ft=1 fh=60b7ec966425331c vn="a variant of Win32/Adware.ErrorRepairPro application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Alarms\jjreminder.exe"
sh=85D09393DA44107010279D3FE5C60460A9BDBEC0 ft=1 fh=4ac32d246a698927 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Backup\Windows 7 Versions\ffortsetup.exe"
sh=91EC186153FB33A4562204E4BE5631168C2BA206 ft=1 fh=eb969c333e6297d9 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\CutePDF\CuteWriter.exe"
sh=F3F9A2FCC53D1F555A0E5920A54214A1068AA6C9 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE.zip"
sh=0412AD87548CAEBD51A5F8A958BF7AF9951B5328 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen.rar"
sh=3C0B19925E2BD13AF6899E7E6A09B0CEB42A2CFA ft=1 fh=90d4ce8f86f9ad24 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen\keygen.exe"
sh=3C0B19925E2BD13AF6899E7E6A09B0CEB42A2CFA ft=1 fh=90d4ce8f86f9ad24 vn="a variant of Win32/Keygen.BR potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\keygen.exe"
sh=C43593FDE66DDC46D492C55803608A4929A1D86E ft=1 fh=04fcfc269e3de2ea vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\File Recovery\rcsetup141.exe"
sh=44CDB5E61680A78D679DDC8F5E09FBCAD2671A99 ft=1 fh=a6f47056357cbbaa vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\PDF Converter\FoxitReader513.1201_enu_Setup.exe"
sh=44CDB5E61680A78D679DDC8F5E09FBCAD2671A99 ft=1 fh=a6f47056357cbbaa vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\PDF Converter\Phantom PDF Express.exe"
sh=23B050563A81A1C57DABA7805B1E3E6B4C874F2B ft=1 fh=b4fe666c57930953 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\QuoteTracker\cbsidlm-cbsi183-QuoteTracker-BP-10046178.exe"
sh=4ADF9AE54F0E0B940ADCF70FF7E91AA3EA85F891 ft=1 fh=124855afca213dc3 vn="Win32/PrcView potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Spybot\SmitfraudFix.exe"
sh=ECAF2A056C1C346D0E4905C4E5894F222B4231AF ft=1 fh=506c14b1c4a55a4f vn="a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="H:\SyncBack\Georgette\Documents\Downloads\Unlocker\Unlocker1.9.1.exe"
sh=2D97A9EEA85476C564C7E8108085A632F7799077 ft=1 fh=b135027aa12705c2 vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="H:\SyncBack\Georgette\Documents\Duplicates\Duplicates master file\Local Settings\Temp\ICD1.tmp\Toolbar_cobrand.EXE"
sh=2D97A9EEA85476C564C7E8108085A632F7799077 ft=1 fh=b135027aa12705c2 vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="H:\SyncBack\Georgette\Documents\Local Settings\Temp\ICD1.tmp\Toolbar_cobrand.EXE"
sh=3C23D804B48678E3DE8337251A47AFE5B71D9BEF ft=1 fh=737130934ee7cf9c vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="H:\SyncBack\Georgette\Documents\NEW LAPTOP2\Downloads\tbar.exe"
sh=3C23D804B48678E3DE8337251A47AFE5B71D9BEF ft=1 fh=737130934ee7cf9c vn="a variant of Win32/Adware.Agent.NDB application" ac=I fn="H:\SyncBack\Georgette\Documents\NEW LAPTOP2\Kingston files\KINGSTON (E)\Downloads\tbar.exe"
sh=1E3FF58866D59D4658FE8ED7DCA3E9B73F86BD83 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z"
sh=D6356361CB5D33E62695230274A8C219D18884A5 ft=1 fh=758f4dd0748812c4 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Documents\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll"
sh=9649EF58972F7D972A679B1E46563CDD79A91B79 ft=1 fh=ab34756841b05d74 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="H:\SyncBack\Georgette\Documents\Windows 8\classicshell-setup.exe"
sh=23B050563A81A1C57DABA7805B1E3E6B4C874F2B ft=1 fh=b4fe666c57930953 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="H:\SyncBack\Georgette\Downloads\cbsidlm-cbsi183-QuoteTracker-BP-10046178.exe"
sh=3A5AADF9C98DC459914D5CF4D3E9D9029BB5472D ft=1 fh=898f8c7a865511cc vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="H:\SyncBack\Georgette\Downloads\CuteWriter.exe"
sh=AB339A71F828BB3C2F8A267543CFB2F8BBE33781 ft=1 fh=c71c00114fbbac42 vn="a variant of Win32/InstallCore.LQ potentially unwanted application" ac=I fn="H:\SyncBack\Georgette\Downloads\PDFCreatorSetup.exe"

Thank you,

Georgette

#11
Valinorum

Posted 02 May 2014 - 08:16 AM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Hi mammothcabin,

Did you download pirated version of Adobe Photoshop?

Step #9 Fix with OTL
The fix is long and will take time. Please be patient even if OTL is not responding.
- Re-run OTL by right clicking and choosing Run as administrator;
- Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').
  :Commands
  [createrestorepoint]
  
  :Files
  H:\SyncBack\Georgette\Downloads\PDFCreatorSetup.exe
  H:\SyncBack\Georgette\Downloads\CuteWriter.exe
  H:\SyncBack\Georgette\Downloads\cbsidlm-cbsi183-QuoteTracker-BP-10046178.exe
  H:\SyncBack\Georgette\Documents\Windows 8\classicshell-setup.exe
  H:\SyncBack\Georgette\Documents\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll
  H:\SyncBack\Georgette\Documents\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z
  H:\SyncBack\Georgette\Documents\NEW LAPTOP2\Kingston files\KINGSTON (E)\Downloads\tbar.exe
  H:\SyncBack\Georgette\Documents\NEW LAPTOP2\Downloads\tbar.exe
  H:\SyncBack\Georgette\Documents\Local Settings\Temp\ICD1.tmp\Toolbar_cobrand.EXE
  H:\SyncBack\Georgette\Documents\Duplicates\Duplicates master file\Local Settings\Temp\ICD1.tmp\Toolbar_cobrand.EXE
  H:\SyncBack\Georgette\Documents\Downloads\Unlocker\Unlocker1.9.1.exe
  H:\SyncBack\Georgette\Documents\Downloads\Spybot\SmitfraudFix.exe
  H:\SyncBack\Georgette\Documents\Downloads\QuoteTracker\cbsidlm-cbsi183-QuoteTracker-BP-10046178.exe
  H:\SyncBack\Georgette\Documents\Downloads\PDF Converter\Phantom PDF Express.exe
  H:\SyncBack\Georgette\Documents\Downloads\PDF Converter\FoxitReader513.1201_enu_Setup.exe
  H:\SyncBack\Georgette\Documents\Downloads\File Recovery\rcsetup141.exe
  H:\SyncBack\Georgette\Documents\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\keygen.exe
  H:\SyncBack\Georgette\Documents\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen
  H:\SyncBack\Georgette\Documents\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen.rar
  H:\SyncBack\Georgette\Documents\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE.zip
  H:\SyncBack\Georgette\Documents\Downloads\CutePDF\CuteWriter.exe
  H:\SyncBack\Georgette\Documents\Downloads\Backup\Windows 7 Versions\ffortsetup.exe
  H:\SyncBack\Georgette\Documents\Downloads\Alarms\jjreminder.exe
  H:\SyncBack\Georgette\Documents\Downloads\Alarms\erpsetup.exe
  H:\SyncBack\Georgette\Documents\Downloads\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE
  H:\SyncBack\Georgette\Documents\Downloads\Adobe\Adobe_Photosho (E)\keygen.exe
  H:\SyncBack\Georgette\Documents\Downloads\Adobe\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE
  H:\SyncBack\Georgette\Documents\Downloads\Updater_Setup.exe
  H:\SyncBack\Georgette\Documents\Downloads\Safari_Downloader.exe
  H:\SyncBack\Georgette\Documents\Downloads\rcsetup150.exe
  H:\SyncBack\Georgette\Documents\Downloads\DPSetup.exe
  H:\SyncBack\Georgette\Documents\Downloads\Dogpile.exe
  H:\SyncBack\Georgette\Documents\Downloads\CuteWriter.exe
  H:\SyncBack\Georgette\Documents\Downloads\7zip_installer_d162802.exe
  H:\SyncBack\Georgette\Documents\Downloads\7zip_installer_d162802 (1).exe
  H:\SyncBack\Georgette\Documents\Backup\FileFort Backups\backup2011-04-15-1.bkz
  H:\OSCAR-PC\Downloads\tbar.exe
  F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-31 190000\Backup files 8.zip
  F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-31 190000\Backup files 3.zip
  F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-24 190000\Backup files 30.zip
  F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 78.zip
  F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 77.zip
  F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 76.zip
  F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 75.zip
  F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 68.zip
  F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 67.zip
  F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 66.zip
  F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 65.zip
  F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 63.zip
  F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 62.zip
  F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 61.zip
  F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 59.zip
  F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 57.zip
  F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 246.zip
  F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 151.zip
  C:\Users\Georgette\Downloads\PDFCreatorSetup.exe
  C:\Users\Georgette\Downloads\CuteWriter.exe
  C:\Users\Georgette\Downloads\cbsidlm-cbsi183-QuoteTracker-BP-10046178.exe
  C:\Users\Georgette\Documents\Windows 8\classicshell-setup.exe
  C:\Users\Georgette\Documents\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll
  C:\Users\Georgette\Documents\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z
  C:\Users\Georgette\Documents\NEW LAPTOP2\Kingston files\KINGSTON (E)\Downloads\tbar.exe
  C:\Users\Georgette\Documents\NEW LAPTOP2\Downloads\tbar.exe
  C:\Users\Georgette\Documents\Local Settings\Temp\ICD1.tmp\Toolbar_cobrand.EXE
  C:\Users\Georgette\Documents\Duplicates\Duplicates master file\Local Settings\Temp\ICD1.tmp\
  C:\Users\Georgette\Documents\Downloads\Unlocker\Unlocker1.9.1.exe
  C:\Users\Georgette\Documents\Downloads\Spybot
  C:\Users\Georgette\Documents\Downloads\QuoteTracker\cbsidlm-cbsi183-QuoteTracker-BP-10046178.exe
  C:\Users\Georgette\Documents\Downloads\PDF Converter\Phantom PDF Express.exe
  C:\Users\Georgette\Documents\Downloads\PDF Converter\FoxitReader513.1201_enu_Setup.exe
  C:\Users\Georgette\Documents\Downloads\File Recovery\rcsetup141.exe
  C:\Users\Georgette\Documents\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE
  C:\Users\Georgette\Documents\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen
  C:\Users\Georgette\Documents\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen.rar
  C:\Users\Georgette\Documents\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE.zip
  C:\Users\Georgette\Documents\Downloads\CutePDF
  C:\Users\Georgette\Documents\Downloads\Backup\Windows 7 Versions\ffortsetup.exe
  C:\Users\Georgette\Documents\Downloads\Alarms\jjreminder.exe
  C:\Users\Georgette\Documents\Downloads\Alarms\erpsetup.exe
  C:\Users\Georgette\Documents\Downloads\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE
  C:\Users\Georgette\Documents\Downloads\Adobe\Adobe_Photosho (E)\keygen.exe
  c:\Users\Georgette\Documents\Downloads\Safari_Downloader.exe
  C:\Users\Georgette\Documents\Downloads\rcsetup150.exe
  C:\Users\Georgette\Documents\Downloads\DPSetup.exe
  C:\Users\Georgette\Documents\Downloads\Dogpile.exe
  C:\Users\Georgette\Documents\Downloads\CuteWriter.exe
  C:\Users\Georgette\Documents\Backup\FileFort Backups\backup2011-04-15-1.bkz
  C:\SyncBack\SyncBack\Windows 8\classicshell-setup.exe
  C:\SyncBack\SyncBack\ProgramData\APN\APN-Stub\W3IV6-G
  C:\SyncBack\SyncBack\NEW LAPTOP2\Kingston files\KINGSTON (E)\Downloads\tbar.exe
  C:\SyncBack\SyncBack\NEW LAPTOP2\Downloads\tbar.exe
  C:\SyncBack\SyncBack\Local Settings\Temp\ICD1.tmp\Toolbar_cobrand.EXE
  C:\SyncBack\SyncBack\Downloads\Unlocker\
  C:\SyncBack\SyncBack\Downloads\Spybot\
  C:\SyncBack\SyncBack\Downloads\PDF Converter\Phantom PDF Express.exe
  C:\SyncBack\SyncBack\Downloads\PDF Converter\FoxitReader513.1201_enu_Setup.exe
  C:\SyncBack\SyncBack\Downloads\File Recovery\rcsetup141.exe
  C:\SyncBack\SyncBack\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE
  C:\SyncBack\SyncBack\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen
  C:\SyncBack\SyncBack\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen.rar
  C:\SyncBack\SyncBack\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE.zip
  C:\SyncBack\SyncBack\Downloads\CutePDF\
  C:\SyncBack\SyncBack\Downloads\Backup\Windows 7 Versions\ffortsetup.exe
  C:\SyncBack\SyncBack\Downloads\Alarms\jjreminder.exe
  C:\SyncBack\SyncBack\Downloads\Alarms\erpsetup.exe
  C:\SyncBack\SyncBack\Downloads\Adobe\Adobe_Photosho (E)\keygen.exe
  c:\SyncBack\SyncBack\Downloads\Updater_Setup.exe
  C:\SyncBack\SyncBack\Downloads\Safari_Downloader.exe
  C:\SyncBack\SyncBack\Downloads\rcsetup150.exe
  C:\SyncBack\SyncBack\Downloads\DPSetup.exe
  C:\SyncBack\SyncBack\Downloads\Dogpile.exe
  C:\SyncBack\SyncBack\Downloads\CuteWriter.exe
  C:\SyncBack\SyncBack\Downloads\7zip_installer_d162802.exe
  C:\SyncBack\SyncBack\Downloads\7zip_installer_d162802 (1).exe
  C:\SyncBack\SyncBack\Backup\FileFort Backups\backup2011-04-15-1.bkz
  
  :Commands
  [emptytemp]
- Click on "Run Fix" and let the program run unhindered;
- Your PC will reboot automatically and a log will be opened;
- Please post it in your next reply.

How is your system running?

Required Log(s):
- OTL Fix Log

Regards,
Valinorum

#12
mammothcabin

Posted 02 May 2014 - 01:03 PM

New Member

Topic Starter
Member
7 posts

Hello Valinorum,

The system seems to be running fine.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
H:\SyncBack\Georgette\Downloads\PDFCreatorSetup.exe moved successfully.
H:\SyncBack\Georgette\Downloads\CuteWriter.exe moved successfully.
H:\SyncBack\Georgette\Downloads\cbsidlm-cbsi183-QuoteTracker-BP-10046178.exe moved successfully.
H:\SyncBack\Georgette\Documents\Windows 8\classicshell-setup.exe moved successfully.
H:\SyncBack\Georgette\Documents\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll moved successfully.
H:\SyncBack\Georgette\Documents\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z moved successfully.
H:\SyncBack\Georgette\Documents\NEW LAPTOP2\Kingston files\KINGSTON (E)\Downloads\tbar.exe moved successfully.
H:\SyncBack\Georgette\Documents\NEW LAPTOP2\Downloads\tbar.exe moved successfully.
H:\SyncBack\Georgette\Documents\Local Settings\Temp\ICD1.tmp\Toolbar_cobrand.EXE moved successfully.
H:\SyncBack\Georgette\Documents\Duplicates\Duplicates master file\Local Settings\Temp\ICD1.tmp\Toolbar_cobrand.EXE moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Unlocker\Unlocker1.9.1.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Spybot\SmitfraudFix.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\QuoteTracker\cbsidlm-cbsi183-QuoteTracker-BP-10046178.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\PDF Converter\Phantom PDF Express.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\PDF Converter\FoxitReader513.1201_enu_Setup.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\File Recovery\rcsetup141.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\keygen.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen folder moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen.rar moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE.zip moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\CutePDF\CuteWriter.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Backup\Windows 7 Versions\ffortsetup.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Alarms\jjreminder.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Alarms\erpsetup.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE folder moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Adobe\Adobe_Photosho (E)\keygen.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Adobe\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\Adobe Photoshop Elements\directx9 folder moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Adobe\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\Adobe Photoshop Elements folder moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Adobe\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\Adobe Partner Programs\North America folder moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Adobe\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\Adobe Partner Programs\International folder moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Adobe\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE\Adobe Partner Programs folder moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Adobe\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE folder moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Updater_Setup.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Safari_Downloader.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\rcsetup150.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\DPSetup.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\Dogpile.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\CuteWriter.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\7zip_installer_d162802.exe moved successfully.
H:\SyncBack\Georgette\Documents\Downloads\7zip_installer_d162802 (1).exe moved successfully.
H:\SyncBack\Georgette\Documents\Backup\FileFort Backups\backup2011-04-15-1.bkz moved successfully.
H:\OSCAR-PC\Downloads\tbar.exe moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-31 190000\Backup files 8.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-31 190000\Backup files 3.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-24 190000\Backup files 30.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 78.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 77.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 76.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 75.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 68.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 67.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 66.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 65.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 63.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 62.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 61.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 59.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 57.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 246.zip moved successfully.
F:\MOTHERSHIP\Backup Set 2011-10-14 142519\Backup Files 2011-10-14 142519\Backup files 151.zip moved successfully.
C:\Users\Georgette\Downloads\PDFCreatorSetup.exe moved successfully.
C:\Users\Georgette\Downloads\CuteWriter.exe moved successfully.
C:\Users\Georgette\Downloads\cbsidlm-cbsi183-QuoteTracker-BP-10046178.exe moved successfully.
C:\Users\Georgette\Documents\Windows 8\classicshell-setup.exe moved successfully.
C:\Users\Georgette\Documents\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll moved successfully.
C:\Users\Georgette\Documents\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z moved successfully.
C:\Users\Georgette\Documents\NEW LAPTOP2\Kingston files\KINGSTON (E)\Downloads\tbar.exe moved successfully.
C:\Users\Georgette\Documents\NEW LAPTOP2\Downloads\tbar.exe moved successfully.
C:\Users\Georgette\Documents\Local Settings\Temp\ICD1.tmp\Toolbar_cobrand.EXE moved successfully.
C:\Users\Georgette\Documents\Duplicates\Duplicates master file\Local Settings\Temp\ICD1.tmp folder moved successfully.
C:\Users\Georgette\Documents\Downloads\Unlocker\Unlocker1.9.1.exe moved successfully.
C:\Users\Georgette\Documents\Downloads\Spybot folder moved successfully.
C:\Users\Georgette\Documents\Downloads\QuoteTracker\cbsidlm-cbsi183-QuoteTracker-BP-10046178.exe moved successfully.
C:\Users\Georgette\Documents\Downloads\PDF Converter\Phantom PDF Express.exe moved successfully.
C:\Users\Georgette\Documents\Downloads\PDF Converter\FoxitReader513.1201_enu_Setup.exe moved successfully.
C:\Users\Georgette\Documents\Downloads\File Recovery\rcsetup141.exe moved successfully.
C:\Users\Georgette\Documents\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE folder moved successfully.
C:\Users\Georgette\Documents\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen folder moved successfully.
C:\Users\Georgette\Documents\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen.rar moved successfully.
C:\Users\Georgette\Documents\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE.zip moved successfully.
C:\Users\Georgette\Documents\Downloads\CutePDF\AutoSave folder moved successfully.
C:\Users\Georgette\Documents\Downloads\CutePDF folder moved successfully.
C:\Users\Georgette\Documents\Downloads\Backup\Windows 7 Versions\ffortsetup.exe moved successfully.
C:\Users\Georgette\Documents\Downloads\Alarms\jjreminder.exe moved successfully.
C:\Users\Georgette\Documents\Downloads\Alarms\erpsetup.exe moved successfully.
C:\Users\Georgette\Documents\Downloads\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE folder moved successfully.
C:\Users\Georgette\Documents\Downloads\Adobe\Adobe_Photosho (E)\keygen.exe moved successfully.
c:\Users\Georgette\Documents\Downloads\Safari_Downloader.exe moved successfully.
C:\Users\Georgette\Documents\Downloads\rcsetup150.exe moved successfully.
C:\Users\Georgette\Documents\Downloads\DPSetup.exe moved successfully.
C:\Users\Georgette\Documents\Downloads\Dogpile.exe moved successfully.
C:\Users\Georgette\Documents\Downloads\CuteWriter.exe moved successfully.
C:\Users\Georgette\Documents\Backup\FileFort Backups\backup2011-04-15-1.bkz moved successfully.
C:\SyncBack\SyncBack\Windows 8\classicshell-setup.exe moved successfully.
C:\SyncBack\SyncBack\ProgramData\APN\APN-Stub\W3IV6-G folder moved successfully.
C:\SyncBack\SyncBack\NEW LAPTOP2\Kingston files\KINGSTON (E)\Downloads\tbar.exe moved successfully.
C:\SyncBack\SyncBack\NEW LAPTOP2\Downloads\tbar.exe moved successfully.
C:\SyncBack\SyncBack\Local Settings\Temp\ICD1.tmp\Toolbar_cobrand.EXE moved successfully.
C:\SyncBack\SyncBack\Downloads\Unlocker folder moved successfully.
C:\SyncBack\SyncBack\Downloads\Spybot folder moved successfully.
C:\SyncBack\SyncBack\Downloads\PDF Converter\Phantom PDF Express.exe moved successfully.
C:\SyncBack\SyncBack\Downloads\PDF Converter\FoxitReader513.1201_enu_Setup.exe moved successfully.
C:\SyncBack\SyncBack\Downloads\File Recovery\rcsetup141.exe moved successfully.
C:\SyncBack\SyncBack\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE folder moved successfully.
C:\SyncBack\SyncBack\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen folder moved successfully.
C:\SyncBack\SyncBack\Downloads\Elements 6\Adobe Photoshop Elements 6 [first person]\keygen.rar moved successfully.
C:\SyncBack\SyncBack\Downloads\Elements 6\Adobe.Photoshop.Elements.v6.0.Incl.Keymaker-CORE.zip moved successfully.
C:\SyncBack\SyncBack\Downloads\CutePDF\AutoSave folder moved successfully.
C:\SyncBack\SyncBack\Downloads\CutePDF folder moved successfully.
C:\SyncBack\SyncBack\Downloads\Backup\Windows 7 Versions\ffortsetup.exe moved successfully.
C:\SyncBack\SyncBack\Downloads\Alarms\jjreminder.exe moved successfully.
C:\SyncBack\SyncBack\Downloads\Alarms\erpsetup.exe moved successfully.
C:\SyncBack\SyncBack\Downloads\Adobe\Adobe_Photosho (E)\keygen.exe moved successfully.
c:\SyncBack\SyncBack\Downloads\Updater_Setup.exe moved successfully.
C:\SyncBack\SyncBack\Downloads\Safari_Downloader.exe moved successfully.
C:\SyncBack\SyncBack\Downloads\rcsetup150.exe moved successfully.
C:\SyncBack\SyncBack\Downloads\DPSetup.exe moved successfully.
C:\SyncBack\SyncBack\Downloads\Dogpile.exe moved successfully.
C:\SyncBack\SyncBack\Downloads\CuteWriter.exe moved successfully.
C:\SyncBack\SyncBack\Downloads\7zip_installer_d162802.exe moved successfully.
C:\SyncBack\SyncBack\Downloads\7zip_installer_d162802 (1).exe moved successfully.
C:\SyncBack\SyncBack\Backup\FileFort Backups\backup2011-04-15-1.bkz moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Georgette
->Temp folder emptied: 36187 bytes
->Temporary Internet Files folder emptied: 13503472 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5290149 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 524896 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 311299480 bytes

Total Files Cleaned = 315.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05022014_145006

Files\Folders moved on Reboot...
C:\Users\Georgette\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Georgette\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Thank you,

mammothcabin

#13
Valinorum

Posted 02 May 2014 - 01:55 PM

GeekU Guardian Bot

GeekU Moderator
3,330 posts

Hi mammothcabin,

Perusing your logs, I see no infection currently present in your system. Unless you are having any issue(s), the machine appears to be Malware-free as we speak.

♣ Removal of Tools and Quarantined Files ♣

Despite the tools we have used are clean, they are powerful removal tools and made in a way so that they carry out any commands given to them without (most cases) asking for a confirmation. In the hands of an inept person, they can make the machine un-bootable -- a scenario we do not wish to see. Also, we need to remove the quarantined files/folders from your system as a dormant malware can be as bad as an active one if given the proper environment. I shall now give you the guidelines to remove the tools and the quarantined files from your system.

Cleanup with Delfix
Please download DelFix by Xplode to your Desktop.
Download Link
- Double-click to run the program;
  - Note: Windows Vista/7/8 users right-click and choose Run as administrator
- Make sure that all the boxes are checked;
- Click Run;
- A log will be opened after the operation is finished;
- Copy and Paste it in your next reply

♣ Prevention and Future Guidelines ♣

Prevention is better than cure -- goes the old saying. As much as we love to see you visit our site, we do not want to see you having your PC infected by malwares again.

Keep Windows up-to-date.
It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.
Run antivirus software and keep it up-to-date, too.
Antivirus software is your safety net if all other protections fail. The first line of defense is smart computing, of course, but everyone needs a backup. I'd recommend Microsoft Security Essentials or avast!, both of which are excellent, as well as free. Once they're installed, check periodically to ensure they have been successfully updating as well. An out-of-date antivirus is not a happy antivirus!
Keep your web browser plugins and other programs updated also.
This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats.

A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC.

No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.

Download NoSript by Giorgio Maone.

Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.
Watch out for new threat named CryptoLocker
CryptoLocker is a new type ransomware family malware that encrypts your important files and asks for a ransom to decrypt them. At the moment of posting this reply there are no tools that can undo the havoc this malware causes. We can help you to remove the malware from your system but the files that was encrypted cannot be recovered without the decryption key. So, I ask for your forbearance and practice constant vigilance. Please read the following article to acknowledge yourself about the safety measures.
How to prevent your computer from becoming infected by CryptoLocker.
And last of all, surf smart.
It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article, How Did I Get Infected in the First Place?

Regards,
Valinorum

#14
mammothcabin

Posted 02 May 2014 - 05:42 PM

New Member

Topic Starter
Member
7 posts

Hello Valinorum,

I have followed the last set of instructions, I think I may try avast, Norton has become a nuisance warning of errors that have to be repaired. I had been looking for another anti-virus. Some of the items I have been doing but there are some that I had not been updating such as Java, etc. I did not realize the importance of keeping them updated. So perhaps I will avoid this by being more proactive. Thank you again for all your assistance.

# DelFix v10.7 - Logfile created 02/05/2014 at 17:52:16
# Updated 27/04/2014 by Xplode
# Username : Georgette - MOTHERSHIP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\AdwCleaner
Deleted : C:\Users\Georgette\Desktop\JRT.txt
Deleted : C:\Users\Georgette\Downloads\AdwCleaner.exe
Deleted : C:\Users\Georgette\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Georgette\Downloads\Extras.Txt
Deleted : C:\Users\Georgette\Downloads\JRT.exe
Deleted : C:\Users\Georgette\Downloads\OTL.Txt
Deleted : C:\Users\Georgette\Downloads\OTL.exe
Deleted : C:\Users\Georgette\Downloads\SecurityCheck.exe
Deleted : C:\Users\Georgette\Documents\Downloads\Silent Runners.vbs
Deleted : C:\Users\Georgette\Documents\Downloads\Startup Programs (VIXEN) 2006-01-12 14.53.22.txt
Deleted : C:\Users\Georgette\Documents\Downloads\Startup Programs (VIXEN) 2006-01-12 14.55.06.txt
Deleted : C:\Users\Georgette\Documents\Downloads\Startup Programs (VIXEN) 2006-01-13 10.08.07.txt
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #51 [Installed Java 7 Update 55 | 05/01/2014 21:21:10]
Deleted : RP #52 [Windows Update | 05/02/2014 16:26:01]
Deleted : RP #53 [OTL Restore Point - 5/2/2014 2:50:17 PM | 05/02/2014 18:50:17]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########