OTL logfile created on: 1/27/2010 9:14:00 AM - Run 1 OTL by OldTimer - Version 3.1.27.0 Folder = C:\Users\SHAWN\Documents\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297.99 Gb Total Space | 249.26 Gb Free Space | 83.65% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SHAWN-PC Current User Name: SHAWN Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010/01/27 08:20:23 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\SHAWN\My Documents\Downloads\OTL.exe PRC - [2010/01/25 16:24:51 | 00,030,192 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe PRC - [2010/01/25 16:24:40 | 00,122,880 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe PRC - [2010/01/25 16:23:59 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2010/01/25 13:22:14 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.2.183.13\GoogleCrashHandler.exe PRC - [2010/01/07 16:07:10 | 01,394,000 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2010/01/07 16:07:10 | 00,236,368 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2009/11/10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe PRC - [2009/09/11 21:00:54 | 00,919,024 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010/01/27 08:20:23 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\SHAWN\My Documents\Downloads\OTL.exe MOD - [2009/07/13 17:15:21 | 00,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fontext.dll MOD - [2009/07/13 17:15:21 | 00,093,696 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWOW64\fms.dll MOD - [2009/07/13 17:15:07 | 00,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll MOD - [2009/07/13 17:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2009/10/14 14:31:44 | 00,116,224 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService) SRV:[b]64bit:[/b] - [2009/07/13 17:41:59 | 00,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc) SRV:[b]64bit:[/b] - [2009/07/13 17:41:56 | 00,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc) SRV:[b]64bit:[/b] - [2009/07/13 17:41:56 | 00,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService) SRV:[b]64bit:[/b] - [2009/07/13 17:41:56 | 00,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power) SRV:[b]64bit:[/b] - [2009/07/13 17:41:55 | 00,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes) SRV:[b]64bit:[/b] - [2009/07/13 17:41:54 | 00,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify) SRV:[b]64bit:[/b] - [2009/07/13 17:41:54 | 00,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc) SRV:[b]64bit:[/b] - [2009/07/13 17:41:53 | 01,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc) SRV:[b]64bit:[/b] - [2009/07/13 17:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc) SRV:[b]64bit:[/b] - [2009/07/13 17:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc) SRV:[b]64bit:[/b] - [2009/07/13 17:41:53 | 00,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider) SRV:[b]64bit:[/b] - [2009/07/13 17:41:53 | 00,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper) SRV:[b]64bit:[/b] - [2009/07/13 17:41:53 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg) SRV:[b]64bit:[/b] - [2009/07/13 17:41:27 | 01,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009/07/13 17:41:18 | 00,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener) SRV:[b]64bit:[/b] - [2009/07/13 17:40:54 | 01,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache) SRV:[b]64bit:[/b] - [2009/07/13 17:40:28 | 00,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp) SRV:[b]64bit:[/b] - [2009/07/13 17:40:28 | 00,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc) SRV:[b]64bit:[/b] - [2009/07/13 17:40:24 | 00,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService) SRV:[b]64bit:[/b] - [2009/07/13 17:40:13 | 00,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv) SRV:[b]64bit:[/b] - [2009/07/13 17:40:10 | 00,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC) SRV:[b]64bit:[/b] - [2009/07/13 17:40:05 | 00,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV) SRV:[b]64bit:[/b] - [2009/07/13 17:40:01 | 00,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:[b]64bit:[/b] - [2009/07/13 17:40:01 | 00,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc) SRV:[b]64bit:[/b] - [2009/07/13 17:39:51 | 01,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine) SRV:[b]64bit:[/b] - [2009/07/13 17:39:28 | 03,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc) SRV:[b]64bit:[/b] - [2009/07/13 17:39:11 | 00,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax) SRV:[b]64bit:[/b] - [2009/07/02 18:42:36 | 00,017,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV - [2010/01/25 16:24:51 | 00,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829) SRV - [2010/01/25 16:23:51 | 00,194,032 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2010/01/25 13:17:15 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate) SRV - [2010/01/07 16:07:10 | 00,236,368 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2009/11/12 10:03:32 | 00,070,928 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire) SRV - [2009/11/10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService) SRV - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService) SRV - [2009/07/13 19:20:14 | 00,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS) SRV - [2009/07/13 19:20:14 | 00,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) SRV - [2009/07/13 17:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider) SRV - [2009/07/13 17:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp) SRV - [2009/07/13 12:30:11 | 00,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds) SRV - [2009/06/16 09:58:08 | 00,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService) SRV - [2009/06/10 12:39:58 | 00,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.texasoffroad.net/forum/ubbthreads.php/forums/73/1/CrossCreek_Cycle_Park IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 DE 22 A5 23 9B CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/01/25 16:26:24 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/25 20:32:56 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/01/27 02:03:41 | 00,000,000 | ---D | M] [2010/01/27 06:56:08 | 00,000,000 | ---D | M] -- C:\Users\SHAWN\AppData\Roaming\Mozilla\Extensions [2010/01/27 06:56:08 | 00,000,000 | ---D | M] -- C:\Users\SHAWN\AppData\Roaming\Mozilla\Firefox\Profiles\g9kgpsos.default\extensions [2010/01/25 16:26:12 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions O1 HOSTS File: ([2009/06/10 13:00:26 | 00,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) O4 - HKLM..\Run: [Google Updater] C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe (Google) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [Sysinternals Desktops] C:\Users\SHAWN\Desktop\SysinternalsSuite\Desktops.exe (Sysinternals - www.sysinternals.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:[b]64bit:[/b] - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOBCA7~1\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O27:[b]64bit:[/b] - HKLM IFEO\taskmgr.exe: Debugger - C:\USERS\SHAWN\DESKTOP\SYSINTERNALSSUITE\PROCEXP.EXE (Sysinternals - www.sysinternals.com) O27 - HKLM IFEO\taskmgr.exe: Debugger - "C:\USERS\SHAWN\DESKTOP\SYSINTERNALSSUITE\PROCEXP.EXE" (Sysinternals - www.sysinternals.com) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30:[b]64bit:[/b] - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{9b7e72db-071f-11df-bfd8-001372c8eca7}\Shell - "" = AutoRun O33 - MountPoints2\{9b7e72db-071f-11df-bfd8-001372c8eca7}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found [b]64bit:[/b] O35 - comfile [open] -- "%1" %* File not found [b]64bit:[/b] O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color] [2010/01/27 08:05:10 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\AppData\Roaming\Malwarebytes [2010/01/27 08:05:05 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010/01/27 08:05:02 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010/01/27 08:05:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/01/27 08:05:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010/01/27 07:40:04 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT [2010/01/27 07:39:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2010/01/27 06:55:14 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\AppData\Local\Mozilla [2010/01/26 17:29:02 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\AppData\Roaming\Mozilla [2010/01/26 14:35:35 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\Desktop\Tangent_blue_grey_business_package [2010/01/26 12:06:41 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\Desktop\Security Compliance Management Toolkit _ Windows 7 [2010/01/26 02:14:40 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\Documents\AccessEnum[1] [2010/01/26 00:25:34 | 00,000,000 | --SD | C] -- C:\Users\SHAWN\Documents\My Web Sites [2010/01/26 00:19:35 | 00,000,000 | -HSD | C] -- C:\Config.Msi [2010/01/25 23:42:03 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Expression [2010/01/25 23:28:45 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works [2010/01/25 23:26:54 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio [2010/01/25 23:26:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2010/01/25 23:25:17 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010/01/25 23:25:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2010/01/25 23:18:27 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2010/01/25 23:18:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2010/01/25 23:16:34 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\AppData\Local\Microsoft Help [2010/01/25 23:16:24 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2010/01/25 23:14:56 | 00,000,000 | RH-D | C] -- C:\MSOCache [2010/01/25 23:07:44 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Imaging [2010/01/25 23:06:56 | 00,000,000 | ---D | C] -- C:\Program Files\Windows AIK [2010/01/25 22:30:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2010/01/25 22:28:56 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Deployment Toolkit [2010/01/25 22:28:09 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache [2010/01/25 22:14:14 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\AppData\Local\Adobe [2010/01/25 22:07:53 | 00,000,000 | R--D | C] -- C:\Users\SHAWN\Desktop\AVS Audio [2010/01/25 22:04:26 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\Documents\AVS4YOU [2010/01/25 22:03:31 | 00,000,000 | R--D | C] -- C:\Users\SHAWN\Desktop\AVS Video [2010/01/25 21:23:14 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\Documents\My Downloads [2010/01/25 21:22:58 | 00,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2010/01/25 21:06:35 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\AppData\Roaming\AVS4YOU [2010/01/25 20:58:59 | 01,003,008 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll [2010/01/25 20:56:02 | 00,082,944 | ---- | C] (Voxware, Inc.) -- C:\Windows\SysWow64\vct3216.acm [2010/01/25 20:56:02 | 00,081,920 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\AC3ACM.acm [2010/01/25 20:56:02 | 00,038,912 | ---- | C] (NCT Company) -- C:\Windows\SysWow64\alf2cd.acm [2010/01/25 20:56:02 | 00,013,239 | ---- | C] (SHARP Corporation) -- C:\Windows\SysWow64\Scg726.acm [2010/01/25 20:55:59 | 00,221,215 | ---- | C] (DivXNetworks, Inc.) -- C:\Windows\SysWow64\divxdec.ax [2010/01/25 20:55:53 | 00,638,976 | ---- | C] (DivXNetworks, Inc.) -- C:\Windows\SysWow64\divx.dll [2010/01/25 20:55:53 | 00,261,632 | ---- | C] (MainConcept) -- C:\Windows\SysWow64\mcdvd_32.dll [2010/01/25 20:55:45 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia [2010/01/25 20:55:44 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU [2010/01/25 20:35:09 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\AppData\Local\Threat Expert [2010/01/25 20:25:21 | 00,065,072 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys [2010/01/25 20:25:21 | 00,059,880 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys [2010/01/25 20:25:21 | 00,041,888 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys [2010/01/25 20:21:34 | 00,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll [2010/01/25 20:21:32 | 01,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll [2010/01/25 20:21:32 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll [2010/01/25 20:13:31 | 00,007,669 | ---- | C] () -- C:\Users\SHAWN\AppData\Local\Resmon.ResmonCfg [2010/01/25 19:46:42 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\Documents\accesschk[1] [2010/01/25 19:40:59 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\Documents\RootkitRevealer [2010/01/25 19:36:21 | 00,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2010/01/25 19:34:08 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\AppData\Roaming\Macromedia [2010/01/25 17:02:18 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\AppData\Roaming\Adobe [2010/01/25 17:02:11 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\AppData\Roaming\Google [2010/01/25 16:40:50 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\Documents\Downloads [2010/01/25 16:34:21 | 00,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys [2010/01/25 16:34:21 | 00,132,048 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys [2010/01/25 16:33:48 | 00,218,056 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys [2010/01/25 16:33:29 | 00,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys [2010/01/25 16:31:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2010/01/25 16:31:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor [2010/01/25 16:31:22 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2010/01/25 16:31:18 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010/01/25 16:30:28 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe [2010/01/25 16:30:24 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2010/01/25 16:30:24 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2010/01/25 16:26:09 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2010/01/25 16:25:49 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\Documents\My Google Gadgets [2010/01/25 16:25:44 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\AppData\Local\Google [2010/01/25 16:25:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2010/01/25 16:25:34 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\IOSUBSYS [2010/01/25 16:24:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Google [2010/01/25 16:23:59 | 00,000,000 | ---D | C] -- C:\Program Files\Google [2010/01/25 16:23:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Google Updater [2010/01/25 13:17:16 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2010/01/25 13:11:38 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2010/01/25 12:33:13 | 00,001,346 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/01/25 12:27:56 | 00,000,000 | ---D | C] -- C:\Windows\Minidump [2010/01/25 11:26:08 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\AppData\Local\Diagnostics [2010/01/22 08:34:26 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\Desktop\Win7 32.exe [2010/01/22 08:25:19 | 00,000,000 | ---D | C] -- C:\ProgramData\WD_SmartWareCommon [2010/01/21 23:34:17 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\AppData\Local\Western_Digital [2010/01/21 23:26:44 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\AppData\Roaming\Western Digital [2010/01/21 23:26:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Western Digital [2010/01/21 23:26:14 | 00,000,000 | ---D | C] -- C:\Program Files\Western Digital [2010/01/21 23:26:14 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital [2010/01/21 23:25:46 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\AppData\Local\Western Digital [2010/01/21 23:18:24 | 00,112,056 | ---- | C] () -- C:\Users\SHAWN\AppData\Local\GDIPFONTCACHEV1.DAT [2010/01/21 23:15:50 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\Desktop\wirelesskeyview [2010/01/21 23:15:11 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\Desktop\SysinternalsSuite [2010/01/21 23:14:03 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\AppData\Roaming\GetRightToGo [2010/01/21 23:11:37 | 00,000,000 | R--D | C] -- C:\Users\SHAWN\Searches [2010/01/21 23:11:29 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\AppData\Roaming\Identities [2010/01/21 23:11:27 | 00,000,000 | R--D | C] -- C:\Users\SHAWN\Contacts [2010/01/21 23:11:26 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\AppData\Local\VirtualStore [2010/01/21 23:11:20 | 00,000,000 | -HSD | C] -- C:\Users\SHAWN\AppData\Local\Temporary Internet Files [2010/01/21 23:11:20 | 00,000,000 | -HSD | C] -- C:\Users\SHAWN\Templates [2010/01/21 23:11:20 | 00,000,000 | -HSD | C] -- C:\Users\SHAWN\Start Menu [2010/01/21 23:11:20 | 00,000,000 | -HSD | C] -- C:\Users\SHAWN\SendTo [2010/01/21 23:11:20 | 00,000,000 | -HSD | C] -- C:\Users\SHAWN\Recent [2010/01/21 23:11:20 | 00,000,000 | -HSD | C] -- C:\Users\SHAWN\PrintHood [2010/01/21 23:11:20 | 00,000,000 | -HSD | C] -- C:\Users\SHAWN\NetHood [2010/01/21 23:11:20 | 00,000,000 | -HSD | C] -- C:\Users\SHAWN\Documents\My Videos [2010/01/21 23:11:20 | 00,000,000 | -HSD | C] -- C:\Users\SHAWN\Documents\My Pictures [2010/01/21 23:11:20 | 00,000,000 | -HSD | C] -- C:\Users\SHAWN\Documents\My Music [2010/01/21 23:11:20 | 00,000,000 | -HSD | C] -- C:\Users\SHAWN\My Documents [2010/01/21 23:11:20 | 00,000,000 | -HSD | C] -- C:\Users\SHAWN\Local Settings [2010/01/21 23:11:20 | 00,000,000 | -HSD | C] -- C:\Users\SHAWN\AppData\Local\History [2010/01/21 23:11:20 | 00,000,000 | -HSD | C] -- C:\Users\SHAWN\Cookies [2010/01/21 23:11:20 | 00,000,000 | -HSD | C] -- C:\Users\SHAWN\Application Data [2010/01/21 23:11:20 | 00,000,000 | -HSD | C] -- C:\Users\SHAWN\AppData\Local\Application Data [2010/01/21 23:11:19 | 00,000,000 | --SD | C] -- C:\Users\SHAWN\AppData\Roaming\Microsoft [2010/01/21 23:11:19 | 00,000,000 | R--D | C] -- C:\Users\SHAWN\Videos [2010/01/21 23:11:19 | 00,000,000 | R--D | C] -- C:\Users\SHAWN\Saved Games [2010/01/21 23:11:19 | 00,000,000 | R--D | C] -- C:\Users\SHAWN\Pictures [2010/01/21 23:11:19 | 00,000,000 | R--D | C] -- C:\Users\SHAWN\Music [2010/01/21 23:11:19 | 00,000,000 | R--D | C] -- C:\Users\SHAWN\Links [2010/01/21 23:11:19 | 00,000,000 | R--D | C] -- C:\Users\SHAWN\Favorites [2010/01/21 23:11:19 | 00,000,000 | R--D | C] -- C:\Users\SHAWN\Downloads [2010/01/21 23:11:19 | 00,000,000 | R--D | C] -- C:\Users\SHAWN\Documents [2010/01/21 23:11:19 | 00,000,000 | R--D | C] -- C:\Users\SHAWN\Desktop [2010/01/21 23:11:19 | 00,000,000 | -H-D | C] -- C:\Users\SHAWN\AppData [2010/01/21 23:11:19 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\AppData\Local\Temp [2010/01/21 23:11:19 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\AppData\Local\Microsoft [2010/01/21 23:11:19 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\AppData\Roaming\Media Center Programs [2010/01/21 22:30:29 | 00,000,000 | ---D | C] -- C:\Users\SHAWN\AppData\Local\Microsoft Games [2010/01/21 22:25:54 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2010/01/21 22:23:39 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch [2010/01/21 22:22:05 | 00,000,000 | ---D | C] -- C:\Windows\Panther [2010/01/21 22:14:03 | 00,000,000 | ---D | C] -- C:\Windows.old [2010/01/21 21:38:11 | 02,671,711 | -H-- | C] () -- C:\Users\SHAWN\AppData\Local\IconCache.db [2010/01/21 21:33:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2010/01/21 21:32:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware [2010/01/21 21:32:25 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials [2010/01/21 21:32:23 | 00,000,000 | -HSD | C] -- C:\Windows\Installer [2010/01/21 16:08:19 | 00,000,000 | -HSD | C] -- C:\System Volume Information [2010/01/21 16:07:28 | 00,000,000 | -HSD | C] -- C:\Boot [2010/01/21 14:13:34 | 00,000,000 | -HSD | C] -- C:\Recovery [2009/07/13 21:32:39 | 00,043,318 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont [2009/07/13 21:32:39 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2009/07/13 21:32:39 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2009/07/13 21:32:39 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2009/07/13 20:54:24 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini [color=#E56717]========== Files - Modified Within 14 Days ==========[/color] [2010/01/27 09:16:42 | 02,097,152 | -HS- | M] () -- C:\Users\SHAWN\ntuser.dat [2010/01/27 08:28:00 | 00,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/01/27 08:21:24 | 00,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/01/27 08:21:24 | 00,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/01/27 08:19:23 | 00,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/01/27 08:19:23 | 00,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/01/27 08:19:23 | 00,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/01/27 08:18:33 | 00,000,516 | ---- | M] () -- C:\Windows\tasks\Malwarebytes' Scheduled Scan for SHAWN.job [2010/01/27 08:18:31 | 00,000,502 | ---- | M] () -- C:\Windows\tasks\Malwarebytes' Scheduled Update for SHAWN.job [2010/01/27 08:16:26 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010/01/27 08:14:31 | 00,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/01/27 08:14:09 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/01/27 08:14:06 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/01/27 08:13:59 | 26,157,87520 | -HS- | M] () -- C:\hiberfil.sys [2010/01/27 08:13:26 | 02,671,711 | -H-- | M] () -- C:\Users\SHAWN\AppData\Local\IconCache.db [2010/01/27 08:05:08 | 00,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/01/27 07:59:46 | 00,293,376 | ---- | M] () -- C:\Users\SHAWN\Desktop\gmer.exe [2010/01/27 07:39:23 | 00,000,924 | ---- | M] () -- C:\Users\SHAWN\Desktop\NTREGOPT.lnk [2010/01/27 07:39:23 | 00,000,905 | ---- | M] () -- C:\Users\SHAWN\Desktop\ERUNT.lnk [2010/01/27 07:07:16 | 00,000,162 | -H-- | M] () -- C:\Users\SHAWN\Documents\~$ndows 7 Security Guide.docx [2010/01/27 06:55:51 | 00,002,194 | ---- | M] () -- C:\Users\SHAWN\Desktop\Google Chrome.lnk [2010/01/26 11:19:36 | 00,112,056 | ---- | M] () -- C:\Users\SHAWN\AppData\Local\GDIPFONTCACHEV1.DAT [2010/01/26 11:19:04 | 00,421,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010/01/26 03:17:00 | 00,000,478 | ---- | M] () -- C:\Windows\win.ini [2010/01/26 02:32:05 | 41,577,9681 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010/01/26 02:12:04 | 00,524,288 | -HS- | M] () -- C:\Users\SHAWN\ntuser.dat{495b2979-0a5c-11df-a086-001372c8eca7}.TMContainer00000000000000000002.regtrans-ms [2010/01/26 02:12:04 | 00,524,288 | -HS- | M] () -- C:\Users\SHAWN\ntuser.dat{495b2979-0a5c-11df-a086-001372c8eca7}.TMContainer00000000000000000001.regtrans-ms [2010/01/26 02:12:04 | 00,065,536 | -HS- | M] () -- C:\Users\SHAWN\ntuser.dat{495b2979-0a5c-11df-a086-001372c8eca7}.TM.blf [2010/01/26 02:09:05 | 00,524,288 | -HS- | M] () -- C:\Users\SHAWN\ntuser.dat{495b2857-0a5c-11df-a086-001372c8eca7}.TMContainer00000000000000000002.regtrans-ms [2010/01/26 02:09:05 | 00,524,288 | -HS- | M] () -- C:\Users\SHAWN\ntuser.dat{495b2857-0a5c-11df-a086-001372c8eca7}.TMContainer00000000000000000001.regtrans-ms [2010/01/26 02:09:05 | 00,065,536 | -HS- | M] () -- C:\Users\SHAWN\ntuser.dat{495b2857-0a5c-11df-a086-001372c8eca7}.TM.blf [2010/01/25 20:13:31 | 00,007,669 | ---- | M] () -- C:\Users\SHAWN\AppData\Local\Resmon.ResmonCfg [2010/01/25 19:40:18 | 00,231,390 | ---- | M] () -- C:\Users\SHAWN\Documents\RootkitRevealer.zip [2010/01/25 18:22:38 | 00,000,000 | -H-- | M] () -- C:\Users\SHAWN\Documents\Default.rdp [2010/01/25 16:30:35 | 00,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/01/25 16:26:16 | 00,001,939 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/01/25 13:17:27 | 00,002,173 | ---- | M] () -- C:\Users\Public\Desktop\crosscreekcp.com Calendar.lnk [2010/01/25 13:17:27 | 00,002,139 | ---- | M] () -- C:\Users\Public\Desktop\crosscreekcp.com Email.lnk [2010/01/25 13:17:27 | 00,002,127 | ---- | M] () -- C:\Users\Public\Desktop\crosscreekcp.com Docs.lnk [2010/01/25 12:36:20 | 00,001,346 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2010/01/22 10:07:59 | 00,502,438 | ---- | M] () -- C:\Users\SHAWN\Documents\Windows 7 Security Guide.docx [2010/01/22 09:20:04 | 25,018,94144 | ---- | M] () -- C:\Users\SHAWN\Desktop\X15-65804.iso [2010/01/21 23:26:36 | 00,001,373 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk [2010/01/21 23:26:36 | 00,001,318 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2010/01/21 23:11:20 | 00,000,020 | -HS- | M] () -- C:\Users\SHAWN\ntuser.ini [2010/01/21 22:26:34 | 00,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2010/01/21 22:26:34 | 00,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2010/01/21 22:24:24 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010/01/21 22:21:53 | 00,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010/01/21 21:38:13 | 00,524,288 | -HS- | M] () -- C:\Users\SHAWN\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010/01/21 21:38:13 | 00,524,288 | -HS- | M] () -- C:\Users\SHAWN\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010/01/21 21:38:13 | 00,065,536 | -HS- | M] () -- C:\Users\SHAWN\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010/01/21 21:32:26 | 00,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010/01/27 08:18:33 | 00,000,516 | ---- | C] () -- C:\Windows\tasks\Malwarebytes' Scheduled Scan for SHAWN.job [2010/01/27 08:18:31 | 00,000,502 | ---- | C] () -- C:\Windows\tasks\Malwarebytes' Scheduled Update for SHAWN.job [2010/01/27 08:05:08 | 00,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/01/27 07:39:23 | 00,000,924 | ---- | C] () -- C:\Users\SHAWN\Desktop\NTREGOPT.lnk [2010/01/27 07:39:23 | 00,000,905 | ---- | C] () -- C:\Users\SHAWN\Desktop\ERUNT.lnk [2010/01/27 07:07:16 | 00,000,162 | -H-- | C] () -- C:\Users\SHAWN\Documents\~$ndows 7 Security Guide.docx [2010/01/27 06:55:51 | 00,002,194 | ---- | C] () -- C:\Users\SHAWN\Desktop\Google Chrome.lnk [2010/01/26 13:33:31 | 00,363,963 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0134.JPG [2010/01/26 13:33:30 | 00,311,327 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0128.JPG [2010/01/26 13:33:30 | 00,306,229 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0130.JPG [2010/01/26 13:33:30 | 00,300,209 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0131.JPG [2010/01/26 13:33:30 | 00,294,393 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0125.JPG [2010/01/26 13:33:30 | 00,286,132 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0132.JPG [2010/01/26 13:33:30 | 00,280,630 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0129.JPG [2010/01/26 13:33:30 | 00,279,975 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0133.JPG [2010/01/26 13:33:30 | 00,277,495 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0127.JPG [2010/01/26 13:33:30 | 00,274,594 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0123.JPG [2010/01/26 13:33:30 | 00,274,310 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0126.JPG [2010/01/26 13:33:30 | 00,274,082 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0122.JPG [2010/01/26 13:33:30 | 00,272,806 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0124.JPG [2010/01/26 13:33:29 | 00,311,329 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0118.JPG [2010/01/26 13:33:29 | 00,304,374 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0119.JPG [2010/01/26 13:33:29 | 00,304,236 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0116.JPG [2010/01/26 13:33:29 | 00,301,830 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0120.JPG [2010/01/26 13:33:29 | 00,299,383 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0115.JPG [2010/01/26 13:33:29 | 00,295,336 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0121.JPG [2010/01/26 13:33:29 | 00,294,382 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0113.JPG [2010/01/26 13:33:29 | 00,292,957 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0117.JPG [2010/01/26 13:33:29 | 00,292,454 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0114.JPG [2010/01/26 13:33:29 | 00,286,509 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0112.JPG [2010/01/26 13:33:28 | 00,326,418 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0109.JPG [2010/01/26 13:33:28 | 00,293,709 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0103.JPG [2010/01/26 13:33:28 | 00,293,262 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0108.JPG [2010/01/26 13:33:28 | 00,289,864 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0111.JPG [2010/01/26 13:33:28 | 00,283,433 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0105.JPG [2010/01/26 13:33:28 | 00,279,763 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0106.JPG [2010/01/26 13:33:28 | 00,277,268 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0104.JPG [2010/01/26 13:33:28 | 00,267,965 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0107.JPG [2010/01/26 13:33:28 | 00,267,006 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0110.JPG [2010/01/26 13:33:27 | 00,339,242 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0092.JPG [2010/01/26 13:33:27 | 00,336,854 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0089.JPG [2010/01/26 13:33:27 | 00,328,064 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0093.JPG [2010/01/26 13:33:27 | 00,305,432 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0090.JPG [2010/01/26 13:33:27 | 00,297,164 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0097.JPG [2010/01/26 13:33:27 | 00,296,803 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0100.JPG [2010/01/26 13:33:27 | 00,289,131 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0101.JPG [2010/01/26 13:33:27 | 00,288,552 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0091.JPG [2010/01/26 13:33:27 | 00,287,093 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0098.JPG [2010/01/26 13:33:27 | 00,286,648 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0102.JPG [2010/01/26 13:33:27 | 00,284,651 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0094.JPG [2010/01/26 13:33:27 | 00,281,953 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0096.JPG [2010/01/26 13:33:27 | 00,280,105 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0099.JPG [2010/01/26 13:33:27 | 00,278,259 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0095.JPG [2010/01/26 13:33:26 | 00,318,148 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0081.JPG [2010/01/26 13:33:26 | 00,312,340 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0087.JPG [2010/01/26 13:33:26 | 00,299,818 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0083.JPG [2010/01/26 13:33:26 | 00,294,440 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0088.JPG [2010/01/26 13:33:26 | 00,290,999 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0080.JPG [2010/01/26 13:33:26 | 00,275,030 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0086.JPG [2010/01/26 13:33:26 | 00,266,778 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0084.JPG [2010/01/26 13:33:26 | 00,264,920 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0085.JPG [2010/01/26 13:33:26 | 00,254,184 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0082.JPG [2010/01/26 13:33:25 | 00,312,256 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0075.JPG [2010/01/26 13:33:25 | 00,312,181 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0077.JPG [2010/01/26 13:33:25 | 00,306,218 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0076.JPG [2010/01/26 13:33:25 | 00,299,009 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0079.JPG [2010/01/26 13:33:25 | 00,296,724 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0078.JPG [2010/01/26 13:33:24 | 00,321,611 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0073.JPG [2010/01/26 13:33:24 | 00,316,327 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0072.JPG [2010/01/26 13:33:24 | 00,301,764 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0071.JPG [2010/01/26 13:33:24 | 00,299,980 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0074.JPG [2010/01/26 13:33:24 | 00,291,656 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0070.JPG [2010/01/26 13:33:24 | 00,289,627 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0065.JPG [2010/01/26 13:33:24 | 00,289,323 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0069.JPG [2010/01/26 13:33:24 | 00,280,976 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0067.JPG [2010/01/26 13:33:24 | 00,266,850 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0068.JPG [2010/01/26 13:33:24 | 00,261,020 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0066.JPG [2010/01/26 13:33:23 | 00,310,177 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0060.JPG [2010/01/26 13:33:23 | 00,303,550 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0061.JPG [2010/01/26 13:33:23 | 00,301,973 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0062.JPG [2010/01/26 13:33:23 | 00,298,360 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0063.JPG [2010/01/26 13:33:23 | 00,280,353 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0064.JPG [2010/01/26 13:33:23 | 00,265,316 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0059.JPG [2010/01/26 13:33:22 | 00,299,357 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0054.JPG [2010/01/26 13:33:22 | 00,297,062 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0055.JPG [2010/01/26 13:33:22 | 00,291,117 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0053.JPG [2010/01/26 13:33:22 | 00,288,020 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0058.JPG [2010/01/26 13:33:22 | 00,284,915 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0052.JPG [2010/01/26 13:33:22 | 00,280,381 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0056.JPG [2010/01/26 13:33:22 | 00,275,296 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0057.JPG [2010/01/26 13:33:21 | 00,309,435 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0049.JPG [2010/01/26 13:33:21 | 00,306,884 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0045.JPG [2010/01/26 13:33:21 | 00,303,703 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0047.JPG [2010/01/26 13:33:21 | 00,303,570 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0048.JPG [2010/01/26 13:33:21 | 00,302,949 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0043.JPG [2010/01/26 13:33:21 | 00,300,932 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0051.JPG [2010/01/26 13:33:21 | 00,299,351 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0041.JPG [2010/01/26 13:33:21 | 00,296,723 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0044.JPG [2010/01/26 13:33:21 | 00,289,832 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0046.JPG [2010/01/26 13:33:21 | 00,288,728 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0050.JPG [2010/01/26 13:33:21 | 00,265,622 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0042.JPG [2010/01/26 13:33:20 | 00,389,804 | ---- | C] () -- C:\Users\SHAWN\Documents\MX Dude1.png [2010/01/26 13:33:20 | 00,283,266 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0040.JPG [2010/01/26 13:33:20 | 00,277,889 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0038.JPG [2010/01/26 13:33:20 | 00,274,581 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0039.JPG [2010/01/26 13:33:20 | 00,129,530 | ---- | C] () -- C:\Users\SHAWN\Documents\hook-up-748140.jpg [2010/01/26 13:33:20 | 00,071,973 | ---- | C] () -- C:\Users\SHAWN\Documents\Harley Whip Cut out2.png [2010/01/26 13:33:19 | 00,350,424 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0136.JPG [2010/01/26 13:33:19 | 00,321,867 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0135.JPG [2010/01/26 13:33:19 | 00,315,326 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0137.JPG [2010/01/26 13:33:19 | 00,300,953 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0140.JPG [2010/01/26 13:33:19 | 00,289,362 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0139.JPG [2010/01/26 13:33:19 | 00,289,066 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0141.JPG [2010/01/26 13:33:19 | 00,284,042 | ---- | C] () -- C:\Users\SHAWN\Documents\PICT0138.JPG [2010/01/26 13:33:19 | 00,217,207 | ---- | C] () -- C:\Users\SHAWN\Documents\Test Pic2.png [2010/01/26 13:33:19 | 00,176,665 | ---- | C] () -- C:\Users\SHAWN\Documents\DSC_4474 (Large).JPG [2010/01/26 13:33:19 | 00,106,425 | ---- | C] () -- C:\Users\SHAWN\Documents\Cross Creek 9-14-08 .jpg [2010/01/26 13:33:19 | 00,102,657 | ---- | C] () -- C:\Users\SHAWN\Documents\Poster pic4_001.png [2010/01/26 13:33:19 | 00,100,247 | ---- | C] () -- C:\Users\SHAWN\Documents\DSC_0065 (Large).JPG [2010/01/26 13:33:19 | 00,021,185 | ---- | C] () -- C:\Users\SHAWN\Documents\crosscreeklogo.png [2010/01/26 12:09:27 | 00,006,652 | ---- | C] () -- C:\Users\SHAWN\Win7-EC-Desktop.xml [2010/01/26 02:12:04 | 00,524,288 | -HS- | C] () -- C:\Users\SHAWN\ntuser.dat{495b2979-0a5c-11df-a086-001372c8eca7}.TMContainer00000000000000000002.regtrans-ms [2010/01/26 02:12:04 | 00,524,288 | -HS- | C] () -- C:\Users\SHAWN\ntuser.dat{495b2979-0a5c-11df-a086-001372c8eca7}.TMContainer00000000000000000001.regtrans-ms [2010/01/26 02:12:04 | 00,065,536 | -HS- | C] () -- C:\Users\SHAWN\ntuser.dat{495b2979-0a5c-11df-a086-001372c8eca7}.TM.blf [2010/01/26 01:23:00 | 00,524,288 | -HS- | C] () -- C:\Users\SHAWN\ntuser.dat{495b2857-0a5c-11df-a086-001372c8eca7}.TMContainer00000000000000000002.regtrans-ms [2010/01/26 01:22:59 | 00,524,288 | -HS- | C] () -- C:\Users\SHAWN\ntuser.dat{495b2857-0a5c-11df-a086-001372c8eca7}.TMContainer00000000000000000001.regtrans-ms [2010/01/26 01:22:59 | 00,065,536 | -HS- | C] () -- C:\Users\SHAWN\ntuser.dat{495b2857-0a5c-11df-a086-001372c8eca7}.TM.blf [2010/01/26 00:45:25 | 00,071,973 | ---- | C] () -- C:\Users\SHAWN\Documents\themed_image.png [2010/01/25 20:55:53 | 00,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010/01/25 20:55:53 | 00,156,910 | ---- | C] () -- C:\Windows\WMSysPr8.prx [2010/01/25 20:55:53 | 00,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010/01/25 20:55:53 | 00,053,248 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax [2010/01/25 20:21:35 | 00,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll [2010/01/25 20:21:34 | 00,000,883 | ---- | C] () -- C:\Windows\RegSDImport.xml [2010/01/25 20:21:34 | 00,000,880 | ---- | C] () -- C:\Windows\RegISSImport.xml [2010/01/25 20:21:34 | 00,000,131 | ---- | C] () -- C:\Windows\IDB.zip [2010/01/25 20:21:33 | 01,152,444 | ---- | C] () -- C:\Windows\UDB.zip [2010/01/25 19:40:17 | 00,231,390 | ---- | C] () -- C:\Users\SHAWN\Documents\RootkitRevealer.zip [2010/01/25 18:22:38 | 00,000,000 | -H-- | C] () -- C:\Users\SHAWN\Documents\Default.rdp [2010/01/25 16:34:21 | 00,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat [2010/01/25 16:33:48 | 00,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat [2010/01/25 16:33:29 | 00,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat [2010/01/25 16:30:35 | 00,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/01/25 16:26:16 | 00,001,939 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/01/25 16:23:53 | 00,000,880 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job [2010/01/25 13:17:27 | 00,002,173 | ---- | C] () -- C:\Users\Public\Desktop\crosscreekcp.com Calendar.lnk [2010/01/25 13:17:27 | 00,002,139 | ---- | C] () -- C:\Users\Public\Desktop\crosscreekcp.com Email.lnk [2010/01/25 13:17:27 | 00,002,127 | ---- | C] () -- C:\Users\Public\Desktop\crosscreekcp.com Docs.lnk [2010/01/25 13:17:22 | 00,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/01/25 13:17:21 | 00,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/01/25 12:33:13 | 00,001,346 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/01/25 12:27:50 | 41,577,9681 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010/01/22 10:07:53 | 00,502,438 | ---- | C] () -- C:\Users\SHAWN\Documents\Windows 7 Security Guide.docx [2010/01/21 23:26:36 | 00,001,373 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk [2010/01/21 23:26:36 | 00,001,318 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2010/01/21 23:15:38 | 01,151,881 | ---- | C] () -- C:\Users\SHAWN\Desktop\PsTools.zip [2010/01/21 23:15:02 | 12,017,744 | ---- | C] () -- C:\Users\SHAWN\Desktop\SysinternalsSuite.zip [2010/01/21 23:14:13 | 25,018,94144 | ---- | C] () -- C:\Users\SHAWN\Desktop\X15-65804.iso [2010/01/21 23:11:20 | 00,524,288 | -HS- | C] () -- C:\Users\SHAWN\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010/01/21 23:11:20 | 00,524,288 | -HS- | C] () -- C:\Users\SHAWN\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010/01/21 23:11:20 | 00,065,536 | -HS- | C] () -- C:\Users\SHAWN\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010/01/21 23:11:20 | 00,000,020 | -HS- | C] () -- C:\Users\SHAWN\ntuser.ini [2010/01/21 23:11:19 | 02,097,152 | -HS- | C] () -- C:\Users\SHAWN\ntuser.dat [2010/01/21 22:24:24 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010/01/21 21:32:26 | 00,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010/01/21 16:08:19 | 26,157,87520 | -HS- | C] () -- C:\hiberfil.sys [2010/01/21 16:07:29 | 00,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2010/01/21 16:07:28 | 00,383,562 | RHS- | C] () -- C:\bootmgr [2009/07/13 15:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 13:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [color=#E56717]========== LOP Check ==========[/color] [2010/01/22 10:07:16 | 00,000,000 | ---D | M] -- C:\Users\SHAWN\AppData\Roaming\GetRightToGo [2010/01/21 23:26:44 | 00,000,000 | ---D | M] -- C:\Users\SHAWN\AppData\Roaming\Western Digital [2010/01/25 18:21:48 | 00,005,376 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009/07/13 17:52:21 | 00,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys [2009/07/13 17:52:21 | 00,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009/07/13 17:52:21 | 00,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows.old\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009/07/13 17:52:21 | 00,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009/07/13 17:52:21 | 00,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009/07/13 17:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows.old\Windows\System32\drivers\atapi.sys [2009/07/13 17:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009/07/13 17:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows.old\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009/07/13 17:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009/07/13 17:52:21 | 00,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color] [2009/07/13 17:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\SysWOW64\cngaudit.dll [2009/07/13 17:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/13 17:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/13 17:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/13 17:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/13 17:40:20 | 00,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows.old\Windows\System32\cngaudit.dll [2009/07/13 17:40:20 | 00,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll [2009/07/13 17:40:20 | 00,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll [color=#A23BEC]< MD5 for: IASTORV.SYS >[/color] [2009/07/13 17:48:04 | 00,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys [2009/07/13 17:48:04 | 00,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/13 17:48:04 | 00,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows.old\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys [2009/07/13 17:48:04 | 00,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/13 17:48:04 | 00,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2009/07/13 17:41:52 | 00,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows.old\Windows\System32\netlogon.dll [2009/07/13 17:41:52 | 00,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009/07/13 17:41:52 | 00,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009/07/13 17:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\SysWOW64\netlogon.dll [2009/07/13 17:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll [2009/07/13 17:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009/07/13 17:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009/07/13 17:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll [color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color] [2009/07/13 17:45:45 | 00,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows.old\Windows\System32\drivers\nvstor.sys [2009/07/13 17:45:45 | 00,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/13 17:45:45 | 00,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows.old\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2009/07/13 17:45:45 | 00,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/13 17:45:45 | 00,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2009/07/13 17:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\SysWOW64\scecli.dll [2009/07/13 17:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/13 17:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009/07/13 17:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009/07/13 17:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/13 17:41:53 | 00,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows.old\Windows\System32\scecli.dll [2009/07/13 17:41:53 | 00,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2009/07/13 17:41:53 | 00,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report >