Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Spam originating from my email [Solved]

Started by Oyml , Dec 27 2011 05:36 PM

This topic is locked

#1
Oyml

Posted 27 December 2011 - 05:36 PM

Member

Member
35 posts

About a month ago, I received a spam email from my wife's Bellsouth account. I told her she should change her password and ran a malware scan (we share a computer) and figured the issue was done. A few days later, a spam email was sent from my Bellsouth account. I ran a few more malware scans which found a couple of things, but nothing major and I hoped that the issue was done. About a week later, another email was sent from my account and I started doing a bit more research. I downloaded and ran several different virus, rootkit, and malware scans and removed anything that was found, which wasn't a whole lot. Everything was quiet again for awhile, but then on the 26th, my wife's email sent out another piece of spam. I've decided to let someone with more knowledge help and hopefully stop this from happening any more.

With the last spam sent prior to the spam sent on the 26th, I installed and ran Trend Micro RUBotted and Browser Guard, Spybot Search & Destroy, MBAM, and a rootkit scanner, although right now I can't recall what it was. Nothing major was found with any of them. I always run Panda Cloud security and SUPER Antispyware.

I have also considered the possibility of a spoof of our email accounts, but the headers of the spam email all seem normal, so I'm thinking it is either a compromised account (unlikely as the spam doesn't appear in the sent mail of the account) or a virus that is pretty good at hiding itself.

My OTL log:

OTL logfile created on: 12/27/2011 6:38:50 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jon-Alan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 36.96% Memory free
11.50 Gb Paging File | 7.46 Gb Available in Paging File | 64.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.33 Gb Total Space | 141.60 Gb Free Space | 15.44% Space Free | Partition Type: NTFS
Drive Y: | 465.65 Gb Total Space | 93.62 Gb Free Space | 20.11% Space Free | Partition Type: FAT32
Drive Z: | 1831.80 Gb Total Space | 581.10 Gb Free Space | 31.72% Space Free | Partition Type: NTFS

Computer Name: OYML | User Name: Jon-Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/21 02:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/12/13 19:26:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jon-Alan\Desktop\OTL.exe
PRC - [2011/12/07 06:16:29 | 001,047,096 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011/10/21 09:51:20 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/08/24 15:32:42 | 000,074,240 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2011/07/29 14:31:40 | 001,249,064 | ---- | M] () -- C:\ProgramData\TVersity\Media Server\MediaServer.exe
PRC - [2011/07/09 09:49:31 | 000,034,728 | ---- | M] (Arainia Solutions) -- C:\Program Files (x86)\Gizmo\gservice.exe
PRC - [2011/07/09 09:49:30 | 000,223,640 | ---- | M] (Arainia Solutions) -- C:\Program Files (x86)\Gizmo\gizmo.exe
PRC - [2011/06/29 08:29:44 | 000,217,256 | ---- | M] (Panda Security) -- C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
PRC - [2011/06/28 09:03:22 | 001,843,000 | ---- | M] (Orbitdownloader.com) -- C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
PRC - [2011/06/27 09:05:26 | 000,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Program Files (x86)\Orbitdownloader\orbitnet.exe
PRC - [2011/06/25 11:30:46 | 000,884,696 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/02 09:54:16 | 000,802,758 | ---- | M] () -- C:\Program Files (x86)\AX\AX.exe
PRC - [2011/04/28 13:01:20 | 000,439,616 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2011/04/28 12:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011/04/19 01:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2011/02/25 20:21:50 | 000,665,104 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\Browser Guard\tmiegsrv.exe
PRC - [2011/02/25 20:20:58 | 000,787,984 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\Browser Guard\BGUI.exe
PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011/01/06 17:46:06 | 000,440,103 | ---- | M] () -- C:\Program Files (x86)\QuickMonth Calendar\qmc.exe
PRC - [2010/12/17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
PRC - [2010/12/17 09:33:06 | 001,103,184 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
PRC - [2010/11/10 18:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe
PRC - [2010/10/12 12:57:40 | 000,354,232 | ---- | M] (GP Software) -- C:\Program Files\GPSoftware\Directory Opus\dopusx64.exe
PRC - [2010/07/28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/07/28 16:33:58 | 006,995,864 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010/07/28 16:33:58 | 001,485,208 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2010/07/04 14:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
PRC - [2009/12/23 15:59:42 | 000,232,064 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
PRC - [2009/12/23 15:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\AsHookDevice.exe
PRC - [2009/03/12 20:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/19 12:17:24 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2008/06/01 16:05:02 | 001,529,856 | ---- | M] (Rokario Software) -- C:\Program Files (x86)\Rokario\Bandwidth Monitor\bandmon.exe
PRC - [2007/01/01 16:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe
PRC - [2005/10/12 11:22:40 | 000,184,320 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Music Anywhere\LMASysTray.exe

========== Modules (No Company Name) ==========

MOD - [2011/12/21 02:24:51 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/04 09:54:51 | 000,930,304 | ---- | M] () -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2011/09/28 14:34:43 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/09 09:49:31 | 000,404,384 | ---- | M] () -- C:\Program Files (x86)\Gizmo\gdatabase.dll
MOD - [2011/07/09 09:49:31 | 000,394,656 | ---- | M] () -- C:\Program Files (x86)\Gizmo\gdrive.dll
MOD - [2011/07/09 09:49:31 | 000,372,632 | ---- | M] () -- C:\Program Files (x86)\Gizmo\ghash.dll
MOD - [2011/07/09 09:49:31 | 000,339,864 | ---- | M] () -- C:\Program Files (x86)\Gizmo\gscript.dll
MOD - [2011/07/09 09:49:31 | 000,339,864 | ---- | M] () -- C:\Program Files (x86)\Gizmo\geditor.dll
MOD - [2011/07/09 09:49:30 | 000,315,800 | ---- | M] () -- C:\Program Files (x86)\Gizmo\gmanager.dll
MOD - [2011/07/09 09:49:30 | 000,166,816 | ---- | M] () -- C:\Program Files (x86)\Gizmo\gimage.dll
MOD - [2011/06/28 09:01:38 | 000,397,312 | ---- | M] () -- C:\Program Files (x86)\Orbitdownloader\wtlctrl.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/02 09:54:16 | 000,802,758 | ---- | M] () -- C:\Program Files (x86)\AX\AX.exe
MOD - [2011/04/01 12:55:36 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/01/06 17:46:06 | 000,440,103 | ---- | M] () -- C:\Program Files (x86)\QuickMonth Calendar\qmc.exe
MOD - [2010/11/10 18:39:08 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\controly.dll
MOD - [2010/11/10 18:39:00 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\calcy.dll
MOD - [2010/11/10 18:38:52 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\gcalc.dll
MOD - [2010/11/10 18:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe
MOD - [2010/11/10 18:38:40 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\runner.dll
MOD - [2010/11/10 18:38:24 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\weby.dll
MOD - [2010/11/10 18:38:08 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\verby.dll
MOD - [2010/07/28 16:34:04 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2010/07/28 16:02:58 | 000,658,432 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010/07/04 16:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 14:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
MOD - [2010/06/23 17:12:28 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/06/23 17:11:52 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/06/23 17:11:48 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/06/23 17:11:48 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/06/23 16:38:18 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2009/12/16 23:18:48 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Launchy\imageformats\qmng4.dll
MOD - [2009/12/16 21:13:02 | 008,314,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtGui4.dll
MOD - [2009/12/16 20:56:22 | 000,712,704 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtNetwork4.dll
MOD - [2009/12/16 20:54:46 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtCore4.dll
MOD - [2009/03/12 20:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/23 08:17:26 | 000,094,992 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2011/10/07 12:47:14 | 002,663,568 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/04/20 01:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/17 17:25:42 | 000,181,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV:64bit: - [2010/02/09 14:55:52 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/02/11 11:33:30 | 000,560,344 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\Topos\cFosSpeed\spd.exe -- (cFosSpeedS)
SRV - [2011/12/23 23:32:17 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/24 15:32:42 | 000,074,240 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (FreemakeUtilsService)
SRV - [2011/07/29 14:31:40 | 001,249,064 | ---- | M] () [Auto | Running] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2011/07/09 09:49:31 | 000,034,728 | ---- | M] (Arainia Solutions) [Auto | Running] -- C:\Program Files (x86)\Gizmo\gservice.exe -- (Gizmo Central)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/28 12:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/12/17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe -- (RUBotSrv)
SRV - [2010/07/28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 15:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/12/16 15:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/10 15:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/23 08:17:24 | 000,158,336 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2011/08/01 06:23:26 | 000,160,520 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINAflt.sys -- (PSINAflt)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/09 09:49:32 | 000,034,704 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gizmodrv.sys -- (GizmoDrv)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/28 12:57:43 | 000,128,072 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProt.sys -- (PSINProt)
DRV:64bit: - [2011/04/28 12:57:43 | 000,121,928 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProc.sys -- (PSINProc)
DRV:64bit: - [2011/04/28 12:57:42 | 000,149,576 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PSINKNC.sys -- (PSINKNC)
DRV:64bit: - [2011/04/28 12:57:42 | 000,114,760 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINFile.sys -- (PSINFile)
DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 00:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/21 12:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/15 06:02:14 | 000,041,424 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\covpnv64.sys -- (urvpndrv)
DRV:64bit: - [2010/12/15 06:02:08 | 000,018,512 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urfltv64.sys -- (f5ipfw)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/06 21:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/10/28 09:11:12 | 000,170,080 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV:64bit: - [2010/09/23 02:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/07/28 23:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/03/02 06:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010/01/27 20:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/11/10 03:11:32 | 000,234,040 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/10/20 13:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/07/15 22:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/22 15:50:00 | 000,291,352 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/04 20:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/02/11 11:33:32 | 001,090,264 | ---- | M] (cFos Software GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfosspeed.sys -- (cFosSpeed)
DRV:64bit: - [2007/10/24 02:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2011/08/26 14:11:26 | 000,035,256 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys -- (IObitUnlocker)
DRV - [2011/03/22 16:04:28 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\AFS.SYS -- (AFS)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...ys=DTP&M=GT4016
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.73.0
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..keyword.URL: "http://search.yahoo....pe=00000001&p="

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\Firefox [2011/06/28 14:21:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/06/30 02:01:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011/08/28 15:22:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/23 23:43:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/03/22 14:18:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Extensions
[2011/12/23 06:52:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions
[2011/12/13 17:43:57 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011/12/02 07:04:39 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/11/02 20:18:43 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2011/11/12 09:51:31 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/08/16 18:13:59 | 000,000,000 | ---D | M] (BYTubeD - Bulk YouTube video Downloader) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions\[email protected]
[2011/11/06 08:21:01 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions\[email protected]
[2011/11/02 17:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions
[2011/11/02 17:51:14 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2011/06/23 12:00:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\ynz33ibf.default\extensions
[2011/03/22 14:23:09 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\ynz33ibf.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011/05/03 14:12:34 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\ynz33ibf.default\extensions\[email protected]
[2011/05/01 11:05:47 | 000,004,855 | ---- | M] () -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\searchplugins\google-images.xml
[2011/05/03 14:18:13 | 000,000,705 | ---- | M] () -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\searchplugins\webster.xml
[2011/12/23 23:43:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\JON-ALAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F6RN11J2.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\JON-ALAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F6RN11J2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JON-ALAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F6RN11J2.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\JON-ALAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F6RN11J2.DEFAULT\EXTENSIONS\[email protected]
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Freemake np-plugin for google chrome (Enabled) = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
CHR - plugin: Orbit Downloader (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\nporbit.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Jon-Alan\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.7_1\
CHR - Extension: Chrome YouTube Downloader = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.6.1_1\
CHR - Extension: Adblock Plus for Google Chrome\u2122 (Beta) = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\
CHR - Extension: LastPass = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.80.2_0\
CHR - Extension: Freemake Video Converter = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: Poppit = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: FastestTube = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\phahnhbgfdhgobenebnjbgmacgpbfaag\2.0.0_0\

O1 HOSTS File: ([2011/12/13 07:27:36 | 000,438,933 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15094 more lines...
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (TMIEGBHO Class) - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files (x86)\Trend Micro\Browser Guard\X64\TMAMS64.dll (Trend Micro Inc.)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll (Google Inc.)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (TMIEGBHO Class) - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files (x86)\Trend Micro\Browser Guard\TMAMS.dll (Trend Micro Inc.)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3:64bit: - HKLM\..\Toolbar: (TMBGBAR TOOLBAR) - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files (x86)\Trend Micro\Browser Guard\X64\tmieg64.dll (Trend Micro Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (TMBGBAR TOOLBAR) - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files (x86)\Trend Micro\Browser Guard\tmieg.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
O4 - HKLM..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Trend Micro Browser Guard] C:\Program Files (x86)\Trend Micro\Browser Guard\BGUI.EXE (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\.DEFAULT..\Run: [EPSON WorkForce 30 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEEA.EXE /FU "C:\Windows\TEMP\E_S6AC3.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-18..\Run: [EPSON WorkForce 30 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEEA.EXE /FU "C:\Windows\TEMP\E_S6AC3.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [2ECC558A244583AC107648E9397A0C9B4872CB02._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [bandmon] C:\Program Files (x86)\Rokario\Bandwidth Monitor\bandmon.exe (Rokario Software)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [Directory Opus Desktop Dblclk] C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe (GP Software)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [EPSON WorkForce 30 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEEA.EXE /FU "C:\Users\Jon-Alan\AppData\Local\Temp\E_S402E.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [GizmoDriveDelegate] C:\Program Files (x86)\Gizmo\gizmo.exe (Arainia Solutions)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [MusicManager] C:\Users\Jon-Alan\AppData\Local\Programs\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [WinBar (x64)] C:\Program Files\WinBar\WinBar.exe (The WinBar Team)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1004..\Run: [GizmoDriveDelegate] C:\Program Files (x86)\Gizmo\gizmo.exe (Arainia Solutions)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_Plugin.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1004..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Users\Danielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AX.lnk = C:\Program Files (x86)\AX\AX.exe ()
O4 - Startup: C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\peerblock.exe (PeerBlock, LLC)
O4 - Startup: C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\..Trusted Domains: irmc.cc ([remote] https in Trusted sites)
O15 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} Reg Error: Value error. (F5 Networks VPN Manager)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://remote.irmc.cc/f5-w-687474703a2f2f332e312e31362e313033$$/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} Reg Error: Value error. (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://remote.irmc....llerControl.cab (F5 Networks Auto Update)
O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} Reg Error: Value error. (F5 Virtual Sandbox Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} Reg Error: Value error. (F5 Networks SuperHost Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} Reg Error: Value error. (F5 Networks Host Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58BECAF4-A8B8-49F8-9CFA-7F138B0EF3E5}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
O28 - HKLM ShellExecuteHooks: {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll (GP Software)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/26 21:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmoK Exif Sorter
[2011/12/26 21:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\AmoK Exif Sorter
[2011/12/26 19:41:37 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{8BA1528D-8696-4E7C-810D-BB514D6B9FD8}
[2011/12/25 19:41:36 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{B09B0DD5-86C7-4112-9848-3022F493AE1C}
[2011/12/25 07:42:43 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{5A7B935B-AEAA-41F6-BC6C-1776E857EEA5}
[2011/12/24 19:42:12 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{71F44D2E-944A-4DF3-AB01-C709556EEC44}
[2011/12/24 07:41:38 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{2BE6A451-D387-4C7E-9F80-2F5DEF4E6BB7}
[2011/12/24 07:41:26 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{B9F46636-AAEC-4855-86BD-E05C0ECEA7BB}
[2011/12/23 23:34:05 | 000,000,000 | ---D | C] -- C:\MMBackup
[2011/12/23 23:31:53 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/12/23 23:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/12/23 23:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2011/12/23 19:40:54 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{19B0E09A-C3D2-48B0-9092-262D40231696}
[2011/12/23 07:40:24 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{93A63ED7-276D-43CE-B739-9D1E6912AA32}
[2011/12/23 07:40:13 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{FD150950-3FD0-45DD-B76E-15BDC014F361}
[2011/12/22 19:39:44 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{2CCF7AC3-4AA9-48DD-BA4D-12CE78C83D84}
[2011/12/22 07:39:14 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{AEFC7816-A352-431A-8D68-9D9C573BC988}
[2011/12/21 19:38:43 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{BD3A36AC-51EC-4C4C-923B-78523A431764}
[2011/12/21 07:38:12 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{907DAAC4-CB70-4690-B164-AC4584985E1D}
[2011/12/20 19:37:40 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{2740F04C-1C29-45C7-B2E8-50BA867EB87C}
[2011/12/20 07:37:06 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{F27D4B6E-7CC1-4130-A25D-7A313DF567C5}
[2011/12/19 23:02:24 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Roaming\EPSON
[2011/12/19 21:09:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/12/19 19:36:36 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{06CC94A2-3B82-4961-8FDB-80C39ADABFC5}
[2011/12/19 10:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/19 10:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/19 10:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/19 07:36:04 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{E46CF97A-91ED-450B-95EA-44FE7530690C}
[2011/12/18 07:39:09 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{4C2046E1-995D-463E-96C0-20BA1AAF6033}
[2011/12/17 19:38:40 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{EE4B3B66-0A86-4B5A-AF9F-99A19FC4F995}
[2011/12/17 07:38:11 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{45640C32-E0ED-4077-BFE6-F83F19E23808}
[2011/12/16 19:37:43 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{7FC0BCFE-AC9A-43FD-86D4-8D13EF4E4546}
[2011/12/16 07:37:04 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{96C697BD-2B7C-48C6-BAFF-073FB4F6C239}
[2011/12/15 19:36:34 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{4E94299D-6DFF-4A03-84F5-7D295B59D05A}
[2011/12/15 07:36:03 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{1365690C-BEDC-43FD-A250-1CB7FCEBB36C}
[2011/12/15 07:35:52 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{BB7C7EE9-9DE0-4A8B-9BEC-9EDEAA5FA0DD}
[2011/12/14 19:35:19 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{19107D9E-3D17-4E59-93AC-4A3E17471FB3}
[2011/12/14 19:35:03 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{2EEA9D04-49CC-41A2-98A7-589C3FDD0485}
[2011/12/14 07:34:30 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{9D4E0792-BD11-43FB-B55D-1AA0B0669502}
[2011/12/13 19:33:57 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{4979BE10-DCA3-46CF-AD7A-83B1528D8039}
[2011/12/13 19:33:44 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{00FF8244-4683-4106-977B-462FC1C578C5}
[2011/12/13 19:26:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jon-Alan\Desktop\OTL.exe
[2011/12/13 17:49:05 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\Browser Guard
[2011/12/13 17:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Browser Guard
[2011/12/13 17:47:11 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Browser Guard
[2011/12/13 07:33:12 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{DC826C78-0719-4742-BA66-692841C71E7A}
[2011/12/13 07:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2011/12/13 07:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/12/13 07:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/13 07:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/12/13 07:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2011/12/13 07:02:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2011/12/13 07:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
[2011/12/13 07:01:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/12/12 19:32:44 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{9AEEC357-0274-4639-9DE1-FA69663EDE48}
[2011/12/12 07:32:14 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{961ADD31-26D8-4850-A315-11F1EA33A37C}
[2011/12/11 19:31:46 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{2B8E7C63-4D60-4ED4-85D8-92348D00807E}
[2011/12/11 07:31:16 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{1283A037-2994-43A3-9847-C17FD657A5B1}
[2011/12/10 19:30:46 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{C8D2FF67-8ED4-476D-BAE9-9EEC106E88F8}
[2011/12/10 07:30:15 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{4E5AD096-B308-4784-BA3A-DDEEE6A1C193}
[2011/12/09 19:29:46 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{19E05811-C482-4778-9167-C3667ACCAEC8}
[2011/12/09 07:29:16 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{3ED488E4-AE92-463A-BDF4-4693EAF63374}
[2011/12/08 19:28:45 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{7B6B447D-9C41-4267-B079-8ECCA920EF90}
[2011/12/08 07:28:13 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{4DF17714-41FE-451C-B94B-B1D956343690}
[2011/12/07 19:27:44 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{0194BF60-EDA5-4FA9-A023-14ED6472A8A1}
[2011/12/07 07:27:12 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{2E6B7C46-3410-4ED2-8F06-E8DFE785B7AB}
[2011/12/06 19:26:44 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{90829FF1-9181-46AD-B2DE-C65D8F79493A}
[2011/12/06 07:26:13 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{ADC53BF4-9D0D-4A51-902B-D42A926BE794}
[2011/12/05 19:25:42 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{73FB61B2-DC45-4279-B9D0-C5514B7E6A66}
[2011/12/05 07:25:06 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{11208C7A-2940-445F-99DD-9E28EACE2C35}
[2011/12/04 19:24:35 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{F0ADE86C-E66E-4928-AD29-AA13F4068B13}
[2011/12/04 07:24:00 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{D276401D-A5A2-4F2A-BC86-6BC5885CFA24}
[2011/12/03 19:23:33 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{74FDF655-7712-4523-94A1-5E20B2599CAE}
[2011/12/03 07:23:02 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{F05E0653-13AE-45B8-8822-B5FABA4AA5A0}
[2011/12/02 19:22:31 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{AEA0C108-1501-4F90-88B8-4FF4BFA81531}
[2011/12/02 07:21:23 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{5621A2AE-6353-4F05-B93A-1C230C5E8028}
[2011/12/02 07:20:53 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{9A11AB81-B890-4A6F-BF64-CFF15185AC5C}
[2011/12/01 18:57:56 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{DD43D39E-00D5-4195-B10D-0081F4B00C36}
[2011/12/01 06:57:25 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{91841ACC-6AC8-412E-ABA5-B28FABED6231}
[2011/11/30 18:56:55 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{0977AE4B-105D-4319-BEA1-5091D7BD13D7}
[2011/11/30 06:56:23 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{A2DF5E66-2AB0-470E-9A87-FD6AC661A565}
[2011/11/29 18:55:52 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{537C38FE-E3DC-4088-96D9-24FE12CEEC31}
[2011/11/29 06:55:22 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{2A4DD5A1-2D58-4D97-A15E-7ABF95DFF480}
[2011/11/28 18:54:52 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{AC86262B-B8A0-489B-B584-AF11A8E8B0C8}
[2011/11/28 06:54:22 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{8C08018D-A688-4032-B5E2-C95F50233BDB}
[2011/11/27 18:53:55 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{79D7D56E-D95E-4BB5-BE7F-321BEC809503}
[2011/11/27 06:53:25 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{F9455CFF-0B18-4459-A60D-F64B8A40A7B7}
[2011/05/03 14:12:33 | 012,535,496 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/27 06:03:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1598078781-1720070030-2464047777-1005UA.job
[2011/12/27 06:00:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/12/27 05:56:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/26 20:15:51 | 000,001,893 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
[2011/12/26 20:15:47 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/12/26 20:15:33 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/26 12:26:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/12/26 12:03:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1598078781-1720070030-2464047777-1005Core.job
[2011/12/24 07:19:10 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/24 07:19:10 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/23 23:44:31 | 000,002,084 | ---- | M] () -- C:\Users\Jon-Alan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/23 23:44:02 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/23 23:37:54 | 000,000,632 | RHS- | M] () -- C:\Users\Jon-Alan\ntuser.pol
[2011/12/23 23:37:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/23 23:37:16 | 334,893,055 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/23 22:56:00 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/23 22:56:00 | 000,660,608 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/23 22:56:00 | 000,121,722 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/23 22:54:32 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/12/20 22:16:28 | 000,004,608 | ---- | M] () -- C:\Users\Jon-Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/19 23:34:04 | 000,024,830 | ---- | M] () -- C:\Users\Jon-Alan\Documents\Address Book.ods
[2011/12/15 03:22:58 | 000,297,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/14 18:08:42 | 000,001,846 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2011/12/13 19:26:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jon-Alan\Desktop\OTL.exe
[2011/12/13 07:27:36 | 000,438,933 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/29 20:48:22 | 000,191,435 | ---- | M] () -- C:\Users\Jon-Alan\Documents\HEO930E - Horizon Expert Orders - Basic Order Entry.pdf
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/23 23:44:02 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/23 07:28:16 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/11/29 20:48:22 | 000,191,435 | ---- | C] () -- C:\Users\Jon-Alan\Documents\HEO930E - Horizon Expert Orders - Basic Order Entry.pdf
[2011/11/24 21:31:54 | 000,885,749 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Local\census.cache
[2011/11/24 21:31:20 | 000,177,072 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Local\ars.cache
[2011/11/23 20:39:27 | 000,000,036 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Local\housecall.guid.cache
[2011/11/11 19:38:22 | 000,004,608 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/28 21:35:39 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2011/08/28 14:56:23 | 000,001,846 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/08/23 12:48:20 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/06/08 14:29:13 | 000,002,130 | ---- | C] () -- C:\Windows\CDPlayer.ini
[2011/06/05 22:05:52 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE
[2011/05/14 21:30:56 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011/04/08 23:57:15 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/04/04 23:29:35 | 000,007,605 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Local\Resmon.ResmonCfg
[2011/03/29 10:38:49 | 000,000,578 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Roaming\AutoGK.ini
[2011/03/25 23:23:30 | 000,010,450 | ---- | C] () -- C:\Windows\Q-Dir.ini
[2011/03/25 23:06:42 | 000,002,869 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
[2011/03/25 23:06:34 | 000,002,900 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
[2011/03/25 23:06:27 | 000,003,002 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
[2011/03/25 23:06:20 | 000,002,862 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Length Split] Codec.dat
[2011/03/25 23:06:12 | 000,002,903 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
[2011/03/25 23:06:03 | 000,002,999 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
[2011/03/25 23:05:37 | 000,002,871 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
[2011/03/25 23:05:27 | 000,002,879 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
[2011/03/25 23:05:19 | 000,005,894 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp CD Writer.dat
[2011/03/25 23:05:01 | 000,001,850 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
[2011/03/25 23:05:00 | 000,001,230 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Wave64 Codec.dat
[2011/03/25 23:04:59 | 000,011,479 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
[2011/03/25 23:04:59 | 000,002,234 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
[2011/03/25 23:04:55 | 000,003,014 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp WavPack Codec.dat
[2011/03/25 23:04:55 | 000,001,212 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Dalet Codec.dat
[2011/03/25 23:04:48 | 000,003,071 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2011/03/25 23:04:42 | 000,003,159 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
[2011/03/25 23:04:36 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
[2011/03/25 23:04:30 | 000,002,993 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2011/03/25 23:04:24 | 000,002,849 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
[2011/03/25 23:03:57 | 000,012,502 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/03/25 23:03:55 | 006,908,648 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/03/25 23:03:55 | 000,017,686 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/03/25 00:07:45 | 000,797,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/24 23:23:01 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2011/03/22 16:07:03 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\VegaShEx.dll
[2011/03/22 16:06:59 | 000,308,224 | ---- | C] () -- C:\Windows\SysWow64\Lffpx7.dll
[2011/03/22 16:06:59 | 000,091,136 | ---- | C] () -- C:\Windows\SysWow64\Lfkodak.dll
[2011/03/22 15:48:18 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/03/22 15:48:18 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/03/22 15:48:18 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/03/22 15:48:18 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/03/22 15:48:18 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/03/22 15:48:18 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/03/22 15:48:18 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/03/22 15:48:18 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/03/22 15:48:18 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/03/22 15:48:18 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/03/22 15:48:18 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/03/22 15:48:18 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/03/22 15:48:18 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/03/22 15:48:18 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/03/22 15:48:18 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/03/22 15:48:18 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/03/22 15:47:32 | 000,000,044 | ---- | C] () -- C:\Windows\EPWF30.ini
[2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/02 11:56:57 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2010/11/02 11:56:28 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll
[2010/11/02 11:56:12 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/11/02 11:56:12 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/11/02 11:56:11 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/11/02 11:56:11 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/11/02 11:54:33 | 000,009,922 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/11/02 11:54:31 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2010/11/02 11:54:31 | 000,006,272 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/11/02 11:54:31 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/11/02 11:52:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/01/25 16:10:48 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/01/08 18:01:22 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2003/10/06 03:21:31 | 000,000,000 | -H-- | C] () -- C:\ProgramData\sdpsenv.dat
[2002/10/15 17:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2002/06/11 02:08:00 | 000,023,180 | ---- | C] () -- C:\Windows\SysWow64\evgainit.sys

========== LOP Check ==========

[2011/05/28 08:12:41 | 000,000,000 | ---D | M] -- C:\Users\Addison\AppData\Roaming\LastPass
[2011/05/02 11:37:42 | 000,000,000 | ---D | M] -- C:\Users\Addison\AppData\Roaming\Launchy
[2011/06/28 14:27:04 | 000,000,000 | ---D | M] -- C:\Users\Addison\AppData\Roaming\Orbit
[2011/06/28 10:52:40 | 000,000,000 | ---D | M] -- C:\Users\Addison\AppData\Roaming\ProgSense
[2011/07/12 08:28:34 | 000,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Gizmo
[2011/05/04 09:43:51 | 000,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\LastPass
[2011/04/12 21:57:05 | 000,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Launchy
[2011/06/09 07:12:48 | 000,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\OpenOffice.org
[2011/12/26 20:15:51 | 000,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Orbit
[2011/12/26 20:22:58 | 000,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Outertech
[2011/09/01 10:43:07 | 000,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\PDF Writer
[2011/06/29 03:08:00 | 000,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\ProgSense
[2011/11/23 07:08:20 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Amazon
[2011/04/22 01:15:56 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Ashampoo
[2011/09/20 17:57:42 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Audacity
[2011/03/24 23:15:45 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Auslogics
[2011/06/10 12:42:53 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\BITS
[2011/04/21 23:08:59 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Canneverbe Limited
[2011/09/02 09:22:10 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\cryptlib
[2011/06/16 23:18:14 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\CUE Tools
[2011/03/25 23:49:30 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\cYo
[2011/08/31 23:13:16 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\dBpoweramp
[2011/04/22 00:19:46 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\DeepBurner
[2011/08/29 00:14:21 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\DVDFab
[2011/06/08 10:49:00 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\EAC
[2011/12/19 23:02:24 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\EPSON
[2011/03/27 00:00:14 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\EurekaLog
[2011/03/24 23:22:51 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\FlashGet
[2011/03/24 23:22:48 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\FlashGetBHO
[2011/10/06 15:52:35 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\foobar2000
[2011/03/26 22:46:47 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\FreeFileSync
[2011/06/05 22:02:33 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\GetRightToGo
[2011/07/09 20:57:55 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Gizmo
[2011/03/28 23:31:36 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\GlarySoft
[2011/04/10 23:05:29 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Gmote
[2011/04/05 00:04:36 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\GPSoftware
[2011/06/09 19:30:34 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\GrabPro
[2011/07/07 15:24:39 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\gtk-2.0
[2011/04/02 19:48:05 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\HandBrake
[2011/12/14 18:04:44 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Launchy
[2011/03/22 15:54:00 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Leadertech
[2011/07/08 10:01:43 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\LockHunter
[2011/12/23 23:34:05 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\MediaMonkey
[2011/09/26 09:51:37 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Mp3tag
[2011/08/13 21:11:45 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\MusicBrainz
[2011/03/22 19:16:19 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\NetMeter
[2011/09/02 17:23:18 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\NexusFont
[2011/04/01 13:16:46 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\OpenOffice.org
[2011/12/23 23:39:36 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Orbit
[2011/03/25 23:15:59 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Outertech
[2011/11/02 17:51:58 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Panda Security
[2011/08/18 13:38:24 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\PDF Writer
[2011/06/09 19:30:40 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\ProgSense
[2011/03/26 22:34:39 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Q-Dir
[2011/05/22 22:44:13 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\QMC
[2011/09/28 12:12:32 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\QuickZip
[2011/09/11 21:12:47 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Red Chair Software
[2011/07/22 06:31:13 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Rokario
[2011/07/07 15:24:22 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\uGet
[2011/12/27 06:31:35 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\uTorrent
[2011/06/29 12:01:16 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\webex
[2011/04/22 23:43:17 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\WinBar
[2011/07/07 08:45:36 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\WOW64Menu
[2011/09/11 15:39:24 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Zoner
[2011/12/26 20:15:47 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2009/07/14 00:08:49 | 000,031,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 240 bytes -> C:\ProgramData\sdpsenv.dat:naughtypirates
@Alternate Data Stream - 160 bytes -> C:\Users\Jon-Alan\Documents\Perkins Bill 2011-06-24.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:84098FD3

< End of report >

Thanks for any help you can give me.

EDIT: I'm particularly intrigued by the "naughtypirates" in the above alternate data stream...

EDIT 2: Fixed a misspelling and added MBAM to list of tools used.

Edited by Oyml, 27 December 2011 - 07:39 PM.

#2
Oyml

Posted 30 December 2011 - 04:44 PM

Member

Topic Starter
Member
35 posts

I will be out of town until Monday night (Eastern Standard Time). I don't know if anyone is going to help me with this one or not, but if so, I'll follow up on any post then.

Thanks, and Happy New Year!

#3
Oyml

Posted 04 January 2012 - 06:35 PM

Member

Topic Starter
Member
35 posts

So I've been back a couple of days and still no reply. I realize this is a difficult time with all the recent holidays, so I'll continue to be patient...

#4
Render

Posted 05 January 2012 - 05:03 PM

Trusted Helper

Malware Removal
4,195 posts

Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
Please reply within 3 days to be fair to other people asking for help.
Please tell me if you have your original Windows CD/DVD available
When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Please do the following:

Please download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it.
When asked if you want to download Avast's virus definitions please select Yes.
Click the Scan button to start scan.
On completion of the scan click Save log, save it to your desktop and post in your next reply.
Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

How to add an attachment to a new topic or reply

#5
Oyml

Posted 05 January 2012 - 08:44 PM

Member

Topic Starter
Member
35 posts

Thank you very much for taking the time to help me out. Just a quick note to let you know that I have not seen any spam being sent from my or my wife's emails since December 26th, but I'd prefer to have you see if there is still anything lurking before I assume everything is gone.

In answer to your question, I do not have an original Windows disc set available, only a recovery partition on the main hard drive.

Here is the log from aswMBR.exe:

aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software
Run date: 2012-01-05 20:25:32
-----------------------------
20:25:32.077 OS Version: Windows x64 6.1.7601 Service Pack 1
20:25:32.077 Number of processors: 4 586 0x403
20:25:32.078 ComputerName: OYML UserName:
20:27:17.207 Initialize success
20:48:27.704 AVAST engine defs: 12010501
20:48:40.538 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:48:40.541 Disk 0 Vendor: ST31000528AS CC44 Size: 953869MB BusType: 3
20:48:40.556 Disk 0 MBR read successfully
20:48:40.559 Disk 0 MBR scan
20:48:40.565 Disk 0 unknown MBR code
20:48:40.570 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 14524 MB offset 2048
20:48:40.584 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 939343 MB offset 29747200
20:48:40.590 Service scanning
20:48:41.979 Modules scanning
20:48:41.983 Disk 0 trace - called modules:
20:48:42.003 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:48:42.008 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f64790]
20:48:42.012 3 CLASSPNP.SYS[fffff8800197a43f] -> nt!IofCallDriver -> [0xfffffa8005e169b0]
20:48:42.020 5 ACPI.sys[fffff88000ed87a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005ece060]
20:48:44.124 AVAST engine scan C:\Windows
20:48:46.205 AVAST engine scan C:\Windows\system32
20:50:20.098 AVAST engine scan C:\Windows\system32\drivers
20:50:32.919 AVAST engine scan C:\Users\Jon-Alan
21:32:33.293 AVAST engine scan C:\ProgramData
21:33:57.192 Scan finished successfully
21:38:10.529 Disk 0 MBR has been saved successfully to "C:\Users\Jon-Alan\Desktop\MBR.dat"
21:38:10.538 The log file has been saved successfully to "C:\Users\Jon-Alan\Desktop\aswMBR.txt"

Also, I have attached the MBR.dat file as requested.

MBR.zip 590bytes 95 downloads

#6
Render

Posted 06 January 2012 - 08:54 AM

Trusted Helper

Malware Removal
4,195 posts

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Please double click on on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")

Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

:OTL
@Alternate Data Stream - 240 bytes -> C:\ProgramData\sdpsenv.dat:naughtypirates
@Alternate Data Stream - 160 bytes -> C:\Users\Jon-Alan\Documents\Perkins Bill 2011-06-24.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:84098FD3
  	
:Files
ipconfig /flushdns /c

:Reg

:Commands
[purity]
[emptytemp]
[EMPTYJAVA]
[emptyflash]
[createrestorepoint]
[reboot]

Make sure all other windows are closed and to let it run uninterrupted.
Click on button.
OTL may ask to reboot the machine. Please do so if asked.
Click on button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#7
Oyml

Posted 06 January 2012 - 06:36 PM

Member

Topic Starter
Member
35 posts

Report from Fix:

All processes killed
========== OTL ==========
ADS C:\ProgramData\sdpsenv.dat:naughtypirates deleted successfully.
ADS C:\Users\Jon-Alan\Documents\Perkins Bill 2011-06-24.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\ProgramData\TEMP:84098FD3 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jon-Alan\Desktop\cmd.bat deleted successfully.
C:\Users\Jon-Alan\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Addison
->Temp folder emptied: 219087 bytes
->Temporary Internet Files folder emptied: 49554 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Danielle
->Temp folder emptied: 6000704 bytes
->Temporary Internet Files folder emptied: 9247033 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 182593753 bytes
->Flash cache emptied: 1193 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jon-Alan
->Temp folder emptied: 54684225 bytes
->Temporary Internet Files folder emptied: 1638302887 bytes
->Java cache emptied: 530956 bytes
->FireFox cache emptied: 155561238 bytes
->Google Chrome cache emptied: 6293074 bytes
->Flash cache emptied: 58034 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 4 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8660317 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 1293705 bytes

Total Files Cleaned = 1,968.00 mb

[EMPTYJAVA]

User: Addison
->Java cache emptied: 0 bytes

User: Admin

User: All Users

User: Danielle
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Jon-Alan
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Addison
->Flash cache emptied: 0 bytes

User: Admin

User: All Users

User: Danielle
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jon-Alan
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 01062012_191826

Files\Folders moved on Reboot...
C:\Users\Jon-Alan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Report from Quick Scan:

OTL logfile created on: 1/6/2012 7:29:09 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jon-Alan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 3.36 Gb Available Physical Memory | 58.48% Memory free
11.50 Gb Paging File | 9.01 Gb Available in Paging File | 78.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.33 Gb Total Space | 134.12 Gb Free Space | 14.62% Space Free | Partition Type: NTFS
Drive J: | 465.74 Gb Total Space | 465.74 Gb Free Space | 100.00% Space Free | Partition Type: exFAT
Drive Y: | 465.65 Gb Total Space | 93.62 Gb Free Space | 20.11% Space Free | Partition Type: FAT32

Computer Name: OYML | User Name: Jon-Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011/12/23 07:19:31 | 000,735,608 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/12/13 19:26:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jon-Alan\Desktop\OTL.exe
PRC - [2011/10/21 09:51:20 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/09/05 12:04:58 | 000,035,736 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
PRC - [2011/08/24 15:32:42 | 000,074,240 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2011/07/29 14:31:40 | 001,249,064 | ---- | M] () -- C:\ProgramData\TVersity\Media Server\MediaServer.exe
PRC - [2011/07/09 09:49:31 | 000,034,728 | ---- | M] (Arainia Solutions) -- C:\Program Files (x86)\Gizmo\gservice.exe
PRC - [2011/07/09 09:49:30 | 000,223,640 | ---- | M] (Arainia Solutions) -- C:\Program Files (x86)\Gizmo\gizmo.exe
PRC - [2011/06/29 08:29:44 | 000,217,256 | ---- | M] (Panda Security) -- C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
PRC - [2011/06/28 09:03:22 | 001,843,000 | ---- | M] (Orbitdownloader.com) -- C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
PRC - [2011/06/27 09:05:26 | 000,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Program Files (x86)\Orbitdownloader\orbitnet.exe
PRC - [2011/06/25 11:30:46 | 000,884,696 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/02 09:54:16 | 000,802,758 | ---- | M] () -- C:\Program Files (x86)\AX\AX.exe
PRC - [2011/04/28 13:01:20 | 000,439,616 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2011/04/28 12:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011/04/19 01:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2011/02/25 20:21:50 | 000,665,104 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\Browser Guard\tmiegsrv.exe
PRC - [2011/02/25 20:20:58 | 000,787,984 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\Browser Guard\BGUI.exe
PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011/01/06 17:46:06 | 000,440,103 | ---- | M] () -- C:\Program Files (x86)\QuickMonth Calendar\qmc.exe
PRC - [2010/12/17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
PRC - [2010/12/17 09:33:06 | 001,103,184 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
PRC - [2010/11/10 18:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe
PRC - [2010/07/28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/07/28 16:33:58 | 006,995,864 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010/07/28 16:33:58 | 001,485,208 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2010/07/04 14:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
PRC - [2009/12/28 19:49:36 | 000,121,472 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
PRC - [2009/12/23 15:59:42 | 000,232,064 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
PRC - [2009/12/23 15:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\AsHookDevice.exe
PRC - [2009/06/04 17:10:56 | 005,777,408 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2009/03/12 20:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/19 12:17:24 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2008/06/01 16:05:02 | 001,529,856 | ---- | M] (Rokario Software) -- C:\Program Files (x86)\Rokario\Bandwidth Monitor\bandmon.exe
PRC - [2007/01/01 16:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe
PRC - [2005/10/12 11:22:40 | 000,184,320 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Music Anywhere\LMASysTray.exe

========== Modules (No Company Name) ==========

MOD - [2011/07/09 09:49:31 | 000,404,384 | ---- | M] () -- C:\Program Files (x86)\Gizmo\gdatabase.dll
MOD - [2011/07/09 09:49:31 | 000,394,656 | ---- | M] () -- C:\Program Files (x86)\Gizmo\gdrive.dll
MOD - [2011/07/09 09:49:31 | 000,372,632 | ---- | M] () -- C:\Program Files (x86)\Gizmo\ghash.dll
MOD - [2011/07/09 09:49:31 | 000,339,864 | ---- | M] () -- C:\Program Files (x86)\Gizmo\gscript.dll
MOD - [2011/07/09 09:49:31 | 000,339,864 | ---- | M] () -- C:\Program Files (x86)\Gizmo\geditor.dll
MOD - [2011/07/09 09:49:30 | 000,315,800 | ---- | M] () -- C:\Program Files (x86)\Gizmo\gmanager.dll
MOD - [2011/07/09 09:49:30 | 000,166,816 | ---- | M] () -- C:\Program Files (x86)\Gizmo\gimage.dll
MOD - [2011/06/28 09:01:38 | 000,397,312 | ---- | M] () -- C:\Program Files (x86)\Orbitdownloader\wtlctrl.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/02 09:54:16 | 000,802,758 | ---- | M] () -- C:\Program Files (x86)\AX\AX.exe
MOD - [2011/04/01 12:55:36 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/01/06 17:46:06 | 000,440,103 | ---- | M] () -- C:\Program Files (x86)\QuickMonth Calendar\qmc.exe
MOD - [2010/11/10 18:39:08 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\controly.dll
MOD - [2010/11/10 18:39:00 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\calcy.dll
MOD - [2010/11/10 18:38:52 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\gcalc.dll
MOD - [2010/11/10 18:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe
MOD - [2010/11/10 18:38:40 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\runner.dll
MOD - [2010/11/10 18:38:24 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\weby.dll
MOD - [2010/11/10 18:38:08 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\verby.dll
MOD - [2010/07/28 16:34:04 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2010/07/28 16:02:58 | 000,658,432 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010/07/04 16:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 14:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
MOD - [2010/06/23 17:12:28 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/06/23 17:11:52 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/06/23 17:11:48 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/06/23 17:11:48 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/06/23 16:38:18 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2009/12/16 23:18:48 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Launchy\imageformats\qmng4.dll
MOD - [2009/12/16 21:13:02 | 008,314,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtGui4.dll
MOD - [2009/12/16 20:56:22 | 000,712,704 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtNetwork4.dll
MOD - [2009/12/16 20:54:46 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtCore4.dll
MOD - [2009/09/29 22:33:07 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009/06/04 17:10:56 | 005,777,408 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
MOD - [2009/03/12 20:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
MOD - [2009/01/15 16:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
MOD - [2005/10/24 18:02:46 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\AsMultiLang.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/12/19 13:58:59 | 002,779,416 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2011/11/23 08:17:26 | 000,094,992 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/04/20 01:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/17 17:25:42 | 000,181,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV:64bit: - [2010/02/09 14:55:52 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/02/11 11:33:30 | 000,560,344 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\Topos\cFosSpeed\spd.exe -- (cFosSpeedS)
SRV - [2011/12/23 23:32:17 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/24 15:32:42 | 000,074,240 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (FreemakeUtilsService)
SRV - [2011/07/29 14:31:40 | 001,249,064 | ---- | M] () [Auto | Running] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2011/07/09 09:49:31 | 000,034,728 | ---- | M] (Arainia Solutions) [Auto | Running] -- C:\Program Files (x86)\Gizmo\gservice.exe -- (Gizmo Central)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/28 12:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/12/17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe -- (RUBotSrv)
SRV - [2010/07/28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 15:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/12/16 15:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/10 15:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/23 08:17:24 | 000,158,336 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2011/08/01 06:23:26 | 000,160,520 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINAflt.sys -- (PSINAflt)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/09 09:49:32 | 000,034,704 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gizmodrv.sys -- (GizmoDrv)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/28 12:57:43 | 000,128,072 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProt.sys -- (PSINProt)
DRV:64bit: - [2011/04/28 12:57:43 | 000,121,928 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProc.sys -- (PSINProc)
DRV:64bit: - [2011/04/28 12:57:42 | 000,149,576 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PSINKNC.sys -- (PSINKNC)
DRV:64bit: - [2011/04/28 12:57:42 | 000,114,760 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINFile.sys -- (PSINFile)
DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 00:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/21 12:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/15 06:02:14 | 000,041,424 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\covpnv64.sys -- (urvpndrv)
DRV:64bit: - [2010/12/15 06:02:08 | 000,018,512 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urfltv64.sys -- (f5ipfw)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/06 21:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/10/28 09:11:12 | 000,170,080 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV:64bit: - [2010/09/23 02:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/07/28 23:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/03/02 06:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010/01/27 20:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/11/10 03:11:32 | 000,234,040 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/10/20 13:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/07/15 22:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/22 15:50:00 | 000,291,352 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/04 20:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/02/11 11:33:32 | 001,090,264 | ---- | M] (cFos Software GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfosspeed.sys -- (cFosSpeed)
DRV:64bit: - [2007/10/24 02:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2011/08/26 14:11:26 | 000,035,256 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys -- (IObitUnlocker)
DRV - [2011/03/22 16:04:28 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\AFS.SYS -- (AFS)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...ys=DTP&M=GT4016
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.73.0
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfnâ€¦â€"

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\Firefox [2011/06/28 14:21:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/06/30 02:01:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011/08/28 15:22:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/23 23:43:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/03/22 14:18:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Extensions
[2012/01/05 21:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions
[2012/01/03 20:42:34 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011/12/02 07:04:39 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/11/12 09:51:31 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/08/16 18:13:59 | 000,000,000 | ---D | M] (BYTubeD - Bulk YouTube video Downloader) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions\[email protected]
[2011/11/06 08:21:01 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions\[email protected]
[2011/06/23 12:00:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\ynz33ibf.default\extensions
[2011/03/22 14:23:09 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\ynz33ibf.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011/05/03 14:12:34 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\ynz33ibf.default\extensions\[email protected]
[2011/05/01 11:05:47 | 000,004,855 | ---- | M] () -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\searchplugins\google-images.xml
[2011/05/03 14:18:13 | 000,000,705 | ---- | M] () -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\searchplugins\webster.xml
[2011/12/23 23:43:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\JON-ALAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F6RN11J2.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\JON-ALAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F6RN11J2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JON-ALAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F6RN11J2.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\JON-ALAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F6RN11J2.DEFAULT\EXTENSIONS\[email protected]
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Freemake np-plugin for google chrome (Enabled) = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
CHR - plugin: Orbit Downloader (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\nporbit.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Jon-Alan\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.7_1\
CHR - Extension: Chrome YouTube Downloader = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.6.1_1\
CHR - Extension: Adblock Plus for Google Chrome\u2122 (Beta) = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\
CHR - Extension: LastPass = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.80.2_0\
CHR - Extension: Freemake Video Converter = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: Poppit = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: FastestTube = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\phahnhbgfdhgobenebnjbgmacgpbfaag\2.0.0_0\

O1 HOSTS File: ([2011/12/13 07:27:36 | 000,438,933 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15094 more lines...
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (TMIEGBHO Class) - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files (x86)\Trend Micro\Browser Guard\X64\TMAMS64.dll (Trend Micro Inc.)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (TMIEGBHO Class) - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files (x86)\Trend Micro\Browser Guard\TMAMS.dll (Trend Micro Inc.)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3:64bit: - HKLM\..\Toolbar: (TMBGBAR TOOLBAR) - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files (x86)\Trend Micro\Browser Guard\X64\tmieg64.dll (Trend Micro Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (TMBGBAR TOOLBAR) - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files (x86)\Trend Micro\Browser Guard\tmieg.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
O4 - HKLM..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Trend Micro Browser Guard] C:\Program Files (x86)\Trend Micro\Browser Guard\BGUI.EXE (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [2ECC558A244583AC107648E9397A0C9B4872CB02._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [bandmon] C:\Program Files (x86)\Rokario\Bandwidth Monitor\bandmon.exe (Rokario Software)
O4 - HKCU..\Run: [Directory Opus Desktop Dblclk] C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe (GP Software)
O4 - HKCU..\Run: [EPSON WorkForce 30 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEEA.EXE /FU "C:\Users\Jon-Alan\AppData\Local\Temp\E_S402E.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [GizmoDriveDelegate] C:\Program Files (x86)\Gizmo\gizmo.exe (Arainia Solutions)
O4 - HKCU..\Run: [MusicManager] C:\Users\Jon-Alan\AppData\Local\Programs\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WinBar (x64)] C:\Program Files\WinBar\WinBar.exe (The WinBar Team)
O4 - Startup: C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AX.lnk = C:\Program Files (x86)\AX\AX.exe ()
O4 - Startup: C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\peerblock.exe (PeerBlock, LLC)
O4 - Startup: C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: irmc.cc ([remote] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} Reg Error: Value error. (F5 Networks VPN Manager)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://remote.irmc.cc/f5-w-687474703a2f2f332e312e31362e313033$$/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} Reg Error: Value error. (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://remote.irmc....llerControl.cab (F5 Networks Auto Update)
O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} Reg Error: Value error. (F5 Virtual Sandbox Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} Reg Error: Value error. (F5 Networks SuperHost Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} Reg Error: Value error. (F5 Networks Host Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58BECAF4-A8B8-49F8-9CFA-7F138B0EF3E5}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
O28 - HKLM ShellExecuteHooks: {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll (GP Software)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/06 19:18:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/06 19:17:28 | 000,000,000 | ---D | C] -- C:\MMBackup
[2012/01/06 09:37:39 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{1EAC0E8A-3D98-441D-9B20-959D92DC0903}
[2012/01/05 21:37:09 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{96076DF4-CA0A-4620-A032-B2AB3E6462F0}
[2012/01/05 21:36:57 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{280BF42F-E079-4732-87CE-50A4AB80F753}
[2012/01/05 19:40:45 | 004,704,768 | ---- | C] (AVAST Software) -- C:\Users\Jon-Alan\Desktop\aswMBR.exe
[2012/01/05 09:36:25 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{DFE6747E-3E5F-434F-B1A0-F3FF27B56B70}
[2012/01/04 21:35:54 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{42DC6755-1821-44B1-99AE-505A2F036941}
[2012/01/04 20:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/01/04 09:35:25 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{7C248CA4-8F74-43E6-9276-6E6177A39170}
[2012/01/03 21:34:54 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{53FD36F5-A27A-46C3-9DF7-E4DFFADC6188}
[2012/01/03 09:34:25 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{6975630B-2AEA-4B89-8BAE-2E0FF4A4722D}
[2012/01/03 09:34:13 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{2CBFB4A9-2A0C-4777-AB5E-0AE050F0B00A}
[2012/01/02 21:33:45 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{F232EE87-9045-4572-A1F8-03F51652AB78}
[2012/01/02 09:33:18 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{D6FD3896-89CB-4640-93D3-5E0CCBF3BAB9}
[2012/01/01 21:32:51 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{27672EEA-2907-4B8D-9A85-64137D8208D7}
[2012/01/01 09:32:23 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{389E88EB-B3B6-4864-B91E-17FBDC4A20BE}
[2011/12/31 21:31:56 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{05F6A017-9328-43F2-871B-A87097DB72B1}
[2011/12/31 09:31:29 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{1ED64A3B-FC3B-40E4-A6BE-F37F7BE827B7}
[2011/12/30 21:31:01 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{4F159F96-0C88-4848-A627-98AE77C97559}
[2011/12/30 09:30:30 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{393B909C-6F83-436E-8694-2A442CCEBDFE}
[2011/12/29 21:30:01 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{FABA5AF3-AC93-4A50-9937-BDF0BAFB66A9}
[2011/12/29 09:29:23 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{0E78773F-24F5-498C-9846-EB4E75D79464}
[2011/12/29 09:29:11 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{3294D7D6-6833-4AC9-8242-BBC1373FF4D1}
[2011/12/28 21:28:39 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{A2D32E0A-DDE1-4FEC-8299-00CAA5494E37}
[2011/12/28 21:28:26 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{2A25A222-4EE5-4A33-AEDD-A178D9E53BE1}
[2011/12/28 07:43:06 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{6D6E1CFA-424F-46C3-8223-29F735D651EA}
[2011/12/27 21:10:19 | 000,000,000 | ---D | C] -- C:\Windows\MSAgent64
[2011/12/27 21:08:05 | 000,000,000 | ---D | C] -- C:\What the...
[2011/12/27 20:52:38 | 000,000,000 | ---D | C] -- C:\Windows\msagent
[2011/12/27 20:51:59 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Karen's Power Tools
[2011/12/27 20:51:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerToy
[2011/12/27 20:45:05 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\Karen's Power Tools
[2011/12/27 20:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Karen's Power Tools
[2011/12/27 20:45:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Karen's Power Tools
[2011/12/27 20:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Karen's Power Tools
[2011/12/27 19:42:37 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{10E95953-DA6D-4E7B-9849-B3D9431A1A92}
[2011/12/27 07:42:07 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{49DE9BC4-93DF-463A-A37A-85A1D5D3F021}
[2011/12/26 21:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmoK Exif Sorter
[2011/12/26 21:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\AmoK Exif Sorter
[2011/12/26 19:41:37 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{8BA1528D-8696-4E7C-810D-BB514D6B9FD8}
[2011/12/25 19:41:36 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{B09B0DD5-86C7-4112-9848-3022F493AE1C}
[2011/12/25 07:42:43 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{5A7B935B-AEAA-41F6-BC6C-1776E857EEA5}
[2011/12/24 19:42:12 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{71F44D2E-944A-4DF3-AB01-C709556EEC44}
[2011/12/24 07:41:38 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{2BE6A451-D387-4C7E-9F80-2F5DEF4E6BB7}
[2011/12/24 07:41:26 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{B9F46636-AAEC-4855-86BD-E05C0ECEA7BB}
[2011/12/23 23:31:53 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/12/23 23:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/12/23 23:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2011/12/23 19:40:54 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{19B0E09A-C3D2-48B0-9092-262D40231696}
[2011/12/23 07:40:24 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{93A63ED7-276D-43CE-B739-9D1E6912AA32}
[2011/12/23 07:40:13 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{FD150950-3FD0-45DD-B76E-15BDC014F361}
[2011/12/22 19:39:44 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{2CCF7AC3-4AA9-48DD-BA4D-12CE78C83D84}
[2011/12/22 07:39:14 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{AEFC7816-A352-431A-8D68-9D9C573BC988}
[2011/12/21 19:38:43 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{BD3A36AC-51EC-4C4C-923B-78523A431764}
[2011/12/21 07:38:12 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{907DAAC4-CB70-4690-B164-AC4584985E1D}
[2011/12/20 19:37:40 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{2740F04C-1C29-45C7-B2E8-50BA867EB87C}
[2011/12/20 07:37:06 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{F27D4B6E-7CC1-4130-A25D-7A313DF567C5}
[2011/12/19 23:02:24 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Roaming\EPSON
[2011/12/19 21:09:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/12/19 19:36:36 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{06CC94A2-3B82-4961-8FDB-80C39ADABFC5}
[2011/12/19 10:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/19 10:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/19 10:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/19 07:36:04 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{E46CF97A-91ED-450B-95EA-44FE7530690C}
[2011/12/18 07:39:09 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{4C2046E1-995D-463E-96C0-20BA1AAF6033}
[2011/12/17 19:38:40 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{EE4B3B66-0A86-4B5A-AF9F-99A19FC4F995}
[2011/12/17 07:38:11 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{45640C32-E0ED-4077-BFE6-F83F19E23808}
[2011/12/16 19:37:43 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{7FC0BCFE-AC9A-43FD-86D4-8D13EF4E4546}
[2011/12/16 07:37:04 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{96C697BD-2B7C-48C6-BAFF-073FB4F6C239}
[2011/12/15 19:36:34 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{4E94299D-6DFF-4A03-84F5-7D295B59D05A}
[2011/12/15 07:36:03 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{1365690C-BEDC-43FD-A250-1CB7FCEBB36C}
[2011/12/15 07:35:52 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{BB7C7EE9-9DE0-4A8B-9BEC-9EDEAA5FA0DD}
[2011/12/14 19:35:19 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{19107D9E-3D17-4E59-93AC-4A3E17471FB3}
[2011/12/14 19:35:03 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{2EEA9D04-49CC-41A2-98A7-589C3FDD0485}
[2011/12/14 07:34:30 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{9D4E0792-BD11-43FB-B55D-1AA0B0669502}
[2011/12/13 19:33:57 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{4979BE10-DCA3-46CF-AD7A-83B1528D8039}
[2011/12/13 19:33:44 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{00FF8244-4683-4106-977B-462FC1C578C5}
[2011/12/13 19:26:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jon-Alan\Desktop\OTL.exe
[2011/12/13 17:49:05 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\Browser Guard
[2011/12/13 17:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Browser Guard
[2011/12/13 17:47:11 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Browser Guard
[2011/12/13 07:33:12 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{DC826C78-0719-4742-BA66-692841C71E7A}
[2011/12/13 07:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2011/12/13 07:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/12/13 07:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/13 07:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/12/13 07:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2011/12/13 07:02:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2011/12/13 07:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
[2011/12/13 07:01:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/12/12 19:32:44 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{9AEEC357-0274-4639-9DE1-FA69663EDE48}
[2011/12/12 07:32:14 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{961ADD31-26D8-4850-A315-11F1EA33A37C}
[2011/12/11 19:31:46 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{2B8E7C63-4D60-4ED4-85D8-92348D00807E}
[2011/12/11 07:31:16 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{1283A037-2994-43A3-9847-C17FD657A5B1}
[2011/12/10 19:30:46 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{C8D2FF67-8ED4-476D-BAE9-9EEC106E88F8}
[2011/12/10 07:30:15 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{4E5AD096-B308-4784-BA3A-DDEEE6A1C193}
[2011/12/09 19:29:46 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{19E05811-C482-4778-9167-C3667ACCAEC8}
[2011/12/09 07:29:16 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{3ED488E4-AE92-463A-BDF4-4693EAF63374}
[2011/12/08 19:28:45 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{7B6B447D-9C41-4267-B079-8ECCA920EF90}
[2011/12/08 07:28:13 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{4DF17714-41FE-451C-B94B-B1D956343690}
[2011/05/03 14:12:33 | 012,535,496 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe

========== Files - Modified Within 30 Days ==========

[2012/01/06 19:30:11 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/06 19:30:11 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/06 19:28:36 | 000,001,893 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
[2012/01/06 19:27:15 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/01/06 19:27:14 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/06 19:27:14 | 000,000,632 | RHS- | M] () -- C:\Users\Jon-Alan\ntuser.pol
[2012/01/06 19:22:51 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/01/06 19:22:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/06 19:22:27 | 334,893,055 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/06 19:03:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1598078781-1720070030-2464047777-1005UA.job
[2012/01/06 18:56:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/06 12:25:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/01/06 12:03:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1598078781-1720070030-2464047777-1005Core.job
[2012/01/05 22:30:50 | 000,000,352 | ---- | M] () -- C:\Users\Jon-Alan\AppData\Roaming\Network Meter_Settings.ini
[2012/01/05 22:30:36 | 000,000,412 | ---- | M] () -- C:\Users\Jon-Alan\AppData\Roaming\All CPU Meter_Settings.ini
[2012/01/05 21:43:34 | 000,000,590 | ---- | M] () -- C:\Users\Jon-Alan\Desktop\MBR.zip
[2012/01/05 21:38:10 | 000,000,512 | ---- | M] () -- C:\Users\Jon-Alan\Desktop\MBR.dat
[2012/01/05 19:52:52 | 004,704,768 | ---- | M] (AVAST Software) -- C:\Users\Jon-Alan\Desktop\aswMBR.exe
[2012/01/04 20:31:12 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/04 20:31:12 | 000,660,608 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/04 20:31:12 | 000,121,722 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/28 06:37:50 | 000,000,240 | ---- | M] () -- C:\ProgramData\naughtypirates.exe
[2011/12/27 20:47:05 | 000,005,478 | ---- | M] () -- C:\Users\Jon-Alan\Documents\Directory Printer.pdf
[2011/12/23 23:44:31 | 000,002,084 | ---- | M] () -- C:\Users\Jon-Alan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/23 23:44:02 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/23 22:54:32 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/12/20 22:16:28 | 000,004,608 | ---- | M] () -- C:\Users\Jon-Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/19 23:34:04 | 000,024,830 | ---- | M] () -- C:\Users\Jon-Alan\Documents\Address Book.ods
[2011/12/19 13:59:15 | 000,022,696 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2011/12/19 13:58:57 | 000,041,200 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2011/12/19 13:58:55 | 000,301,224 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2011/12/19 13:58:54 | 000,389,840 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2011/12/15 03:22:58 | 000,297,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/14 18:08:42 | 000,001,846 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2011/12/13 19:26:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jon-Alan\Desktop\OTL.exe
[2011/12/13 07:27:36 | 000,438,933 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

========== Files Created - No Company Name ==========

[2012/01/05 22:30:50 | 000,000,352 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Roaming\Network Meter_Settings.ini
[2012/01/05 22:30:36 | 000,000,412 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Roaming\All CPU Meter_Settings.ini
[2012/01/05 21:43:34 | 000,000,590 | ---- | C] () -- C:\Users\Jon-Alan\Desktop\MBR.zip
[2012/01/05 21:38:10 | 000,000,512 | ---- | C] () -- C:\Users\Jon-Alan\Desktop\MBR.dat
[2011/12/28 06:37:50 | 000,000,240 | ---- | C] () -- C:\ProgramData\naughtypirates.exe
[2011/12/27 20:46:13 | 000,005,478 | ---- | C] () -- C:\Users\Jon-Alan\Documents\Directory Printer.pdf
[2011/12/23 23:44:02 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/23 07:28:16 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/11/24 21:31:54 | 000,885,749 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Local\census.cache
[2011/11/24 21:31:20 | 000,177,072 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Local\ars.cache
[2011/11/23 20:39:27 | 000,000,036 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Local\housecall.guid.cache
[2011/11/11 19:38:22 | 000,004,608 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/28 21:35:39 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2011/08/28 14:56:23 | 000,001,846 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/08/23 12:48:20 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/06/08 14:29:13 | 000,002,130 | ---- | C] () -- C:\Windows\CDPlayer.ini
[2011/06/05 22:05:52 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE
[2011/05/14 21:30:56 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011/04/08 23:57:15 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/04/04 23:29:35 | 000,007,605 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Local\Resmon.ResmonCfg
[2011/03/29 10:38:49 | 000,000,578 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Roaming\AutoGK.ini
[2011/03/25 23:23:30 | 000,010,450 | ---- | C] () -- C:\Windows\Q-Dir.ini
[2011/03/25 23:06:42 | 000,002,869 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
[2011/03/25 23:06:34 | 000,002,900 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
[2011/03/25 23:06:27 | 000,003,002 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
[2011/03/25 23:06:20 | 000,002,862 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Length Split] Codec.dat
[2011/03/25 23:06:12 | 000,002,903 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
[2011/03/25 23:06:03 | 000,002,999 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
[2011/03/25 23:05:37 | 000,002,871 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
[2011/03/25 23:05:27 | 000,002,879 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
[2011/03/25 23:05:19 | 000,005,894 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp CD Writer.dat
[2011/03/25 23:05:01 | 000,001,850 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
[2011/03/25 23:05:00 | 000,001,230 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Wave64 Codec.dat
[2011/03/25 23:04:59 | 000,011,479 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
[2011/03/25 23:04:59 | 000,002,234 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
[2011/03/25 23:04:55 | 000,003,014 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp WavPack Codec.dat
[2011/03/25 23:04:55 | 000,001,212 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Dalet Codec.dat
[2011/03/25 23:04:48 | 000,003,071 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2011/03/25 23:04:42 | 000,003,159 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
[2011/03/25 23:04:36 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
[2011/03/25 23:04:30 | 000,002,993 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2011/03/25 23:04:24 | 000,002,849 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
[2011/03/25 23:03:57 | 000,012,502 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/03/25 23:03:55 | 006,908,648 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/03/25 23:03:55 | 000,017,686 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/03/25 00:07:45 | 000,797,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/24 23:23:01 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2011/03/22 16:07:03 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\VegaShEx.dll
[2011/03/22 16:06:59 | 000,308,224 | ---- | C] () -- C:\Windows\SysWow64\Lffpx7.dll
[2011/03/22 16:06:59 | 000,091,136 | ---- | C] () -- C:\Windows\SysWow64\Lfkodak.dll
[2011/03/22 15:48:18 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/03/22 15:48:18 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/03/22 15:48:18 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/03/22 15:48:18 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/03/22 15:48:18 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/03/22 15:48:18 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/03/22 15:48:18 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/03/22 15:48:18 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/03/22 15:48:18 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/03/22 15:48:18 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/03/22 15:48:18 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/03/22 15:48:18 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/03/22 15:48:18 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/03/22 15:48:18 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/03/22 15:48:18 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/03/22 15:48:18 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/03/22 15:47:32 | 000,000,044 | ---- | C] () -- C:\Windows\EPWF30.ini
[2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/02 11:56:57 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2010/11/02 11:56:28 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll
[2010/11/02 11:56:12 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/11/02 11:56:12 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/11/02 11:56:11 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/11/02 11:56:11 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/11/02 11:54:33 | 000,009,922 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/11/02 11:54:31 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2010/11/02 11:54:31 | 000,006,272 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/11/02 11:54:31 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/11/02 11:52:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/01/25 16:10:48 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/01/08 18:01:22 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2003/10/06 03:21:31 | 000,000,000 | -H-- | C] () -- C:\ProgramData\sdpsenv.dat
[2002/10/15 17:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2002/06/11 02:08:00 | 000,023,180 | ---- | C] () -- C:\Windows\SysWow64\evgainit.sys

========== LOP Check ==========

[2011/11/23 07:08:20 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Amazon
[2011/04/22 01:15:56 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Ashampoo
[2011/09/20 17:57:42 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Audacity
[2011/03/24 23:15:45 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Auslogics
[2011/06/10 12:42:53 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\BITS
[2011/04/21 23:08:59 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Canneverbe Limited
[2011/09/02 09:22:10 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\cryptlib
[2011/06/16 23:18:14 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\CUE Tools
[2011/03/25 23:49:30 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\cYo
[2011/08/31 23:13:16 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\dBpoweramp
[2011/04/22 00:19:46 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\DeepBurner
[2011/08/29 00:14:21 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\DVDFab
[2011/06/08 10:49:00 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\EAC
[2011/12/19 23:02:24 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\EPSON
[2011/03/27 00:00:14 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\EurekaLog
[2011/03/24 23:22:51 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\FlashGet
[2011/03/24 23:22:48 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\FlashGetBHO
[2011/10/06 15:52:35 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\foobar2000
[2011/03/26 22:46:47 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\FreeFileSync
[2011/06/05 22:02:33 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\GetRightToGo
[2011/07/09 20:57:55 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Gizmo
[2011/03/28 23:31:36 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\GlarySoft
[2011/04/10 23:05:29 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Gmote
[2011/04/05 00:04:36 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\GPSoftware
[2011/06/09 19:30:34 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\GrabPro
[2011/07/07 15:24:39 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\gtk-2.0
[2011/04/02 19:48:05 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\HandBrake
[2011/12/14 18:04:44 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Launchy
[2011/03/22 15:54:00 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Leadertech
[2011/07/08 10:01:43 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\LockHunter
[2012/01/06 19:17:31 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\MediaMonkey
[2011/09/26 09:51:37 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Mp3tag
[2011/08/13 21:11:45 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\MusicBrainz
[2011/03/22 19:16:19 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\NetMeter
[2011/09/02 17:23:18 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\NexusFont
[2011/04/01 13:16:46 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\OpenOffice.org
[2012/01/06 19:28:57 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Orbit
[2011/03/25 23:15:59 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Outertech
[2011/11/02 17:51:58 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Panda Security
[2011/08/18 13:38:24 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\PDF Writer
[2011/06/09 19:30:40 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\ProgSense
[2011/03/26 22:34:39 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Q-Dir
[2011/05/22 22:44:13 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\QMC
[2011/09/28 12:12:32 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\QuickZip
[2011/09/11 21:12:47 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Red Chair Software
[2011/07/22 06:31:13 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Rokario
[2011/07/07 15:24:22 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\uGet
[2012/01/06 19:33:10 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\uTorrent
[2011/06/29 12:01:16 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\webex
[2011/04/22 23:43:17 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\WinBar
[2011/07/07 08:45:36 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\WOW64Menu
[2011/09/11 15:39:24 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Zoner
[2012/01/06 19:27:15 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012/01/06 19:22:51 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

#8
Render

Posted 07 January 2012 - 09:57 AM

Trusted Helper

Malware Removal
4,195 posts

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here and double click on mbam-setup.exe to install the application

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Click on Check for Updates button.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

#9
Oyml

Posted 07 January 2012 - 10:58 AM

Member

Topic Starter
Member
35 posts

CNET, where MalwareBytes hosts the AntiMalware product, is blocked by OpenDNS due to questionable practices by them and the way they host downloads. Instead, I downloaded the program from MajorGeeks.com.

The good news is that it did not detect any suspicious files. Here's the log:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.07.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jon-Alan :: OYML [administrator]

1/7/2012 11:30:44 AM
mbam-log-2012-01-07 (11-30-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238085
Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10
Render

Posted 08 January 2012 - 10:17 AM

Trusted Helper

Malware Removal
4,195 posts

We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image

#11
Oyml

Posted 08 January 2012 - 08:17 PM

Member

Topic Starter
Member
35 posts

Well, the scan has been running for the last 7 1/2 hours and it still estimates another 18 hours to go, so I'll post the results when it's done.

#12
Render

Posted 09 January 2012 - 11:25 AM

Trusted Helper

Malware Removal
4,195 posts

OK.

#13
Oyml

Posted 09 January 2012 - 07:29 PM

Member

Topic Starter
Member
35 posts

That took a crazy long time, but it finally finished.

The scan produced the following threats report:

Status: Deleted (events: 2)
1/9/2012 8:14:24 PM Deleted adware not-a-virus:AdWare.Win32.Gaba.kie Y:\Torrents\Software\DVDFab Platinum 5.2.2.2 - Final Ghosthunter\DVDFab5222.exe//data0022 Medium
1/9/2012 8:14:24 PM Deleted adware not-a-virus:AdWare.Win32.Gaba.kie Y:\Torrents\Software\DVDFab Platinum 5.2.2.2 - Final Ghosthunter\DVDFab5222.exe Medium

Attached is the ZIP file from the system scan.

Attached Files

avptool_sysinfo.zip 167KB 92 downloads

#14
Oyml

Posted 10 January 2012 - 06:08 PM

Member

Topic Starter
Member
35 posts

UPDATE:

Today, my wife's email sent out another piece of spam. In case you are interested, this is the text of it:

RE: Hey, I finally found this opportunity!!

hi there...

my credit was slowly crumbling now I can spend my paychecks however I choose I was in desperate need of an alternative...
http://krtko.borec.c...e/91ColinAlien/

everything worked out in my favor
you would excell at this.

ttyl.

The headers all look legit from what I can see. The only weird thing I see is the Message-ID field:<(Numbers removed)[email protected]>. Could this have originated from our Android phones?