Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spam originating from my email [Solved]


  • This topic is locked This topic is locked

#16
Oyml

Oyml

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Both phones were scanned with Avast and nothing was found.
  • 0

Advertisements


#17
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. We can't do anything about spam. How is your computer running? Any other problems?
  • 0

#18
Oyml

Oyml

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
The computer appears to be running fine.

Would there possibly be something hiding under my wife's login that a scan with me logged in wouldn't find? I don't think so, but it is worth asking.
  • 0

#19
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
It's possible. Let's take a look:

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

  • 0

#20
Oyml

Oyml

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
OTL logfile created on: 1/16/2012 8:56:54 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jon-Alan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 27.89% Memory free
11.50 Gb Paging File | 6.15 Gb Available in Paging File | 53.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.33 Gb Total Space | 169.05 Gb Free Space | 18.43% Space Free | Partition Type: NTFS
Drive X: | 914.43 Gb Total Space | 76.27 Gb Free Space | 8.34% Space Free | Partition Type: NTFS
Drive Y: | 465.65 Gb Total Space | 93.63 Gb Free Space | 20.11% Space Free | Partition Type: FAT32
Drive Z: | 1831.80 Gb Total Space | 534.21 Gb Free Space | 29.16% Space Free | Partition Type: NTFS

Computer Name: OYML | User Name: Jon-Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011/12/21 02:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/12/21 02:24:51 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Users\Danielle\AppData\Local\Mozilla\Firefox\Mozilla Firefox\updates\0\updater.exe
PRC - [2011/12/13 19:26:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jon-Alan\Desktop\OTL.exe
PRC - [2011/10/21 09:51:20 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/09/05 12:04:56 | 001,489,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2011/08/24 15:32:42 | 000,074,240 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2011/07/29 14:31:40 | 001,249,064 | ---- | M] () -- C:\ProgramData\TVersity\Media Server\MediaServer.exe
PRC - [2011/07/09 09:49:31 | 000,034,728 | ---- | M] (Arainia Solutions) -- C:\Program Files (x86)\Gizmo\gservice.exe
PRC - [2011/07/09 09:49:30 | 000,223,640 | ---- | M] (Arainia Solutions) -- C:\Program Files (x86)\Gizmo\gizmo.exe
PRC - [2011/06/29 08:29:44 | 000,217,256 | ---- | M] (Panda Security) -- C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
PRC - [2011/06/28 09:03:22 | 001,843,000 | ---- | M] (Orbitdownloader.com) -- C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
PRC - [2011/06/27 09:05:26 | 000,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Program Files (x86)\Orbitdownloader\orbitnet.exe
PRC - [2011/06/25 11:30:46 | 000,884,696 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/02 09:54:16 | 000,802,758 | ---- | M] () -- C:\Program Files (x86)\AX\AX.exe
PRC - [2011/04/28 13:01:20 | 000,439,616 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2011/04/28 12:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011/04/19 01:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2011/02/25 20:21:50 | 000,665,104 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\Browser Guard\tmiegsrv.exe
PRC - [2011/02/25 20:20:58 | 000,787,984 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\Browser Guard\BGUI.exe
PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011/01/06 17:46:06 | 000,440,103 | ---- | M] () -- C:\Program Files (x86)\QuickMonth Calendar\qmc.exe
PRC - [2010/12/17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
PRC - [2010/12/17 09:33:06 | 001,103,184 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
PRC - [2010/12/15 01:54:24 | 000,445,048 | ---- | M] (F5 Networks) -- C:\Windows\Downloaded Program Files\TunnelServer.exe
PRC - [2010/11/10 18:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe
PRC - [2010/10/12 12:57:40 | 000,354,232 | ---- | M] (GP Software) -- C:\Program Files\GPSoftware\Directory Opus\dopusx64.exe
PRC - [2010/07/28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/07/28 16:33:58 | 006,995,864 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010/07/28 16:33:58 | 001,485,208 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2010/07/04 14:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
PRC - [2010/03/24 15:26:02 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
PRC - [2009/12/23 15:59:42 | 000,232,064 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
PRC - [2009/12/23 15:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\AsHookDevice.exe
PRC - [2009/06/04 17:10:56 | 005,777,408 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2009/03/12 20:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/19 12:17:24 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2008/06/01 16:05:02 | 001,529,856 | ---- | M] (Rokario Software) -- C:\Program Files (x86)\Rokario\Bandwidth Monitor\bandmon.exe
PRC - [2007/01/01 16:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe
PRC - [2005/10/12 11:22:40 | 000,184,320 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Music Anywhere\LMASysTray.exe
PRC - [2002/04/17 09:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/21 02:24:51 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/04 09:54:51 | 000,930,304 | ---- | M] () -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2011/09/28 14:34:43 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/05 12:04:56 | 000,249,232 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2011/07/09 09:49:31 | 000,404,384 | ---- | M] () -- C:\Program Files (x86)\Gizmo\gdatabase.dll
MOD - [2011/07/09 09:49:31 | 000,394,656 | ---- | M] () -- C:\Program Files (x86)\Gizmo\gdrive.dll
MOD - [2011/07/09 09:49:31 | 000,372,632 | ---- | M] () -- C:\Program Files (x86)\Gizmo\ghash.dll
MOD - [2011/07/09 09:49:31 | 000,339,864 | ---- | M] () -- C:\Program Files (x86)\Gizmo\gscript.dll
MOD - [2011/07/09 09:49:31 | 000,339,864 | ---- | M] () -- C:\Program Files (x86)\Gizmo\geditor.dll
MOD - [2011/07/09 09:49:30 | 000,315,800 | ---- | M] () -- C:\Program Files (x86)\Gizmo\gmanager.dll
MOD - [2011/07/09 09:49:30 | 000,166,816 | ---- | M] () -- C:\Program Files (x86)\Gizmo\gimage.dll
MOD - [2011/06/28 09:01:38 | 000,397,312 | ---- | M] () -- C:\Program Files (x86)\Orbitdownloader\wtlctrl.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/02 09:54:16 | 000,802,758 | ---- | M] () -- C:\Program Files (x86)\AX\AX.exe
MOD - [2011/04/01 12:55:36 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/01/06 17:46:06 | 000,440,103 | ---- | M] () -- C:\Program Files (x86)\QuickMonth Calendar\qmc.exe
MOD - [2010/11/10 18:39:08 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\controly.dll
MOD - [2010/11/10 18:39:00 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\calcy.dll
MOD - [2010/11/10 18:38:52 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\gcalc.dll
MOD - [2010/11/10 18:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe
MOD - [2010/11/10 18:38:40 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\runner.dll
MOD - [2010/11/10 18:38:24 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\weby.dll
MOD - [2010/11/10 18:38:08 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\verby.dll
MOD - [2010/07/28 16:34:04 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2010/07/28 16:02:58 | 000,658,432 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010/07/04 16:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 14:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
MOD - [2010/06/23 17:12:28 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/06/23 17:11:52 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/06/23 17:11:48 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/06/23 17:11:48 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/06/23 16:38:18 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2009/12/16 23:18:48 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Launchy\imageformats\qmng4.dll
MOD - [2009/12/16 21:13:02 | 008,314,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtGui4.dll
MOD - [2009/12/16 20:56:22 | 000,712,704 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtNetwork4.dll
MOD - [2009/12/16 20:54:46 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtCore4.dll
MOD - [2009/09/29 22:33:07 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009/06/04 17:10:56 | 005,777,408 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
MOD - [2009/03/12 20:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
MOD - [2009/01/15 16:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
MOD - [2002/04/17 09:49:22 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2002/04/17 09:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/12/19 13:58:59 | 002,779,416 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2011/11/23 08:17:26 | 000,094,992 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/04/20 01:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/17 17:25:42 | 000,181,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV:64bit: - [2010/02/09 14:55:52 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/02/11 11:33:30 | 000,560,344 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\Topos\cFosSpeed\spd.exe -- (cFosSpeedS)
SRV - [2011/12/23 23:32:17 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/24 15:32:42 | 000,074,240 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (FreemakeUtilsService)
SRV - [2011/07/29 14:31:40 | 001,249,064 | ---- | M] () [Auto | Running] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2011/07/09 09:49:31 | 000,034,728 | ---- | M] (Arainia Solutions) [Auto | Running] -- C:\Program Files (x86)\Gizmo\gservice.exe -- (Gizmo Central)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/28 12:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/12/17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe -- (RUBotSrv)
SRV - [2010/07/28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 15:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/12/16 15:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/10 15:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/23 08:17:24 | 000,158,336 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2011/08/01 06:23:26 | 000,160,520 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINAflt.sys -- (PSINAflt)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/09 09:49:32 | 000,034,704 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gizmodrv.sys -- (GizmoDrv)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/28 12:57:43 | 000,128,072 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProt.sys -- (PSINProt)
DRV:64bit: - [2011/04/28 12:57:43 | 000,121,928 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProc.sys -- (PSINProc)
DRV:64bit: - [2011/04/28 12:57:42 | 000,149,576 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PSINKNC.sys -- (PSINKNC)
DRV:64bit: - [2011/04/28 12:57:42 | 000,114,760 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINFile.sys -- (PSINFile)
DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 00:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/15 06:02:14 | 000,041,424 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\covpnv64.sys -- (urvpndrv)
DRV:64bit: - [2010/12/15 06:02:08 | 000,018,512 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urfltv64.sys -- (f5ipfw)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/06 21:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/10/28 09:11:12 | 000,170,080 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV:64bit: - [2010/09/23 02:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/07/28 23:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/03/02 06:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010/01/27 20:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/11/10 03:11:32 | 000,234,040 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/10/20 13:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/07/15 22:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/22 15:50:00 | 000,291,352 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/04 20:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/02/11 11:33:32 | 001,090,264 | ---- | M] (cFos Software GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfosspeed.sys -- (cFosSpeed)
DRV:64bit: - [2007/10/24 02:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2011/08/26 14:11:26 | 000,035,256 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys -- (IObitUnlocker)
DRV - [2011/03/22 16:04:28 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\AFS.SYS -- (AFS)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...ys=DTP&M=GT4016
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.73.0
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfn…”"

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\Firefox [2011/06/28 14:21:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/06/30 02:01:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011/08/28 15:22:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/23 23:43:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/03/22 14:18:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Extensions
[2012/01/10 07:20:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions
[2012/01/03 20:42:34 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011/12/02 07:04:39 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/11/12 09:51:31 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/08/16 18:13:59 | 000,000,000 | ---D | M] (BYTubeD - Bulk YouTube video Downloader) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions\[email protected]
[2011/11/06 08:21:01 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions\[email protected]
[2011/06/23 12:00:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\ynz33ibf.default\extensions
[2011/03/22 14:23:09 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\ynz33ibf.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011/05/03 14:12:34 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\ynz33ibf.default\extensions\[email protected]
[2011/05/01 11:05:47 | 000,004,855 | ---- | M] () -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\searchplugins\google-images.xml
[2011/05/03 14:18:13 | 000,000,705 | ---- | M] () -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\searchplugins\webster.xml
[2011/12/23 23:43:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\JON-ALAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F6RN11J2.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\JON-ALAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F6RN11J2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JON-ALAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F6RN11J2.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\JON-ALAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F6RN11J2.DEFAULT\EXTENSIONS\[email protected]
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Freemake np-plugin for google chrome (Enabled) = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
CHR - plugin: Orbit Downloader (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\nporbit.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Jon-Alan\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.7_1\
CHR - Extension: Chrome YouTube Downloader = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.6.1_1\
CHR - Extension: Adblock Plus for Google Chrome\u2122 (Beta) = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\
CHR - Extension: LastPass = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.80.2_0\
CHR - Extension: Freemake Video Converter = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: Poppit = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: FastestTube = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\phahnhbgfdhgobenebnjbgmacgpbfaag\2.0.0_0\

O1 HOSTS File: ([2012/01/11 18:16:21 | 000,438,931 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15094 more lines...
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (TMIEGBHO Class) - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files (x86)\Trend Micro\Browser Guard\X64\TMAMS64.dll (Trend Micro Inc.)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (TMIEGBHO Class) - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files (x86)\Trend Micro\Browser Guard\TMAMS.dll (Trend Micro Inc.)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3:64bit: - HKLM\..\Toolbar: (TMBGBAR TOOLBAR) - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files (x86)\Trend Micro\Browser Guard\X64\tmieg64.dll (Trend Micro Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (TMBGBAR TOOLBAR) - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files (x86)\Trend Micro\Browser Guard\tmieg.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
O4 - HKLM..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Trend Micro Browser Guard] C:\Program Files (x86)\Trend Micro\Browser Guard\BGUI.EXE (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\.DEFAULT..\Run: [EPSON WorkForce 30 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEEA.EXE /FU "C:\Windows\TEMP\E_S6AC3.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-18..\Run: [EPSON WorkForce 30 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEEA.EXE /FU "C:\Windows\TEMP\E_S6AC3.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [2ECC558A244583AC107648E9397A0C9B4872CB02._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [bandmon] C:\Program Files (x86)\Rokario\Bandwidth Monitor\bandmon.exe (Rokario Software)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [Directory Opus Desktop Dblclk] C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe (GP Software)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [EPSON WorkForce 30 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEEA.EXE /FU "C:\Users\Jon-Alan\AppData\Local\Temp\E_S402E.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [GizmoDriveDelegate] C:\Program Files (x86)\Gizmo\gizmo.exe (Arainia Solutions)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [MusicManager] C:\Users\Jon-Alan\AppData\Local\Programs\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [WinBar (x64)] C:\Program Files\WinBar\WinBar.exe (The WinBar Team)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1004..\Run: [GizmoDriveDelegate] C:\Program Files (x86)\Gizmo\gizmo.exe (Arainia Solutions)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_Plugin.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1004..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Users\Danielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AX.lnk = C:\Program Files (x86)\AX\AX.exe ()
O4 - Startup: C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\peerblock.exe (PeerBlock, LLC)
O4 - Startup: C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_78947701.lnk = C:\Users\Jon-Alan\AppData\Local\Temp\_uninst_78947701.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\..Trusted Domains: irmc.cc ([remote] https in Trusted sites)
O15 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} Reg Error: Value error. (F5 Networks VPN Manager)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://remote.irmc.cc/f5-w-687474703a2f2f332e312e31362e313033$$/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} Reg Error: Value error. (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://remote.irmc....llerControl.cab (F5 Networks Auto Update)
O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} Reg Error: Value error. (F5 Virtual Sandbox Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} Reg Error: Value error. (F5 Networks SuperHost Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} Reg Error: Value error. (F5 Networks Host Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58BECAF4-A8B8-49F8-9CFA-7F138B0EF3E5}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
O28 - HKLM ShellExecuteHooks: {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll (GP Software)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 20:55:20 | 000,000,000 | ---D | C] -- C:\MMBackup
[2012/01/16 10:44:56 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{12E9198B-2812-4211-8378-1EB01836E0D0}
[2012/01/15 22:44:27 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{02DDA504-AE30-4C8B-8B79-CC093608A4E7}
[2012/01/15 10:43:57 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{47FA8F08-31E2-4189-B4D9-6A51B37C27BB}
[2012/01/14 22:43:31 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{8C73D489-4A02-47B9-8153-4E345A92192D}
[2012/01/14 10:43:03 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{FA877C52-D2A5-4288-B6FE-16AC7D819628}
[2012/01/13 22:42:36 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{534E3685-A27E-48CF-ABF2-C6F43F55E403}
[2012/01/13 10:42:07 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{CC0CCEB9-140C-45A5-B737-068536C31FEE}
[2012/01/12 22:41:38 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{30C4D94B-18BE-46D0-8184-495712DF066C}
[2012/01/12 10:41:09 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{E7E6F832-32A8-4EDD-9AE0-384FA47DDCEA}
[2012/01/11 22:40:40 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{05635C67-72A4-45AF-8166-985D2361447A}
[2012/01/11 20:56:14 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/01/11 20:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/01/11 20:56:12 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Roaming\Notepad++
[2012/01/11 20:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2012/01/11 20:43:10 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\Documents\Perl
[2012/01/11 19:57:09 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\Documents\Modern Perl
[2012/01/11 19:52:48 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\Documents\Beginning Perl
[2012/01/11 19:43:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\GnuCash
[2012/01/11 19:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActivePerl 5.14.2 Build 1402 (64-bit)
[2012/01/11 19:29:06 | 000,000,000 | ---D | C] -- C:\Perl64
[2012/01/11 19:13:25 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\.gconfd
[2012/01/11 19:13:25 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\.gconf
[2012/01/11 19:13:23 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\.gnome2_private
[2012/01/11 19:13:23 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\.gnome2
[2012/01/11 19:13:22 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\.gnucash
[2012/01/11 19:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GnuCash
[2012/01/11 19:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gnucash
[2012/01/11 10:40:09 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{1DE0B3C5-D360-4F0C-AB0D-8B402694312F}
[2012/01/11 10:39:58 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{EE97C06B-F864-47DB-B062-C07A8CB40DC6}
[2012/01/11 07:13:30 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/11 07:13:30 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/11 07:13:30 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/11 07:13:30 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/11 07:13:30 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/11 07:13:30 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/11 01:08:45 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/11 01:08:44 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/11 01:08:44 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/11 01:08:44 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/11 01:06:22 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/11 01:05:44 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/11 01:05:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/10 22:39:28 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{3F8D12F3-E3BC-4129-8AE5-15B8EB3CC9F1}
[2012/01/10 10:38:58 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{347E0ABD-1AD6-4878-B77C-1EF947DD5659}
[2012/01/09 22:38:28 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{23586B5E-94EC-46CD-9780-432D73012D50}
[2012/01/09 10:37:58 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{9EC9C4C8-9F60-4FF8-9D66-EF96E5DDD063}
[2012/01/08 22:36:51 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{FF5DB99D-89BB-4B2B-96FD-E3240F310838}
[2012/01/08 10:35:42 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{27DB3E28-1BFE-4714-B057-51B381A3DC74}
[2012/01/08 10:35:19 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{EEEF36B8-591B-4B35-A6A4-38D127CC0B0A}
[2012/01/07 23:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/01/07 23:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/01/07 21:39:27 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{41F59D08-AAC6-4A11-9A28-AF8D79094BD9}
[2012/01/07 09:38:59 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{3CABCF77-836C-4781-89C2-FAC2BA1F0DFC}
[2012/01/06 21:38:26 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{0A70BAD7-AF56-42CD-AC41-64DB9B2DEFC8}
[2012/01/06 21:38:10 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{E94F682F-B203-4450-9DC2-952BB3F80958}
[2012/01/06 19:18:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/06 09:37:39 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{1EAC0E8A-3D98-441D-9B20-959D92DC0903}
[2012/01/05 21:37:09 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{96076DF4-CA0A-4620-A032-B2AB3E6462F0}
[2012/01/05 21:36:57 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{280BF42F-E079-4732-87CE-50A4AB80F753}
[2012/01/05 19:40:45 | 004,704,768 | ---- | C] (AVAST Software) -- C:\Users\Jon-Alan\Desktop\aswMBR.exe
[2012/01/05 09:36:25 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{DFE6747E-3E5F-434F-B1A0-F3FF27B56B70}
[2012/01/04 21:35:54 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{42DC6755-1821-44B1-99AE-505A2F036941}
[2012/01/04 20:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/01/04 09:35:25 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{7C248CA4-8F74-43E6-9276-6E6177A39170}
[2012/01/03 21:34:54 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{53FD36F5-A27A-46C3-9DF7-E4DFFADC6188}
[2012/01/03 09:34:25 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{6975630B-2AEA-4B89-8BAE-2E0FF4A4722D}
[2012/01/03 09:34:13 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{2CBFB4A9-2A0C-4777-AB5E-0AE050F0B00A}
[2012/01/02 21:33:45 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{F232EE87-9045-4572-A1F8-03F51652AB78}
[2012/01/02 09:33:18 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{D6FD3896-89CB-4640-93D3-5E0CCBF3BAB9}
[2012/01/01 21:32:51 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{27672EEA-2907-4B8D-9A85-64137D8208D7}
[2012/01/01 09:32:23 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{389E88EB-B3B6-4864-B91E-17FBDC4A20BE}
[2011/12/31 21:31:56 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{05F6A017-9328-43F2-871B-A87097DB72B1}
[2011/12/31 09:31:29 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{1ED64A3B-FC3B-40E4-A6BE-F37F7BE827B7}
[2011/12/30 21:31:01 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{4F159F96-0C88-4848-A627-98AE77C97559}
[2011/12/30 09:30:30 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{393B909C-6F83-436E-8694-2A442CCEBDFE}
[2011/12/29 21:30:01 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{FABA5AF3-AC93-4A50-9937-BDF0BAFB66A9}
[2011/12/29 09:29:23 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{0E78773F-24F5-498C-9846-EB4E75D79464}
[2011/12/29 09:29:11 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{3294D7D6-6833-4AC9-8242-BBC1373FF4D1}
[2011/12/28 21:28:39 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{A2D32E0A-DDE1-4FEC-8299-00CAA5494E37}
[2011/12/28 21:28:26 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{2A25A222-4EE5-4A33-AEDD-A178D9E53BE1}
[2011/12/28 07:43:06 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{6D6E1CFA-424F-46C3-8223-29F735D651EA}
[2011/12/27 21:10:19 | 000,000,000 | ---D | C] -- C:\Windows\MSAgent64
[2011/12/27 21:08:05 | 000,000,000 | ---D | C] -- C:\What the...
[2011/12/27 20:52:38 | 000,000,000 | ---D | C] -- C:\Windows\msagent
[2011/12/27 20:51:59 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Karen's Power Tools
[2011/12/27 20:51:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerToy
[2011/12/27 20:51:47 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2011/12/27 20:51:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2011/12/27 20:45:05 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\Karen's Power Tools
[2011/12/27 20:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Karen's Power Tools
[2011/12/27 20:45:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Karen's Power Tools
[2011/12/27 20:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Karen's Power Tools
[2011/12/27 19:42:37 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{10E95953-DA6D-4E7B-9849-B3D9431A1A92}
[2011/12/27 07:42:07 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{49DE9BC4-93DF-463A-A37A-85A1D5D3F021}
[2011/12/26 21:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmoK Exif Sorter
[2011/12/26 21:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\AmoK Exif Sorter
[2011/12/26 19:41:37 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{8BA1528D-8696-4E7C-810D-BB514D6B9FD8}
[2011/12/25 19:41:36 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{B09B0DD5-86C7-4112-9848-3022F493AE1C}
[2011/12/25 07:42:43 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{5A7B935B-AEAA-41F6-BC6C-1776E857EEA5}
[2011/12/24 19:42:12 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{71F44D2E-944A-4DF3-AB01-C709556EEC44}
[2011/12/24 07:41:38 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{2BE6A451-D387-4C7E-9F80-2F5DEF4E6BB7}
[2011/12/24 07:41:26 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{B9F46636-AAEC-4855-86BD-E05C0ECEA7BB}
[2011/12/23 23:31:53 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/12/23 23:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/12/23 23:27:48 | 000,750,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2011/12/23 23:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2011/12/23 19:40:54 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{19B0E09A-C3D2-48B0-9092-262D40231696}
[2011/12/23 07:40:24 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{93A63ED7-276D-43CE-B739-9D1E6912AA32}
[2011/12/23 07:40:13 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{FD150950-3FD0-45DD-B76E-15BDC014F361}
[2011/12/23 07:28:15 | 000,417,440 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2011/12/22 19:39:44 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{2CCF7AC3-4AA9-48DD-BA4D-12CE78C83D84}
[2011/12/22 07:39:14 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{AEFC7816-A352-431A-8D68-9D9C573BC988}
[2011/12/21 19:38:43 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{BD3A36AC-51EC-4C4C-923B-78523A431764}
[2011/12/21 07:38:12 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{907DAAC4-CB70-4690-B164-AC4584985E1D}
[2011/12/20 19:37:40 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{2740F04C-1C29-45C7-B2E8-50BA867EB87C}
[2011/12/20 19:02:26 | 004,448,256 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2011/12/20 07:37:06 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{F27D4B6E-7CC1-4130-A25D-7A313DF567C5}
[2011/12/19 23:02:24 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Roaming\EPSON
[2011/12/19 21:09:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/12/19 19:36:36 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{06CC94A2-3B82-4961-8FDB-80C39ADABFC5}
[2011/12/19 17:57:23 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/12/19 17:57:23 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/12/19 17:57:23 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/12/19 10:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/19 10:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/19 10:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/19 07:36:04 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{E46CF97A-91ED-450B-95EA-44FE7530690C}
[2011/12/18 07:39:09 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{4C2046E1-995D-463E-96C0-20BA1AAF6033}
[2011/05/03 14:12:33 | 012,535,496 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe

========== Files - Modified Within 30 Days ==========

[2012/01/16 21:00:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/01/16 20:56:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/16 20:53:35 | 000,000,218 | ---- | M] () -- C:\Users\Jon-Alan\.recently-used.xbel
[2012/01/16 20:03:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1598078781-1720070030-2464047777-1005UA.job
[2012/01/16 12:25:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/01/16 12:03:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1598078781-1720070030-2464047777-1005Core.job
[2012/01/16 10:56:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/15 15:06:35 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/15 15:06:35 | 000,660,608 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/15 15:06:35 | 000,121,722 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/15 14:01:30 | 000,001,893 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
[2012/01/15 14:01:21 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/01/14 11:05:08 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/14 11:05:08 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/11 18:16:21 | 000,438,931 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/11 17:30:23 | 000,063,975 | ---- | M] () -- C:\Users\Jon-Alan\Documents\enredados-disney-tangled-rapunzel-raiponce-dibujos-para-pintar-colorear-coloring-pages.jpg
[2012/01/11 17:29:10 | 000,106,170 | ---- | M] () -- C:\Users\Jon-Alan\Desktop\rapunzel-coloring-pages-2.jpg
[2012/01/11 07:16:28 | 000,000,632 | RHS- | M] () -- C:\Users\Jon-Alan\ntuser.pol
[2012/01/11 07:15:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/11 07:15:40 | 334,893,055 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/09 20:24:49 | 000,171,003 | ---- | M] () -- C:\Users\Jon-Alan\Desktop\avptool_sysinfo.zip
[2012/01/09 20:14:19 | 000,000,176 | -HS- | M] () -- C:\Windows\7390763drv.spi
[2012/01/08 13:42:41 | 000,001,013 | ---- | M] () -- C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_78947701.lnk
[2012/01/08 00:07:21 | 000,773,860 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/07 11:27:45 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/05 22:30:50 | 000,000,352 | ---- | M] () -- C:\Users\Jon-Alan\AppData\Roaming\Network Meter_Settings.ini
[2012/01/05 22:30:36 | 000,000,412 | ---- | M] () -- C:\Users\Jon-Alan\AppData\Roaming\All CPU Meter_Settings.ini
[2012/01/05 21:43:34 | 000,000,590 | ---- | M] () -- C:\Users\Jon-Alan\Desktop\MBR.zip
[2012/01/05 21:38:10 | 000,000,512 | ---- | M] () -- C:\Users\Jon-Alan\Desktop\MBR.dat
[2012/01/05 19:52:52 | 004,704,768 | ---- | M] (AVAST Software) -- C:\Users\Jon-Alan\Desktop\aswMBR.exe
[2011/12/28 06:37:50 | 000,000,240 | ---- | M] () -- C:\ProgramData\naughtypirates.exe
[2011/12/27 20:51:47 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2011/12/27 20:51:47 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2011/12/27 20:47:05 | 000,005,478 | ---- | M] () -- C:\Users\Jon-Alan\Documents\Directory Printer.pdf
[2011/12/23 23:44:31 | 000,002,084 | ---- | M] () -- C:\Users\Jon-Alan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/23 23:44:02 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/23 23:32:16 | 000,417,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2011/12/23 23:32:16 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/23 23:27:42 | 000,263,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2011/12/23 23:27:42 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2011/12/23 23:27:42 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2011/12/23 23:27:41 | 000,750,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2011/12/23 23:27:41 | 000,660,368 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2011/12/23 22:54:32 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/12/20 22:16:28 | 000,004,608 | ---- | M] () -- C:\Users\Jon-Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/20 19:02:26 | 004,448,256 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2011/12/19 23:34:04 | 000,024,830 | ---- | M] () -- C:\Users\Jon-Alan\Documents\Address Book.ods
[2011/12/19 13:59:15 | 000,022,696 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2011/12/19 13:58:57 | 000,041,200 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2011/12/19 13:58:55 | 000,301,224 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2011/12/19 13:58:54 | 000,389,840 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll

========== Files Created - No Company Name ==========

[2012/01/16 20:53:35 | 000,000,218 | ---- | C] () -- C:\Users\Jon-Alan\.recently-used.xbel
[2012/01/11 17:30:21 | 000,063,975 | ---- | C] () -- C:\Users\Jon-Alan\Documents\enredados-disney-tangled-rapunzel-raiponce-dibujos-para-pintar-colorear-coloring-pages.jpg
[2012/01/11 17:29:09 | 000,106,170 | ---- | C] () -- C:\Users\Jon-Alan\Desktop\rapunzel-coloring-pages-2.jpg
[2012/01/09 20:17:28 | 000,171,003 | ---- | C] () -- C:\Users\Jon-Alan\Desktop\avptool_sysinfo.zip
[2012/01/09 20:14:19 | 000,000,176 | -HS- | C] () -- C:\Windows\7390763drv.spi
[2012/01/08 13:42:41 | 000,001,013 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_78947701.lnk
[2012/01/07 11:27:45 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/05 22:30:50 | 000,000,352 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Roaming\Network Meter_Settings.ini
[2012/01/05 22:30:36 | 000,000,412 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Roaming\All CPU Meter_Settings.ini
[2012/01/05 21:43:34 | 000,000,590 | ---- | C] () -- C:\Users\Jon-Alan\Desktop\MBR.zip
[2012/01/05 21:38:10 | 000,000,512 | ---- | C] () -- C:\Users\Jon-Alan\Desktop\MBR.dat
[2011/12/28 06:37:50 | 000,000,240 | ---- | C] () -- C:\ProgramData\naughtypirates.exe
[2011/12/27 20:46:13 | 000,005,478 | ---- | C] () -- C:\Users\Jon-Alan\Documents\Directory Printer.pdf
[2011/12/23 23:44:02 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/23 07:28:16 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/11/24 21:31:54 | 000,885,749 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Local\census.cache
[2011/11/24 21:31:20 | 000,177,072 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Local\ars.cache
[2011/11/23 20:39:27 | 000,000,036 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Local\housecall.guid.cache
[2011/11/11 19:38:22 | 000,004,608 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/28 21:35:39 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2011/08/28 14:56:23 | 000,001,846 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/08/23 12:48:20 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/06/08 14:29:13 | 000,002,130 | ---- | C] () -- C:\Windows\CDPlayer.ini
[2011/06/05 22:05:52 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE
[2011/05/14 21:30:56 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011/04/08 23:57:15 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/04/04 23:29:35 | 000,007,605 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Local\Resmon.ResmonCfg
[2011/03/29 10:38:49 | 000,000,578 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Roaming\AutoGK.ini
[2011/03/25 23:23:30 | 000,010,450 | ---- | C] () -- C:\Windows\Q-Dir.ini
[2011/03/25 23:06:42 | 000,002,869 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
[2011/03/25 23:06:34 | 000,002,900 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
[2011/03/25 23:06:27 | 000,003,002 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
[2011/03/25 23:06:20 | 000,002,862 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Length Split] Codec.dat
[2011/03/25 23:06:12 | 000,002,903 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
[2011/03/25 23:06:03 | 000,002,999 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
[2011/03/25 23:05:37 | 000,002,871 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
[2011/03/25 23:05:27 | 000,002,879 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
[2011/03/25 23:05:19 | 000,005,894 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp CD Writer.dat
[2011/03/25 23:05:01 | 000,001,850 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
[2011/03/25 23:05:00 | 000,001,230 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Wave64 Codec.dat
[2011/03/25 23:04:59 | 000,011,479 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
[2011/03/25 23:04:59 | 000,002,234 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
[2011/03/25 23:04:55 | 000,003,014 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp WavPack Codec.dat
[2011/03/25 23:04:55 | 000,001,212 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Dalet Codec.dat
[2011/03/25 23:04:48 | 000,003,071 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2011/03/25 23:04:42 | 000,003,159 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
[2011/03/25 23:04:36 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
[2011/03/25 23:04:30 | 000,002,993 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2011/03/25 23:04:24 | 000,002,849 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
[2011/03/25 23:03:57 | 000,012,502 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/03/25 23:03:55 | 006,908,648 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/03/25 23:03:55 | 000,017,686 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/03/25 00:07:45 | 000,773,860 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/24 23:23:01 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2011/03/22 16:07:03 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\VegaShEx.dll
[2011/03/22 16:06:59 | 000,308,224 | ---- | C] () -- C:\Windows\SysWow64\Lffpx7.dll
[2011/03/22 16:06:59 | 000,091,136 | ---- | C] () -- C:\Windows\SysWow64\Lfkodak.dll
[2011/03/22 15:48:18 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/03/22 15:48:18 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/03/22 15:48:18 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/03/22 15:48:18 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/03/22 15:48:18 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/03/22 15:48:18 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/03/22 15:48:18 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/03/22 15:48:18 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/03/22 15:48:18 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/03/22 15:48:18 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/03/22 15:48:18 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/03/22 15:48:18 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/03/22 15:48:18 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/03/22 15:48:18 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/03/22 15:48:18 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/03/22 15:48:18 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/03/22 15:47:32 | 000,000,044 | ---- | C] () -- C:\Windows\EPWF30.ini
[2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/02 11:56:57 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2010/11/02 11:56:28 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll
[2010/11/02 11:56:12 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/11/02 11:56:12 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/11/02 11:56:11 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/11/02 11:56:11 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/11/02 11:54:33 | 000,009,922 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/11/02 11:54:31 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2010/11/02 11:54:31 | 000,006,272 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/11/02 11:54:31 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/11/02 11:52:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/01/25 16:10:48 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/01/08 18:01:22 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2003/10/06 03:21:31 | 000,000,000 | -H-- | C] () -- C:\ProgramData\sdpsenv.dat
[2002/10/15 17:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2002/06/11 02:08:00 | 000,023,180 | ---- | C] () -- C:\Windows\SysWow64\evgainit.sys

========== LOP Check ==========

[2011/05/28 08:12:41 | 000,000,000 | ---D | M] -- C:\Users\Addison\AppData\Roaming\LastPass
[2011/05/02 11:37:42 | 000,000,000 | ---D | M] -- C:\Users\Addison\AppData\Roaming\Launchy
[2011/06/28 14:27:04 | 000,000,000 | ---D | M] -- C:\Users\Addison\AppData\Roaming\Orbit
[2011/06/28 10:52:40 | 000,000,000 | ---D | M] -- C:\Users\Addison\AppData\Roaming\ProgSense
[2011/07/12 08:28:34 | 000,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Gizmo
[2011/05/04 09:43:51 | 000,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\LastPass
[2011/04/12 21:57:05 | 000,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Launchy
[2011/06/09 07:12:48 | 000,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\OpenOffice.org
[2012/01/15 14:01:30 | 000,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Orbit
[2011/12/26 20:22:58 | 000,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Outertech
[2011/09/01 10:43:07 | 000,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\PDF Writer
[2011/06/29 03:08:00 | 000,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\ProgSense
[2011/11/23 07:08:20 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Amazon
[2011/04/22 01:15:56 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Ashampoo
[2011/09/20 17:57:42 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Audacity
[2011/03/24 23:15:45 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Auslogics
[2011/06/10 12:42:53 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\BITS
[2011/04/21 23:08:59 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Canneverbe Limited
[2011/09/02 09:22:10 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\cryptlib
[2011/06/16 23:18:14 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\CUE Tools
[2011/03/25 23:49:30 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\cYo
[2011/08/31 23:13:16 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\dBpoweramp
[2011/04/22 00:19:46 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\DeepBurner
[2011/08/29 00:14:21 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\DVDFab
[2011/06/08 10:49:00 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\EAC
[2011/12/19 23:02:24 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\EPSON
[2011/03/27 00:00:14 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\EurekaLog
[2011/03/24 23:22:51 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\FlashGet
[2011/03/24 23:22:48 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\FlashGetBHO
[2012/01/08 10:37:40 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\foobar2000
[2011/03/26 22:46:47 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\FreeFileSync
[2011/06/05 22:02:33 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\GetRightToGo
[2011/07/09 20:57:55 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Gizmo
[2011/03/28 23:31:36 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\GlarySoft
[2011/04/10 23:05:29 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Gmote
[2011/04/05 00:04:36 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\GPSoftware
[2011/06/09 19:30:34 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\GrabPro
[2011/07/07 15:24:39 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\gtk-2.0
[2011/04/02 19:48:05 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\HandBrake
[2011/12/14 18:04:44 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Launchy
[2011/03/22 15:54:00 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Leadertech
[2011/07/08 10:01:43 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\LockHunter
[2012/01/16 20:55:18 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\MediaMonkey
[2011/09/26 09:51:37 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Mp3tag
[2011/08/13 21:11:45 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\MusicBrainz
[2011/03/22 19:16:19 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\NetMeter
[2011/09/02 17:23:18 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\NexusFont
[2012/01/16 20:53:40 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Notepad++
[2011/04/01 13:16:46 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\OpenOffice.org
[2012/01/11 19:58:37 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Orbit
[2011/03/25 23:15:59 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Outertech
[2011/11/02 17:51:58 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Panda Security
[2011/08/18 13:38:24 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\PDF Writer
[2011/06/09 19:30:40 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\ProgSense
[2011/03/26 22:34:39 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Q-Dir
[2011/05/22 22:44:13 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\QMC
[2011/09/28 12:12:32 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\QuickZip
[2011/09/11 21:12:47 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Red Chair Software
[2011/07/22 06:31:13 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Rokario
[2011/07/07 15:24:22 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\uGet
[2012/01/16 20:56:14 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\uTorrent
[2011/06/29 12:01:16 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\webex
[2011/04/22 23:43:17 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\WinBar
[2011/07/07 08:45:36 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\WOW64Menu
[2011/09/11 15:39:24 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Zoner
[2012/01/15 14:01:21 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012/01/06 19:22:51 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< End of report >
  • 0

#21
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

    :OTL
    [2011/12/28 06:37:50 | 000,000,240 | ---- | M] () -- C:\ProgramData\naughtypirates.exe
      	
    :Files
    ipconfig /flushdns /c
    
    :Reg
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYJAVA]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#22
Oyml

Oyml

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
All processes killed
========== OTL ==========
C:\ProgramData\naughtypirates.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jon-Alan\Desktop\cmd.bat deleted successfully.
C:\Users\Jon-Alan\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Addison
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Danielle
->Temp folder emptied: 732681 bytes
->Temporary Internet Files folder emptied: 5835494 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 58684561 bytes
->Flash cache emptied: 802 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jon-Alan
->Temp folder emptied: 523339347 bytes
->Temporary Internet Files folder emptied: 45717123 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 205216604 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3126 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2432 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50132 bytes
RecycleBin emptied: 1634692738 bytes

Total Files Cleaned = 2,360.00 mb


[EMPTYJAVA]

User: Addison
->Java cache emptied: 0 bytes

User: Admin

User: All Users

User: Danielle
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Jon-Alan
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Addison
->Flash cache emptied: 0 bytes

User: Admin

User: All Users

User: Danielle
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jon-Alan
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 01182012_173939

Files\Folders moved on Reboot...
C:\Users\Danielle\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Danielle\AppData\Local\Mozilla\Firefox\Profiles\nwkx5knf.default\startupCache\startupCache.4.little moved successfully.
C:\Users\Danielle\AppData\Local\Mozilla\Firefox\Profiles\nwkx5knf.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Danielle\AppData\Local\Mozilla\Firefox\Profiles\nwkx5knf.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Danielle\AppData\Local\Mozilla\Firefox\Profiles\nwkx5knf.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Danielle\AppData\Local\Mozilla\Firefox\Profiles\nwkx5knf.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Danielle\AppData\Local\Mozilla\Firefox\Profiles\nwkx5knf.default\urlclassifier3.sqlite moved successfully.
C:\Users\Jon-Alan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
  • 0

#23
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Spam is still coming?
  • 0

#24
Oyml

Oyml

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Last email came on Friday from my wife's account. The last one sent from my account was about a month or more ago.
  • 0

#25
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Can you please copy and paste content of these two mails? If possible include a header of mails.
  • 0

Advertisements


#26
Oyml

Oyml

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
This was the email sent from my wife's account, with email addresses edited out:

From <my wife's account name> Fri Jan 13 10:47:14 2012
X-Apparently-To: <My email address> via 68.180.196.144; Fri, 13 Jan 2012 10:47:16 -0800
Return-Path: <my wife's email address>
Received-SPF: none (domain of bellsouth.net does not designate permitted sender hosts)
ZCB1cCBzbyBtdWNoIEkgY29uc2lkZXIgbXlzZWxmIGx1Y2t5IHRvIGhhdmUg
Zm91bmQgdGhpcyBJIGtuZXcgSSBoYWQgdG8gbWFrZSBhIG1vdmUgZmFzdCEK
aHR0cDovL21lbGthbS5wbC9jdXJyZW50ZXZlbnRzLzkyVGltb3RoeUphY2tz
b24vIEkgc3RhcnRlZCBhbmQgbmV2ZXIgbG9va2VkIGJhY2sKdGhpbmsgYWJv
dXQgaXQhCnRhbGsgdG8geW91IGxhdGVyLi4uATABAQEB
X-YMailISG: QzA8ioEWLDszQyMYPzk03WhwgOUpoz2uppblymO7AIIewRCc
tKq_RZ858SDOjwL_JG4YHwW0kLPB24Hhn_0b2a5iKwzd0d8JH3zYV3qiaGMw
qZNn8CcYfxjVytE2.rs1FpuYpQ.zxdpprbFacX5lg3fhWQze0jsNu5TH9tXz
9Cg2U9csF_uQLYSm1dMfeA97JGgCHoDl_kaRYiHlKQlVIhkr84qbbNbOQ5BR
FCSdHgfJZP6tf7kmgFmYqdTyL0zTqVTobgyWfFdW8v01S_zY1R6P4LVoRYut
3eyoq49Gqu4ZiO0P0SjY0leQuXEao8WKu5kuXiNkPF9i_zJQWeb9nqnb0MsF
X.SD9RQt8.aiTFzCyDRyJ0pTADXdQQnL8cCnVCTVhjhxltxf3iZMOgmEQvuK
_Q1D2yZhPC8-
X-Originating-IP: [98.139.44.183]
Authentication-Results: mta1010.sbc.mail.sp1.yahoo.com from=bellsouth.net; domainkeys=pass (ok); from=bellsouth.net; dkim=pass (ok)
Received: from 98.139.44.191 (EHLO fgateway03.isp.att.net) (204.127.217.73)
by mta1010.sbc.mail.sp1.yahoo.com with SMTP; Fri, 13 Jan 2012 10:47:16 -0800
Authentication-Results: isp.att.net;
domainkey=pass (no signature error) header.From=<my wife's email address>
Received: from nm24-vm1.access.bullet.mail.sp2.yahoo.com ([98.139.44.183])
by isp.att.net (frfwmxc03) with SMTP
id <20120113184714M0300cue6te>; Fri, 13 Jan 2012 18:47:14 +0000
X-Originating-IP: [98.139.44.183]
Received: from [98.139.44.103] by nm24.access.bullet.mail.sp2.yahoo.com with NNFMP; 13 Jan 2012 18:47:14 -0000
Received: from [98.139.44.85] by tm8.access.bullet.mail.sp2.yahoo.com with NNFMP; 13 Jan 2012 18:47:14 -0000
Received: from [127.0.0.1] by omp1022.access.mail.sp2.yahoo.com with NNFMP; 13 Jan 2012 18:47:14 -0000
X-Yahoo-Newman-Property: ymail-5
X-Yahoo-Newman-Id: [email protected]
Received: (qmail 85828 invoked by uid 60001); 13 Jan 2012 18:47:14 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bellsouth.net; s=s1024; t=1326480434; bh=Jfg7nbH2XlRkheiEOuR7XivPPAocOBTM8zLO8VX97Hs=; h=Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type; b=k4ryh6LdUQ2g+UInRi/QfVprF0muekh882sv4sEyvRc2JFfsn9W5cN77/heat9xK7rTYxIHZNBiz1tEJCxHxX3goC3ehqreTQfhY/ekwJwtJ7kd3oab3XcZ1NBsdQQC/+y7pefpG8DIckf+FRbewoiw5vqIJeZ3gNOfo5+e2Sco=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=bellsouth.net;
h=Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type;
b=TNesXYE1T1Dzkn9GKhBd7Dco4RmhnC5U3qu+HGByzyUXBPRK+xGaz+NadlRRxDOOKvEpIlIIdKEr8NkJ9yvV3W71NDlfwlvqwPuZ9tP4s+3WhMZupidcLuyxDtT50bCk99knxMACZYlYPr25MssXuPMMFvgACZzgcAvdTz71UGY=;
Received: from [201.243.75.191] by web180413.mail.gq1.yahoo.com via HTTP; Fri, 13 Jan 2012 10:47:14 PST
X-Mailer: YahooMailWebService/0.8.115.331698
Message-ID: <[email protected]>
Date: Fri, 13 Jan 2012 10:47:14 -0800 (PST)
From: <my wife's account name> <my wife's email address>
Subject: this has been your time to shine.
To: <list of my wife's contacts from yahoo mail>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-1952832855-1709166327-1326480434=:85239"
Content-Length: 984

this has been your time to shine.
From:
<my wife's account name> <my wife's email address>
To: <my email address>

im disappointed that I let my debt build up so much I consider myself lucky to have found this I knew I had to make a move fast!
http://melkam.pl/cur...TimothyJackson/

I started and never looked back
think about it!
talk to you later...


Unfortunately, I don't have any copies of the email that were sent from my email address.
  • 0

#27
Oyml

Oyml

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Another email was sent from my wife's account.

From <snip> Sun Jan 22 02:35:24 2012
X-Apparently-To: <snip> via 68.180.196.151; Sun, 22 Jan 2012 02:35:25 -0800
Return-Path: <<snip>>
X-YahooFilteredBulk: 98.139.44.138
Received-SPF: none (domain of bellsouth.net does not designate permitted sender hosts)
X-YMailISG: WapXv.EWLDsJGU7joIc2xQYRlxTc5VoOw1tNykwdCKnArwcf
VXkGu1NYVPFc3sI_Zp4EXnnVsdWaEmm3JvcV7GW._.y7PcLBB4VzNlo9I28J
QUp01aFzGVFcl610hI71zHt25zzJsxzRmJVlGZEdDOfymJgvXOcKmiIZvT0e
7MDo40UfRL6mEdz5Ppjs1pMnW94gOCule7qYhobO.mazsWWeYiyv_95ThUqp
M1v4vtQVfOGqUOQPsA_A3P41uijWLZnaIsmqoJyWsmK7BHbsAPKOwOXp2ARH
EC9inZK8BGh4ccd.2RX90vxM_YS5dM6YmB9FcQmrIg--
X-Originating-IP: [98.139.44.138]
Authentication-Results: mta1046.sbc.mail.mud.yahoo.com from=bellsouth.net; domainkeys=pass (ok); from=bellsouth.net; dkim=pass (ok)
Received: from 207.115.11.35 (EHLO fgateway05.isp.att.net) (207.115.11.35)
by mta1046.sbc.mail.mud.yahoo.com with SMTP; Sun, 22 Jan 2012 02:35:25 -0800
Authentication-Results: isp.att.net;
domainkey=pass (no signature error) header.From=<snip>
Received: from nm11.access.bullet.mail.sp2.yahoo.com ([98.139.44.138])
by isp.att.net (frfwmxc05) with SMTP
id <20120122103525M0500fbvb1e>; Sun, 22 Jan 2012 10:35:25 +0000
X-Originating-IP: [98.139.44.138]
Received: from [98.139.44.103] by nm11.access.bullet.mail.sp2.yahoo.com with NNFMP; 22 Jan 2012 10:35:25 -0000
Received: from [98.139.44.67] by tm8.access.bullet.mail.sp2.yahoo.com with NNFMP; 22 Jan 2012 10:35:25 -0000
Received: from [127.0.0.1] by omp1004.access.mail.sp2.yahoo.com with NNFMP; 22 Jan 2012 10:35:25 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: [email protected]
Received: (qmail 29192 invoked by uid 60001); 22 Jan 2012 10:35:24 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bellsouth.net; s=s1024; t=1327228524; bh=v7tZEmAuczabjwBtbu1Wp6kYGbt1EGVGq4n8z6BSA/E=; h=Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type; b=ff1MVC3EdDSQDdP+ah1S8we+jPOzPl3vitCAaLNMbdBqGus1fPJKOzs4Ay0zUKeYXbvTlHrHaYzvxK6GWFPjmwtEqPiGaYm5hvw1mjMQKSuHTCUA+6YbD75c86ZwVlq4iK9/goXP5bsllt+HAEm6zEDcomYIjmxfJqp0oY5lJjw=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=bellsouth.net;
h=Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type;
b=YubSFDYBr2xS1/8hgKtwA0mUv8Y0R5tgTyG+418W2YCF1Mn8/M7nxNjNto3YGLLZO4xgNv80cxvbqKnlUXgmOHOPn1d1qUFppkBjZazSGhw0aLxmaiXKVq7F0l0Q8qSeEh9bV4HB3yf15dDTfCAZaT3KtVc8XVsA5VnfqyDIYs4=;
Received: from [77.232.142.154] by web180403.mail.gq1.yahoo.com via HTTP; Sun, 22 Jan 2012 02:35:24 PST
X-Mailer: YahooMailWebService/0.8.115.331698
Message-ID: <[email protected]>
Date: Sun, 22 Jan 2012 02:35:24 -0800 (PST)
From: <snip> <<snip>>
Subject: FWD: This Kit changed all my life
To: <snip>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-1952832855-1316102223-1327228524=:25067"
Content-Length: 968

FWD: This Kit changed all my life

I could barely afford groceries anymore this was my ticket to the fast life despite the circumstances I stayed positive
http://www.seekairun...l/58MarkMorgan/

this proves that miracles do exist
you should try it too!

ttyl.


  • 0

#28
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
It looks like someone's just spoofing your e-mail address. Change password on that account and also security question(s) jut to be sure.
  • 0

#29
Oyml

Oyml

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
All the headers indicate that it is being sent from AT&T, our ISP. I suppose it is possible that someone is sending it from AT&T as well, but since all the addresses to which they are being sent are addresses in her contact list, I'm thinking it is coming from the PC. I will have her change the password, though. Also, the 2 that came from my email address were addressed to people in my email contact list rather than people I didn't know.
  • 0

#30
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Yes. It is possible that your e-mail account(s) has been compromised. Please change password(s) and security question(s) on these accounts.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP