Spam originating from my email [Solved]
#16
Posted 11 January 2012 - 06:09 PM
#17
Posted 14 January 2012 - 07:34 AM
#18
Posted 14 January 2012 - 07:40 PM
Would there possibly be something hiding under my wife's login that a scan with me logged in wouldn't find? I don't think so, but it is worth asking.
#19
Posted 16 January 2012 - 09:16 AM
OTL Custom Scan
- Double click on the icon to run it.
- Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top, make sure Stadard output is selected.
- Select Scan all users
- Check the boxes beside LOP Check and Purity Check.
- Under the Custom Scans/Fixes box copy and paste this in:
netsvcs %SYSTEMDRIVE%\*.exe /md5start explorer.exe winlogon.exe Userinit.exe svchost.exe /md5stop %systemroot%\*. /mp /s CREATERESTOREPOINT
- Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open OTL.Txt in Notepad window.
- Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.
#20
Posted 16 January 2012 - 08:37 PM
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jon-Alan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.75 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 27.89% Memory free
11.50 Gb Paging File | 6.15 Gb Available in Paging File | 53.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.33 Gb Total Space | 169.05 Gb Free Space | 18.43% Space Free | Partition Type: NTFS
Drive X: | 914.43 Gb Total Space | 76.27 Gb Free Space | 8.34% Space Free | Partition Type: NTFS
Drive Y: | 465.65 Gb Total Space | 93.63 Gb Free Space | 20.11% Space Free | Partition Type: FAT32
Drive Z: | 1831.80 Gb Total Space | 534.21 Gb Free Space | 29.16% Space Free | Partition Type: NTFS
Computer Name: OYML | User Name: Jon-Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011/12/21 02:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/12/21 02:24:51 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Users\Danielle\AppData\Local\Mozilla\Firefox\Mozilla Firefox\updates\0\updater.exe
PRC - [2011/12/13 19:26:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jon-Alan\Desktop\OTL.exe
PRC - [2011/10/21 09:51:20 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/09/05 12:04:56 | 001,489,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2011/08/24 15:32:42 | 000,074,240 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2011/07/29 14:31:40 | 001,249,064 | ---- | M] () -- C:\ProgramData\TVersity\Media Server\MediaServer.exe
PRC - [2011/07/09 09:49:31 | 000,034,728 | ---- | M] (Arainia Solutions) -- C:\Program Files (x86)\Gizmo\gservice.exe
PRC - [2011/07/09 09:49:30 | 000,223,640 | ---- | M] (Arainia Solutions) -- C:\Program Files (x86)\Gizmo\gizmo.exe
PRC - [2011/06/29 08:29:44 | 000,217,256 | ---- | M] (Panda Security) -- C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
PRC - [2011/06/28 09:03:22 | 001,843,000 | ---- | M] (Orbitdownloader.com) -- C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
PRC - [2011/06/27 09:05:26 | 000,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Program Files (x86)\Orbitdownloader\orbitnet.exe
PRC - [2011/06/25 11:30:46 | 000,884,696 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/02 09:54:16 | 000,802,758 | ---- | M] () -- C:\Program Files (x86)\AX\AX.exe
PRC - [2011/04/28 13:01:20 | 000,439,616 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2011/04/28 12:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011/04/19 01:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2011/02/25 20:21:50 | 000,665,104 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\Browser Guard\tmiegsrv.exe
PRC - [2011/02/25 20:20:58 | 000,787,984 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\Browser Guard\BGUI.exe
PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011/01/06 17:46:06 | 000,440,103 | ---- | M] () -- C:\Program Files (x86)\QuickMonth Calendar\qmc.exe
PRC - [2010/12/17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
PRC - [2010/12/17 09:33:06 | 001,103,184 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
PRC - [2010/12/15 01:54:24 | 000,445,048 | ---- | M] (F5 Networks) -- C:\Windows\Downloaded Program Files\TunnelServer.exe
PRC - [2010/11/10 18:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe
PRC - [2010/10/12 12:57:40 | 000,354,232 | ---- | M] (GP Software) -- C:\Program Files\GPSoftware\Directory Opus\dopusx64.exe
PRC - [2010/07/28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/07/28 16:33:58 | 006,995,864 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010/07/28 16:33:58 | 001,485,208 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2010/07/04 14:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
PRC - [2010/03/24 15:26:02 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
PRC - [2009/12/23 15:59:42 | 000,232,064 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
PRC - [2009/12/23 15:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\AsHookDevice.exe
PRC - [2009/06/04 17:10:56 | 005,777,408 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2009/03/12 20:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/19 12:17:24 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2008/06/01 16:05:02 | 001,529,856 | ---- | M] (Rokario Software) -- C:\Program Files (x86)\Rokario\Bandwidth Monitor\bandmon.exe
PRC - [2007/01/01 16:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe
PRC - [2005/10/12 11:22:40 | 000,184,320 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Music Anywhere\LMASysTray.exe
PRC - [2002/04/17 09:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
========== Modules (No Company Name) ==========
MOD - [2011/12/21 02:24:51 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/04 09:54:51 | 000,930,304 | ---- | M] () -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2011/09/28 14:34:43 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/05 12:04:56 | 000,249,232 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2011/07/09 09:49:31 | 000,404,384 | ---- | M] () -- C:\Program Files (x86)\Gizmo\gdatabase.dll
MOD - [2011/07/09 09:49:31 | 000,394,656 | ---- | M] () -- C:\Program Files (x86)\Gizmo\gdrive.dll
MOD - [2011/07/09 09:49:31 | 000,372,632 | ---- | M] () -- C:\Program Files (x86)\Gizmo\ghash.dll
MOD - [2011/07/09 09:49:31 | 000,339,864 | ---- | M] () -- C:\Program Files (x86)\Gizmo\gscript.dll
MOD - [2011/07/09 09:49:31 | 000,339,864 | ---- | M] () -- C:\Program Files (x86)\Gizmo\geditor.dll
MOD - [2011/07/09 09:49:30 | 000,315,800 | ---- | M] () -- C:\Program Files (x86)\Gizmo\gmanager.dll
MOD - [2011/07/09 09:49:30 | 000,166,816 | ---- | M] () -- C:\Program Files (x86)\Gizmo\gimage.dll
MOD - [2011/06/28 09:01:38 | 000,397,312 | ---- | M] () -- C:\Program Files (x86)\Orbitdownloader\wtlctrl.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/02 09:54:16 | 000,802,758 | ---- | M] () -- C:\Program Files (x86)\AX\AX.exe
MOD - [2011/04/01 12:55:36 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/01/06 17:46:06 | 000,440,103 | ---- | M] () -- C:\Program Files (x86)\QuickMonth Calendar\qmc.exe
MOD - [2010/11/10 18:39:08 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\controly.dll
MOD - [2010/11/10 18:39:00 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\calcy.dll
MOD - [2010/11/10 18:38:52 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\gcalc.dll
MOD - [2010/11/10 18:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe
MOD - [2010/11/10 18:38:40 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\runner.dll
MOD - [2010/11/10 18:38:24 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\weby.dll
MOD - [2010/11/10 18:38:08 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\verby.dll
MOD - [2010/07/28 16:34:04 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2010/07/28 16:02:58 | 000,658,432 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010/07/04 16:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 14:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
MOD - [2010/06/23 17:12:28 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/06/23 17:11:52 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/06/23 17:11:48 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/06/23 17:11:48 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/06/23 16:38:18 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2009/12/16 23:18:48 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Launchy\imageformats\qmng4.dll
MOD - [2009/12/16 21:13:02 | 008,314,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtGui4.dll
MOD - [2009/12/16 20:56:22 | 000,712,704 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtNetwork4.dll
MOD - [2009/12/16 20:54:46 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtCore4.dll
MOD - [2009/09/29 22:33:07 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009/06/04 17:10:56 | 005,777,408 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
MOD - [2009/03/12 20:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
MOD - [2009/01/15 16:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
MOD - [2002/04/17 09:49:22 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2002/04/17 09:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/12/19 13:58:59 | 002,779,416 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2011/11/23 08:17:26 | 000,094,992 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/04/20 01:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/17 17:25:42 | 000,181,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV:64bit: - [2010/02/09 14:55:52 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/02/11 11:33:30 | 000,560,344 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\Topos\cFosSpeed\spd.exe -- (cFosSpeedS)
SRV - [2011/12/23 23:32:17 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/24 15:32:42 | 000,074,240 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (FreemakeUtilsService)
SRV - [2011/07/29 14:31:40 | 001,249,064 | ---- | M] () [Auto | Running] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2011/07/09 09:49:31 | 000,034,728 | ---- | M] (Arainia Solutions) [Auto | Running] -- C:\Program Files (x86)\Gizmo\gservice.exe -- (Gizmo Central)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/28 12:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2011/04/19 01:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/04/19 01:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/12/17 09:33:10 | 000,439,632 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe -- (RUBotSrv)
SRV - [2010/07/28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 15:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/12/16 15:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/10 15:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/11/23 08:17:24 | 000,158,336 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2011/08/01 06:23:26 | 000,160,520 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINAflt.sys -- (PSINAflt)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/09 09:49:32 | 000,034,704 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gizmodrv.sys -- (GizmoDrv)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/28 12:57:43 | 000,128,072 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProt.sys -- (PSINProt)
DRV:64bit: - [2011/04/28 12:57:43 | 000,121,928 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProc.sys -- (PSINProc)
DRV:64bit: - [2011/04/28 12:57:42 | 000,149,576 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PSINKNC.sys -- (PSINKNC)
DRV:64bit: - [2011/04/28 12:57:42 | 000,114,760 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINFile.sys -- (PSINFile)
DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 00:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/15 06:02:14 | 000,041,424 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\covpnv64.sys -- (urvpndrv)
DRV:64bit: - [2010/12/15 06:02:08 | 000,018,512 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urfltv64.sys -- (f5ipfw)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/06 21:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/10/28 09:11:12 | 000,170,080 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV:64bit: - [2010/09/23 02:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/07/28 23:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/03/02 06:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010/01/27 20:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/11/10 03:11:32 | 000,234,040 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/10/20 13:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/07/15 22:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/22 15:50:00 | 000,291,352 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/04 20:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/02/11 11:33:32 | 001,090,264 | ---- | M] (cFos Software GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfosspeed.sys -- (cFosSpeed)
DRV:64bit: - [2007/10/24 02:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2011/08/26 14:11:26 | 000,035,256 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys -- (IObitUnlocker)
DRV - [2011/03/22 16:04:28 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\AFS.SYS -- (AFS)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...ys=DTP&M=GT4016
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/
IE - HKU\S-1-5-21-1598078781-1720070030-2464047777-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.73.0
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfn…”"
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\Firefox [2011/06/28 14:21:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/06/30 02:01:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011/08/28 15:22:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/23 23:43:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011/03/22 14:18:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Extensions
[2012/01/10 07:20:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions
[2012/01/03 20:42:34 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011/12/02 07:04:39 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/11/12 09:51:31 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/08/16 18:13:59 | 000,000,000 | ---D | M] (BYTubeD - Bulk YouTube video Downloader) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions\[email protected]
[2011/11/06 08:21:01 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\extensions\[email protected]
[2011/06/23 12:00:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\ynz33ibf.default\extensions
[2011/03/22 14:23:09 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\ynz33ibf.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011/05/03 14:12:34 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\ynz33ibf.default\extensions\[email protected]
[2011/05/01 11:05:47 | 000,004,855 | ---- | M] () -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\searchplugins\google-images.xml
[2011/05/03 14:18:13 | 000,000,705 | ---- | M] () -- C:\Users\Jon-Alan\AppData\Roaming\Mozilla\Firefox\Profiles\f6rn11j2.default\searchplugins\webster.xml
[2011/12/23 23:43:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\JON-ALAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F6RN11J2.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\JON-ALAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F6RN11J2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JON-ALAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F6RN11J2.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\JON-ALAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F6RN11J2.DEFAULT\EXTENSIONS\[email protected]
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Freemake np-plugin for google chrome (Enabled) = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
CHR - plugin: Orbit Downloader (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\nporbit.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Jon-Alan\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.7_1\
CHR - Extension: Chrome YouTube Downloader = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.6.1_1\
CHR - Extension: Adblock Plus for Google Chrome\u2122 (Beta) = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\
CHR - Extension: LastPass = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.80.2_0\
CHR - Extension: Freemake Video Converter = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: Poppit = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: FastestTube = C:\Users\Jon-Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\phahnhbgfdhgobenebnjbgmacgpbfaag\2.0.0_0\
O1 HOSTS File: ([2012/01/11 18:16:21 | 000,438,931 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15094 more lines...
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (TMIEGBHO Class) - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files (x86)\Trend Micro\Browser Guard\X64\TMAMS64.dll (Trend Micro Inc.)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (TMIEGBHO Class) - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files (x86)\Trend Micro\Browser Guard\TMAMS.dll (Trend Micro Inc.)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3:64bit: - HKLM\..\Toolbar: (TMBGBAR TOOLBAR) - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files (x86)\Trend Micro\Browser Guard\X64\tmieg64.dll (Trend Micro Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (TMBGBAR TOOLBAR) - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files (x86)\Trend Micro\Browser Guard\tmieg.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
O4 - HKLM..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Trend Micro Browser Guard] C:\Program Files (x86)\Trend Micro\Browser Guard\BGUI.EXE (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\.DEFAULT..\Run: [EPSON WorkForce 30 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEEA.EXE /FU "C:\Windows\TEMP\E_S6AC3.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-18..\Run: [EPSON WorkForce 30 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEEA.EXE /FU "C:\Windows\TEMP\E_S6AC3.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [2ECC558A244583AC107648E9397A0C9B4872CB02._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [bandmon] C:\Program Files (x86)\Rokario\Bandwidth Monitor\bandmon.exe (Rokario Software)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [Directory Opus Desktop Dblclk] C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe (GP Software)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [EPSON WorkForce 30 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEEA.EXE /FU "C:\Users\Jon-Alan\AppData\Local\Temp\E_S402E.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [GizmoDriveDelegate] C:\Program Files (x86)\Gizmo\gizmo.exe (Arainia Solutions)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [MusicManager] C:\Users\Jon-Alan\AppData\Local\Programs\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\Run: [WinBar (x64)] C:\Program Files\WinBar\WinBar.exe (The WinBar Team)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1004..\Run: [GizmoDriveDelegate] C:\Program Files (x86)\Gizmo\gizmo.exe (Arainia Solutions)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_Plugin.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1004..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Users\Danielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AX.lnk = C:\Program Files (x86)\AX\AX.exe ()
O4 - Startup: C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\peerblock.exe (PeerBlock, LLC)
O4 - Startup: C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_78947701.lnk = C:\Users\Jon-Alan\AppData\Local\Temp\_uninst_78947701.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\..Trusted Domains: irmc.cc ([remote] https in Trusted sites)
O15 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1598078781-1720070030-2464047777-1001\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} Reg Error: Value error. (F5 Networks VPN Manager)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://remote.irmc.cc/f5-w-687474703a2f2f332e312e31362e313033$$/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} Reg Error: Value error. (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://remote.irmc....llerControl.cab (F5 Networks Auto Update)
O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} Reg Error: Value error. (F5 Virtual Sandbox Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} Reg Error: Value error. (F5 Networks SuperHost Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} Reg Error: Value error. (F5 Networks Host Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58BECAF4-A8B8-49F8-9CFA-7F138B0EF3E5}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
O28 - HKLM ShellExecuteHooks: {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll (GP Software)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/01/16 20:55:20 | 000,000,000 | ---D | C] -- C:\MMBackup
[2012/01/16 10:44:56 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{12E9198B-2812-4211-8378-1EB01836E0D0}
[2012/01/15 22:44:27 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{02DDA504-AE30-4C8B-8B79-CC093608A4E7}
[2012/01/15 10:43:57 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{47FA8F08-31E2-4189-B4D9-6A51B37C27BB}
[2012/01/14 22:43:31 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{8C73D489-4A02-47B9-8153-4E345A92192D}
[2012/01/14 10:43:03 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{FA877C52-D2A5-4288-B6FE-16AC7D819628}
[2012/01/13 22:42:36 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{534E3685-A27E-48CF-ABF2-C6F43F55E403}
[2012/01/13 10:42:07 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{CC0CCEB9-140C-45A5-B737-068536C31FEE}
[2012/01/12 22:41:38 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{30C4D94B-18BE-46D0-8184-495712DF066C}
[2012/01/12 10:41:09 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{E7E6F832-32A8-4EDD-9AE0-384FA47DDCEA}
[2012/01/11 22:40:40 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{05635C67-72A4-45AF-8166-985D2361447A}
[2012/01/11 20:56:14 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/01/11 20:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/01/11 20:56:12 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Roaming\Notepad++
[2012/01/11 20:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2012/01/11 20:43:10 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\Documents\Perl
[2012/01/11 19:57:09 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\Documents\Modern Perl
[2012/01/11 19:52:48 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\Documents\Beginning Perl
[2012/01/11 19:43:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\GnuCash
[2012/01/11 19:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActivePerl 5.14.2 Build 1402 (64-bit)
[2012/01/11 19:29:06 | 000,000,000 | ---D | C] -- C:\Perl64
[2012/01/11 19:13:25 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\.gconfd
[2012/01/11 19:13:25 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\.gconf
[2012/01/11 19:13:23 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\.gnome2_private
[2012/01/11 19:13:23 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\.gnome2
[2012/01/11 19:13:22 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\.gnucash
[2012/01/11 19:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GnuCash
[2012/01/11 19:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gnucash
[2012/01/11 10:40:09 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{1DE0B3C5-D360-4F0C-AB0D-8B402694312F}
[2012/01/11 10:39:58 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{EE97C06B-F864-47DB-B062-C07A8CB40DC6}
[2012/01/11 07:13:30 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/11 07:13:30 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/11 07:13:30 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/11 07:13:30 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/11 07:13:30 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/11 07:13:30 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/11 01:08:45 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/11 01:08:44 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/11 01:08:44 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/11 01:08:44 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/11 01:06:22 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/11 01:05:44 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/11 01:05:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/10 22:39:28 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{3F8D12F3-E3BC-4129-8AE5-15B8EB3CC9F1}
[2012/01/10 10:38:58 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{347E0ABD-1AD6-4878-B77C-1EF947DD5659}
[2012/01/09 22:38:28 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{23586B5E-94EC-46CD-9780-432D73012D50}
[2012/01/09 10:37:58 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{9EC9C4C8-9F60-4FF8-9D66-EF96E5DDD063}
[2012/01/08 22:36:51 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{FF5DB99D-89BB-4B2B-96FD-E3240F310838}
[2012/01/08 10:35:42 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{27DB3E28-1BFE-4714-B057-51B381A3DC74}
[2012/01/08 10:35:19 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{EEEF36B8-591B-4B35-A6A4-38D127CC0B0A}
[2012/01/07 23:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/01/07 23:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/01/07 21:39:27 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{41F59D08-AAC6-4A11-9A28-AF8D79094BD9}
[2012/01/07 09:38:59 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{3CABCF77-836C-4781-89C2-FAC2BA1F0DFC}
[2012/01/06 21:38:26 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{0A70BAD7-AF56-42CD-AC41-64DB9B2DEFC8}
[2012/01/06 21:38:10 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{E94F682F-B203-4450-9DC2-952BB3F80958}
[2012/01/06 19:18:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/06 09:37:39 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{1EAC0E8A-3D98-441D-9B20-959D92DC0903}
[2012/01/05 21:37:09 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{96076DF4-CA0A-4620-A032-B2AB3E6462F0}
[2012/01/05 21:36:57 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{280BF42F-E079-4732-87CE-50A4AB80F753}
[2012/01/05 19:40:45 | 004,704,768 | ---- | C] (AVAST Software) -- C:\Users\Jon-Alan\Desktop\aswMBR.exe
[2012/01/05 09:36:25 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{DFE6747E-3E5F-434F-B1A0-F3FF27B56B70}
[2012/01/04 21:35:54 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{42DC6755-1821-44B1-99AE-505A2F036941}
[2012/01/04 20:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/01/04 09:35:25 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{7C248CA4-8F74-43E6-9276-6E6177A39170}
[2012/01/03 21:34:54 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{53FD36F5-A27A-46C3-9DF7-E4DFFADC6188}
[2012/01/03 09:34:25 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{6975630B-2AEA-4B89-8BAE-2E0FF4A4722D}
[2012/01/03 09:34:13 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{2CBFB4A9-2A0C-4777-AB5E-0AE050F0B00A}
[2012/01/02 21:33:45 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{F232EE87-9045-4572-A1F8-03F51652AB78}
[2012/01/02 09:33:18 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{D6FD3896-89CB-4640-93D3-5E0CCBF3BAB9}
[2012/01/01 21:32:51 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{27672EEA-2907-4B8D-9A85-64137D8208D7}
[2012/01/01 09:32:23 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{389E88EB-B3B6-4864-B91E-17FBDC4A20BE}
[2011/12/31 21:31:56 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{05F6A017-9328-43F2-871B-A87097DB72B1}
[2011/12/31 09:31:29 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{1ED64A3B-FC3B-40E4-A6BE-F37F7BE827B7}
[2011/12/30 21:31:01 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{4F159F96-0C88-4848-A627-98AE77C97559}
[2011/12/30 09:30:30 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{393B909C-6F83-436E-8694-2A442CCEBDFE}
[2011/12/29 21:30:01 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{FABA5AF3-AC93-4A50-9937-BDF0BAFB66A9}
[2011/12/29 09:29:23 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{0E78773F-24F5-498C-9846-EB4E75D79464}
[2011/12/29 09:29:11 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{3294D7D6-6833-4AC9-8242-BBC1373FF4D1}
[2011/12/28 21:28:39 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{A2D32E0A-DDE1-4FEC-8299-00CAA5494E37}
[2011/12/28 21:28:26 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{2A25A222-4EE5-4A33-AEDD-A178D9E53BE1}
[2011/12/28 07:43:06 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{6D6E1CFA-424F-46C3-8223-29F735D651EA}
[2011/12/27 21:10:19 | 000,000,000 | ---D | C] -- C:\Windows\MSAgent64
[2011/12/27 21:08:05 | 000,000,000 | ---D | C] -- C:\What the...
[2011/12/27 20:52:38 | 000,000,000 | ---D | C] -- C:\Windows\msagent
[2011/12/27 20:51:59 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Karen's Power Tools
[2011/12/27 20:51:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerToy
[2011/12/27 20:51:47 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2011/12/27 20:51:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2011/12/27 20:45:05 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\Karen's Power Tools
[2011/12/27 20:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Karen's Power Tools
[2011/12/27 20:45:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Karen's Power Tools
[2011/12/27 20:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Karen's Power Tools
[2011/12/27 19:42:37 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{10E95953-DA6D-4E7B-9849-B3D9431A1A92}
[2011/12/27 07:42:07 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{49DE9BC4-93DF-463A-A37A-85A1D5D3F021}
[2011/12/26 21:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmoK Exif Sorter
[2011/12/26 21:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\AmoK Exif Sorter
[2011/12/26 19:41:37 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{8BA1528D-8696-4E7C-810D-BB514D6B9FD8}
[2011/12/25 19:41:36 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{B09B0DD5-86C7-4112-9848-3022F493AE1C}
[2011/12/25 07:42:43 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{5A7B935B-AEAA-41F6-BC6C-1776E857EEA5}
[2011/12/24 19:42:12 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{71F44D2E-944A-4DF3-AB01-C709556EEC44}
[2011/12/24 07:41:38 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{2BE6A451-D387-4C7E-9F80-2F5DEF4E6BB7}
[2011/12/24 07:41:26 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{B9F46636-AAEC-4855-86BD-E05C0ECEA7BB}
[2011/12/23 23:31:53 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/12/23 23:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/12/23 23:27:48 | 000,750,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2011/12/23 23:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2011/12/23 19:40:54 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{19B0E09A-C3D2-48B0-9092-262D40231696}
[2011/12/23 07:40:24 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{93A63ED7-276D-43CE-B739-9D1E6912AA32}
[2011/12/23 07:40:13 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{FD150950-3FD0-45DD-B76E-15BDC014F361}
[2011/12/23 07:28:15 | 000,417,440 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2011/12/22 19:39:44 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{2CCF7AC3-4AA9-48DD-BA4D-12CE78C83D84}
[2011/12/22 07:39:14 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{AEFC7816-A352-431A-8D68-9D9C573BC988}
[2011/12/21 19:38:43 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{BD3A36AC-51EC-4C4C-923B-78523A431764}
[2011/12/21 07:38:12 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{907DAAC4-CB70-4690-B164-AC4584985E1D}
[2011/12/20 19:37:40 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{2740F04C-1C29-45C7-B2E8-50BA867EB87C}
[2011/12/20 19:02:26 | 004,448,256 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2011/12/20 07:37:06 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{F27D4B6E-7CC1-4130-A25D-7A313DF567C5}
[2011/12/19 23:02:24 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Roaming\EPSON
[2011/12/19 21:09:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/12/19 19:36:36 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{06CC94A2-3B82-4961-8FDB-80C39ADABFC5}
[2011/12/19 17:57:23 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/12/19 17:57:23 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/12/19 17:57:23 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/12/19 10:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/19 10:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/19 10:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/19 07:36:04 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{E46CF97A-91ED-450B-95EA-44FE7530690C}
[2011/12/18 07:39:09 | 000,000,000 | ---D | C] -- C:\Users\Jon-Alan\AppData\Local\{4C2046E1-995D-463E-96C0-20BA1AAF6033}
[2011/05/03 14:12:33 | 012,535,496 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
========== Files - Modified Within 30 Days ==========
[2012/01/16 21:00:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/01/16 20:56:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/16 20:53:35 | 000,000,218 | ---- | M] () -- C:\Users\Jon-Alan\.recently-used.xbel
[2012/01/16 20:03:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1598078781-1720070030-2464047777-1005UA.job
[2012/01/16 12:25:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/01/16 12:03:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1598078781-1720070030-2464047777-1005Core.job
[2012/01/16 10:56:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/15 15:06:35 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/15 15:06:35 | 000,660,608 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/15 15:06:35 | 000,121,722 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/15 14:01:30 | 000,001,893 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
[2012/01/15 14:01:21 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012/01/14 11:05:08 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/14 11:05:08 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/11 18:16:21 | 000,438,931 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/11 17:30:23 | 000,063,975 | ---- | M] () -- C:\Users\Jon-Alan\Documents\enredados-disney-tangled-rapunzel-raiponce-dibujos-para-pintar-colorear-coloring-pages.jpg
[2012/01/11 17:29:10 | 000,106,170 | ---- | M] () -- C:\Users\Jon-Alan\Desktop\rapunzel-coloring-pages-2.jpg
[2012/01/11 07:16:28 | 000,000,632 | RHS- | M] () -- C:\Users\Jon-Alan\ntuser.pol
[2012/01/11 07:15:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/11 07:15:40 | 334,893,055 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/09 20:24:49 | 000,171,003 | ---- | M] () -- C:\Users\Jon-Alan\Desktop\avptool_sysinfo.zip
[2012/01/09 20:14:19 | 000,000,176 | -HS- | M] () -- C:\Windows\7390763drv.spi
[2012/01/08 13:42:41 | 000,001,013 | ---- | M] () -- C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_78947701.lnk
[2012/01/08 00:07:21 | 000,773,860 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/07 11:27:45 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/05 22:30:50 | 000,000,352 | ---- | M] () -- C:\Users\Jon-Alan\AppData\Roaming\Network Meter_Settings.ini
[2012/01/05 22:30:36 | 000,000,412 | ---- | M] () -- C:\Users\Jon-Alan\AppData\Roaming\All CPU Meter_Settings.ini
[2012/01/05 21:43:34 | 000,000,590 | ---- | M] () -- C:\Users\Jon-Alan\Desktop\MBR.zip
[2012/01/05 21:38:10 | 000,000,512 | ---- | M] () -- C:\Users\Jon-Alan\Desktop\MBR.dat
[2012/01/05 19:52:52 | 004,704,768 | ---- | M] (AVAST Software) -- C:\Users\Jon-Alan\Desktop\aswMBR.exe
[2011/12/28 06:37:50 | 000,000,240 | ---- | M] () -- C:\ProgramData\naughtypirates.exe
[2011/12/27 20:51:47 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2011/12/27 20:51:47 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2011/12/27 20:47:05 | 000,005,478 | ---- | M] () -- C:\Users\Jon-Alan\Documents\Directory Printer.pdf
[2011/12/23 23:44:31 | 000,002,084 | ---- | M] () -- C:\Users\Jon-Alan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/23 23:44:02 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/23 23:32:16 | 000,417,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2011/12/23 23:32:16 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/23 23:27:42 | 000,263,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2011/12/23 23:27:42 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2011/12/23 23:27:42 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2011/12/23 23:27:41 | 000,750,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2011/12/23 23:27:41 | 000,660,368 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2011/12/23 22:54:32 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/12/20 22:16:28 | 000,004,608 | ---- | M] () -- C:\Users\Jon-Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/20 19:02:26 | 004,448,256 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2011/12/19 23:34:04 | 000,024,830 | ---- | M] () -- C:\Users\Jon-Alan\Documents\Address Book.ods
[2011/12/19 13:59:15 | 000,022,696 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2011/12/19 13:58:57 | 000,041,200 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2011/12/19 13:58:55 | 000,301,224 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2011/12/19 13:58:54 | 000,389,840 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
========== Files Created - No Company Name ==========
[2012/01/16 20:53:35 | 000,000,218 | ---- | C] () -- C:\Users\Jon-Alan\.recently-used.xbel
[2012/01/11 17:30:21 | 000,063,975 | ---- | C] () -- C:\Users\Jon-Alan\Documents\enredados-disney-tangled-rapunzel-raiponce-dibujos-para-pintar-colorear-coloring-pages.jpg
[2012/01/11 17:29:09 | 000,106,170 | ---- | C] () -- C:\Users\Jon-Alan\Desktop\rapunzel-coloring-pages-2.jpg
[2012/01/09 20:17:28 | 000,171,003 | ---- | C] () -- C:\Users\Jon-Alan\Desktop\avptool_sysinfo.zip
[2012/01/09 20:14:19 | 000,000,176 | -HS- | C] () -- C:\Windows\7390763drv.spi
[2012/01/08 13:42:41 | 000,001,013 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_78947701.lnk
[2012/01/07 11:27:45 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/05 22:30:50 | 000,000,352 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Roaming\Network Meter_Settings.ini
[2012/01/05 22:30:36 | 000,000,412 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Roaming\All CPU Meter_Settings.ini
[2012/01/05 21:43:34 | 000,000,590 | ---- | C] () -- C:\Users\Jon-Alan\Desktop\MBR.zip
[2012/01/05 21:38:10 | 000,000,512 | ---- | C] () -- C:\Users\Jon-Alan\Desktop\MBR.dat
[2011/12/28 06:37:50 | 000,000,240 | ---- | C] () -- C:\ProgramData\naughtypirates.exe
[2011/12/27 20:46:13 | 000,005,478 | ---- | C] () -- C:\Users\Jon-Alan\Documents\Directory Printer.pdf
[2011/12/23 23:44:02 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/23 07:28:16 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/11/24 21:31:54 | 000,885,749 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Local\census.cache
[2011/11/24 21:31:20 | 000,177,072 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Local\ars.cache
[2011/11/23 20:39:27 | 000,000,036 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Local\housecall.guid.cache
[2011/11/11 19:38:22 | 000,004,608 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/28 21:35:39 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2011/08/28 14:56:23 | 000,001,846 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/08/23 12:48:20 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/06/08 14:29:13 | 000,002,130 | ---- | C] () -- C:\Windows\CDPlayer.ini
[2011/06/05 22:05:52 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE
[2011/05/14 21:30:56 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011/04/08 23:57:15 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/04/04 23:29:35 | 000,007,605 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Local\Resmon.ResmonCfg
[2011/03/29 10:38:49 | 000,000,578 | ---- | C] () -- C:\Users\Jon-Alan\AppData\Roaming\AutoGK.ini
[2011/03/25 23:23:30 | 000,010,450 | ---- | C] () -- C:\Windows\Q-Dir.ini
[2011/03/25 23:06:42 | 000,002,869 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
[2011/03/25 23:06:34 | 000,002,900 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
[2011/03/25 23:06:27 | 000,003,002 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
[2011/03/25 23:06:20 | 000,002,862 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Length Split] Codec.dat
[2011/03/25 23:06:12 | 000,002,903 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
[2011/03/25 23:06:03 | 000,002,999 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
[2011/03/25 23:05:37 | 000,002,871 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
[2011/03/25 23:05:27 | 000,002,879 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
[2011/03/25 23:05:19 | 000,005,894 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp CD Writer.dat
[2011/03/25 23:05:01 | 000,001,850 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
[2011/03/25 23:05:00 | 000,001,230 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Wave64 Codec.dat
[2011/03/25 23:04:59 | 000,011,479 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
[2011/03/25 23:04:59 | 000,002,234 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
[2011/03/25 23:04:55 | 000,003,014 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp WavPack Codec.dat
[2011/03/25 23:04:55 | 000,001,212 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Dalet Codec.dat
[2011/03/25 23:04:48 | 000,003,071 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2011/03/25 23:04:42 | 000,003,159 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
[2011/03/25 23:04:36 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
[2011/03/25 23:04:30 | 000,002,993 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2011/03/25 23:04:24 | 000,002,849 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
[2011/03/25 23:03:57 | 000,012,502 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/03/25 23:03:55 | 006,908,648 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/03/25 23:03:55 | 000,017,686 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/03/25 00:07:45 | 000,773,860 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/24 23:23:01 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2011/03/22 16:07:03 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\VegaShEx.dll
[2011/03/22 16:06:59 | 000,308,224 | ---- | C] () -- C:\Windows\SysWow64\Lffpx7.dll
[2011/03/22 16:06:59 | 000,091,136 | ---- | C] () -- C:\Windows\SysWow64\Lfkodak.dll
[2011/03/22 15:48:18 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/03/22 15:48:18 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/03/22 15:48:18 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/03/22 15:48:18 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/03/22 15:48:18 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/03/22 15:48:18 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/03/22 15:48:18 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/03/22 15:48:18 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/03/22 15:48:18 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/03/22 15:48:18 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/03/22 15:48:18 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/03/22 15:48:18 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/03/22 15:48:18 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/03/22 15:48:18 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/03/22 15:48:18 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/03/22 15:48:18 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/03/22 15:47:32 | 000,000,044 | ---- | C] () -- C:\Windows\EPWF30.ini
[2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/02 11:56:57 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2010/11/02 11:56:28 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll
[2010/11/02 11:56:12 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/11/02 11:56:12 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/11/02 11:56:11 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/11/02 11:56:11 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/11/02 11:54:33 | 000,009,922 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/11/02 11:54:31 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2010/11/02 11:54:31 | 000,006,272 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/11/02 11:54:31 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/11/02 11:52:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/01/25 16:10:48 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/01/08 18:01:22 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2003/10/06 03:21:31 | 000,000,000 | -H-- | C] () -- C:\ProgramData\sdpsenv.dat
[2002/10/15 17:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2002/06/11 02:08:00 | 000,023,180 | ---- | C] () -- C:\Windows\SysWow64\evgainit.sys
========== LOP Check ==========
[2011/05/28 08:12:41 | 000,000,000 | ---D | M] -- C:\Users\Addison\AppData\Roaming\LastPass
[2011/05/02 11:37:42 | 000,000,000 | ---D | M] -- C:\Users\Addison\AppData\Roaming\Launchy
[2011/06/28 14:27:04 | 000,000,000 | ---D | M] -- C:\Users\Addison\AppData\Roaming\Orbit
[2011/06/28 10:52:40 | 000,000,000 | ---D | M] -- C:\Users\Addison\AppData\Roaming\ProgSense
[2011/07/12 08:28:34 | 000,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Gizmo
[2011/05/04 09:43:51 | 000,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\LastPass
[2011/04/12 21:57:05 | 000,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Launchy
[2011/06/09 07:12:48 | 000,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\OpenOffice.org
[2012/01/15 14:01:30 | 000,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Orbit
[2011/12/26 20:22:58 | 000,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\Outertech
[2011/09/01 10:43:07 | 000,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\PDF Writer
[2011/06/29 03:08:00 | 000,000,000 | ---D | M] -- C:\Users\Danielle\AppData\Roaming\ProgSense
[2011/11/23 07:08:20 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Amazon
[2011/04/22 01:15:56 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Ashampoo
[2011/09/20 17:57:42 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Audacity
[2011/03/24 23:15:45 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Auslogics
[2011/06/10 12:42:53 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\BITS
[2011/04/21 23:08:59 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Canneverbe Limited
[2011/09/02 09:22:10 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\cryptlib
[2011/06/16 23:18:14 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\CUE Tools
[2011/03/25 23:49:30 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\cYo
[2011/08/31 23:13:16 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\dBpoweramp
[2011/04/22 00:19:46 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\DeepBurner
[2011/08/29 00:14:21 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\DVDFab
[2011/06/08 10:49:00 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\EAC
[2011/12/19 23:02:24 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\EPSON
[2011/03/27 00:00:14 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\EurekaLog
[2011/03/24 23:22:51 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\FlashGet
[2011/03/24 23:22:48 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\FlashGetBHO
[2012/01/08 10:37:40 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\foobar2000
[2011/03/26 22:46:47 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\FreeFileSync
[2011/06/05 22:02:33 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\GetRightToGo
[2011/07/09 20:57:55 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Gizmo
[2011/03/28 23:31:36 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\GlarySoft
[2011/04/10 23:05:29 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Gmote
[2011/04/05 00:04:36 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\GPSoftware
[2011/06/09 19:30:34 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\GrabPro
[2011/07/07 15:24:39 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\gtk-2.0
[2011/04/02 19:48:05 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\HandBrake
[2011/12/14 18:04:44 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Launchy
[2011/03/22 15:54:00 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Leadertech
[2011/07/08 10:01:43 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\LockHunter
[2012/01/16 20:55:18 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\MediaMonkey
[2011/09/26 09:51:37 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Mp3tag
[2011/08/13 21:11:45 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\MusicBrainz
[2011/03/22 19:16:19 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\NetMeter
[2011/09/02 17:23:18 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\NexusFont
[2012/01/16 20:53:40 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Notepad++
[2011/04/01 13:16:46 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\OpenOffice.org
[2012/01/11 19:58:37 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Orbit
[2011/03/25 23:15:59 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Outertech
[2011/11/02 17:51:58 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Panda Security
[2011/08/18 13:38:24 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\PDF Writer
[2011/06/09 19:30:40 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\ProgSense
[2011/03/26 22:34:39 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Q-Dir
[2011/05/22 22:44:13 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\QMC
[2011/09/28 12:12:32 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\QuickZip
[2011/09/11 21:12:47 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Red Chair Software
[2011/07/22 06:31:13 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Rokario
[2011/07/07 15:24:22 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\uGet
[2012/01/16 20:56:14 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\uTorrent
[2011/06/29 12:01:16 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\webex
[2011/04/22 23:43:17 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\WinBar
[2011/07/07 08:45:36 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\WOW64Menu
[2011/09/11 15:39:24 | 000,000,000 | ---D | M] -- C:\Users\Jon-Alan\AppData\Roaming\Zoner
[2012/01/15 14:01:21 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012/01/06 19:22:51 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< %systemroot%\*. /mp /s >
< End of report >
#21
Posted 18 January 2012 - 12:05 PM
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.
- Please double click on on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
- Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):
:OTL [2011/12/28 06:37:50 | 000,000,240 | ---- | M] () -- C:\ProgramData\naughtypirates.exe :Files ipconfig /flushdns /c :Reg :Commands [purity] [resethosts] [emptytemp] [EMPTYJAVA] [emptyflash] [createrestorepoint] [reboot]
- Make sure all other windows are closed and to let it run uninterrupted.
- Click on button.
- OTL may ask to reboot the machine. Please do so if asked.
- Click on button.
- A report will open. Copy and Paste that report in your next reply.
- If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
#22
Posted 18 January 2012 - 05:17 PM
========== OTL ==========
C:\ProgramData\naughtypirates.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jon-Alan\Desktop\cmd.bat deleted successfully.
C:\Users\Jon-Alan\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Addison
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Danielle
->Temp folder emptied: 732681 bytes
->Temporary Internet Files folder emptied: 5835494 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 58684561 bytes
->Flash cache emptied: 802 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Jon-Alan
->Temp folder emptied: 523339347 bytes
->Temporary Internet Files folder emptied: 45717123 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 205216604 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3126 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2432 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50132 bytes
RecycleBin emptied: 1634692738 bytes
Total Files Cleaned = 2,360.00 mb
[EMPTYJAVA]
User: Addison
->Java cache emptied: 0 bytes
User: Admin
User: All Users
User: Danielle
->Java cache emptied: 0 bytes
User: Default
User: Default User
User: Jon-Alan
->Java cache emptied: 0 bytes
User: Public
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: Addison
->Flash cache emptied: 0 bytes
User: Admin
User: All Users
User: Danielle
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Jon-Alan
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.31.0 log created on 01182012_173939
Files\Folders moved on Reboot...
C:\Users\Danielle\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Danielle\AppData\Local\Mozilla\Firefox\Profiles\nwkx5knf.default\startupCache\startupCache.4.little moved successfully.
C:\Users\Danielle\AppData\Local\Mozilla\Firefox\Profiles\nwkx5knf.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Danielle\AppData\Local\Mozilla\Firefox\Profiles\nwkx5knf.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Danielle\AppData\Local\Mozilla\Firefox\Profiles\nwkx5knf.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Danielle\AppData\Local\Mozilla\Firefox\Profiles\nwkx5knf.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Danielle\AppData\Local\Mozilla\Firefox\Profiles\nwkx5knf.default\urlclassifier3.sqlite moved successfully.
C:\Users\Jon-Alan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
#23
Posted 18 January 2012 - 05:18 PM
#24
Posted 19 January 2012 - 07:35 PM
#25
Posted 19 January 2012 - 08:41 PM
#26
Posted 20 January 2012 - 05:21 AM
From <my wife's account name> Fri Jan 13 10:47:14 2012
X-Apparently-To: <My email address> via 68.180.196.144; Fri, 13 Jan 2012 10:47:16 -0800
Return-Path: <my wife's email address>
Received-SPF: none (domain of bellsouth.net does not designate permitted sender hosts)
ZCB1cCBzbyBtdWNoIEkgY29uc2lkZXIgbXlzZWxmIGx1Y2t5IHRvIGhhdmUg
Zm91bmQgdGhpcyBJIGtuZXcgSSBoYWQgdG8gbWFrZSBhIG1vdmUgZmFzdCEK
aHR0cDovL21lbGthbS5wbC9jdXJyZW50ZXZlbnRzLzkyVGltb3RoeUphY2tz
b24vIEkgc3RhcnRlZCBhbmQgbmV2ZXIgbG9va2VkIGJhY2sKdGhpbmsgYWJv
dXQgaXQhCnRhbGsgdG8geW91IGxhdGVyLi4uATABAQEB
X-YMailISG: QzA8ioEWLDszQyMYPzk03WhwgOUpoz2uppblymO7AIIewRCc
tKq_RZ858SDOjwL_JG4YHwW0kLPB24Hhn_0b2a5iKwzd0d8JH3zYV3qiaGMw
qZNn8CcYfxjVytE2.rs1FpuYpQ.zxdpprbFacX5lg3fhWQze0jsNu5TH9tXz
9Cg2U9csF_uQLYSm1dMfeA97JGgCHoDl_kaRYiHlKQlVIhkr84qbbNbOQ5BR
FCSdHgfJZP6tf7kmgFmYqdTyL0zTqVTobgyWfFdW8v01S_zY1R6P4LVoRYut
3eyoq49Gqu4ZiO0P0SjY0leQuXEao8WKu5kuXiNkPF9i_zJQWeb9nqnb0MsF
X.SD9RQt8.aiTFzCyDRyJ0pTADXdQQnL8cCnVCTVhjhxltxf3iZMOgmEQvuK
_Q1D2yZhPC8-
X-Originating-IP: [98.139.44.183]
Authentication-Results: mta1010.sbc.mail.sp1.yahoo.com from=bellsouth.net; domainkeys=pass (ok); from=bellsouth.net; dkim=pass (ok)
Received: from 98.139.44.191 (EHLO fgateway03.isp.att.net) (204.127.217.73)
by mta1010.sbc.mail.sp1.yahoo.com with SMTP; Fri, 13 Jan 2012 10:47:16 -0800
Authentication-Results: isp.att.net;
domainkey=pass (no signature error) header.From=<my wife's email address>
Received: from nm24-vm1.access.bullet.mail.sp2.yahoo.com ([98.139.44.183])
by isp.att.net (frfwmxc03) with SMTP
id <20120113184714M0300cue6te>; Fri, 13 Jan 2012 18:47:14 +0000
X-Originating-IP: [98.139.44.183]
Received: from [98.139.44.103] by nm24.access.bullet.mail.sp2.yahoo.com with NNFMP; 13 Jan 2012 18:47:14 -0000
Received: from [98.139.44.85] by tm8.access.bullet.mail.sp2.yahoo.com with NNFMP; 13 Jan 2012 18:47:14 -0000
Received: from [127.0.0.1] by omp1022.access.mail.sp2.yahoo.com with NNFMP; 13 Jan 2012 18:47:14 -0000
X-Yahoo-Newman-Property: ymail-5
X-Yahoo-Newman-Id: [email protected]
Received: (qmail 85828 invoked by uid 60001); 13 Jan 2012 18:47:14 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bellsouth.net; s=s1024; t=1326480434; bh=Jfg7nbH2XlRkheiEOuR7XivPPAocOBTM8zLO8VX97Hs=; h=Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type; b=k4ryh6LdUQ2g+UInRi/QfVprF0muekh882sv4sEyvRc2JFfsn9W5cN77/heat9xK7rTYxIHZNBiz1tEJCxHxX3goC3ehqreTQfhY/ekwJwtJ7kd3oab3XcZ1NBsdQQC/+y7pefpG8DIckf+FRbewoiw5vqIJeZ3gNOfo5+e2Sco=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=bellsouth.net;
h=Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type;
b=TNesXYE1T1Dzkn9GKhBd7Dco4RmhnC5U3qu+HGByzyUXBPRK+xGaz+NadlRRxDOOKvEpIlIIdKEr8NkJ9yvV3W71NDlfwlvqwPuZ9tP4s+3WhMZupidcLuyxDtT50bCk99knxMACZYlYPr25MssXuPMMFvgACZzgcAvdTz71UGY=;
Received: from [201.243.75.191] by web180413.mail.gq1.yahoo.com via HTTP; Fri, 13 Jan 2012 10:47:14 PST
X-Mailer: YahooMailWebService/0.8.115.331698
Message-ID: <[email protected]>
Date: Fri, 13 Jan 2012 10:47:14 -0800 (PST)
From: <my wife's account name> <my wife's email address>
Subject: this has been your time to shine.
To: <list of my wife's contacts from yahoo mail>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-1952832855-1709166327-1326480434=:85239"
Content-Length: 984
this has been your time to shine.
From:
<my wife's account name> <my wife's email address>
To: <my email address>
im disappointed that I let my debt build up so much I consider myself lucky to have found this I knew I had to make a move fast!
http://melkam.pl/cur...TimothyJackson/
I started and never looked back
think about it!
talk to you later...
Unfortunately, I don't have any copies of the email that were sent from my email address.
#27
Posted 22 January 2012 - 07:49 AM
From <snip> Sun Jan 22 02:35:24 2012
X-Apparently-To: <snip> via 68.180.196.151; Sun, 22 Jan 2012 02:35:25 -0800
Return-Path: <<snip>>
X-YahooFilteredBulk: 98.139.44.138
Received-SPF: none (domain of bellsouth.net does not designate permitted sender hosts)
X-YMailISG: WapXv.EWLDsJGU7joIc2xQYRlxTc5VoOw1tNykwdCKnArwcf
VXkGu1NYVPFc3sI_Zp4EXnnVsdWaEmm3JvcV7GW._.y7PcLBB4VzNlo9I28J
QUp01aFzGVFcl610hI71zHt25zzJsxzRmJVlGZEdDOfymJgvXOcKmiIZvT0e
7MDo40UfRL6mEdz5Ppjs1pMnW94gOCule7qYhobO.mazsWWeYiyv_95ThUqp
M1v4vtQVfOGqUOQPsA_A3P41uijWLZnaIsmqoJyWsmK7BHbsAPKOwOXp2ARH
EC9inZK8BGh4ccd.2RX90vxM_YS5dM6YmB9FcQmrIg--
X-Originating-IP: [98.139.44.138]
Authentication-Results: mta1046.sbc.mail.mud.yahoo.com from=bellsouth.net; domainkeys=pass (ok); from=bellsouth.net; dkim=pass (ok)
Received: from 207.115.11.35 (EHLO fgateway05.isp.att.net) (207.115.11.35)
by mta1046.sbc.mail.mud.yahoo.com with SMTP; Sun, 22 Jan 2012 02:35:25 -0800
Authentication-Results: isp.att.net;
domainkey=pass (no signature error) header.From=<snip>
Received: from nm11.access.bullet.mail.sp2.yahoo.com ([98.139.44.138])
by isp.att.net (frfwmxc05) with SMTP
id <20120122103525M0500fbvb1e>; Sun, 22 Jan 2012 10:35:25 +0000
X-Originating-IP: [98.139.44.138]
Received: from [98.139.44.103] by nm11.access.bullet.mail.sp2.yahoo.com with NNFMP; 22 Jan 2012 10:35:25 -0000
Received: from [98.139.44.67] by tm8.access.bullet.mail.sp2.yahoo.com with NNFMP; 22 Jan 2012 10:35:25 -0000
Received: from [127.0.0.1] by omp1004.access.mail.sp2.yahoo.com with NNFMP; 22 Jan 2012 10:35:25 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: [email protected]
Received: (qmail 29192 invoked by uid 60001); 22 Jan 2012 10:35:24 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bellsouth.net; s=s1024; t=1327228524; bh=v7tZEmAuczabjwBtbu1Wp6kYGbt1EGVGq4n8z6BSA/E=; h=Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type; b=ff1MVC3EdDSQDdP+ah1S8we+jPOzPl3vitCAaLNMbdBqGus1fPJKOzs4Ay0zUKeYXbvTlHrHaYzvxK6GWFPjmwtEqPiGaYm5hvw1mjMQKSuHTCUA+6YbD75c86ZwVlq4iK9/goXP5bsllt+HAEm6zEDcomYIjmxfJqp0oY5lJjw=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=bellsouth.net;
h=Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type;
b=YubSFDYBr2xS1/8hgKtwA0mUv8Y0R5tgTyG+418W2YCF1Mn8/M7nxNjNto3YGLLZO4xgNv80cxvbqKnlUXgmOHOPn1d1qUFppkBjZazSGhw0aLxmaiXKVq7F0l0Q8qSeEh9bV4HB3yf15dDTfCAZaT3KtVc8XVsA5VnfqyDIYs4=;
Received: from [77.232.142.154] by web180403.mail.gq1.yahoo.com via HTTP; Sun, 22 Jan 2012 02:35:24 PST
X-Mailer: YahooMailWebService/0.8.115.331698
Message-ID: <[email protected]>
Date: Sun, 22 Jan 2012 02:35:24 -0800 (PST)
From: <snip> <<snip>>
Subject: FWD: This Kit changed all my life
To: <snip>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-1952832855-1316102223-1327228524=:25067"
Content-Length: 968
FWD: This Kit changed all my life
I could barely afford groceries anymore this was my ticket to the fast life despite the circumstances I stayed positive
http://www.seekairun...l/58MarkMorgan/
this proves that miracles do exist
you should try it too!
ttyl.
#28
Posted 23 January 2012 - 05:54 AM
#29
Posted 23 January 2012 - 06:13 AM
#30
Posted 23 January 2012 - 06:18 AM
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users