Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

sirefef.p .ab .aa .an .w [Closed]


  • This topic is locked This topic is locked

#1
swake

swake

    New Member

  • Member
  • Pip
  • 1 posts
I have a sirefef infected Win 7 64-bit machine. I have run MBAM and MS Security essentials and it keeps coming back. I noticed today that I was getting redirected while using FireFox and then a message popped up that said Security essentials didn't start. It wouldn't let me start it. I uninstalled it and re-installed it and it said the firewall wasn't working. Then I was trying to run Security Essentials scan and the computer kept restarting. Other times it would just say it encountered a problem and would restart in one minute. I disconnected the internet and was able to keep it on long enough to run the OTL. The report is below. I appreciate any help.

Thank you.

OTL logfile created on: 7/12/2012 9:14:29 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = I:\
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

16.00 Gb Total Physical Memory | 12.75 Gb Available Physical Memory | 79.67% Memory free
32.00 Gb Paging File | 28.81 Gb Available in Paging File | 90.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1863.01 Gb Total Space | 1074.39 Gb Free Space | 57.67% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 1796.66 Gb Free Space | 96.44% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 429.89 Gb Free Space | 92.30% Space Free | Partition Type: NTFS
Drive F: | 1862.89 Gb Total Space | 1709.36 Gb Free Space | 91.76% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 905.28 Gb Free Space | 97.18% Space Free | Partition Type: NTFS
Drive I: | 1.87 Gb Total Space | 1.84 Gb Free Space | 98.69% Space Free | Partition Type: FAT
Drive J: | 1863.01 Gb Total Space | 1769.88 Gb Free Space | 95.00% Space Free | Partition Type: NTFS
Drive O: | 931.51 Gb Total Space | 563.20 Gb Free Space | 60.46% Space Free | Partition Type: NTFS
Drive Q: | 2794.39 Gb Total Space | 2547.59 Gb Free Space | 91.17% Space Free | Partition Type: NTFS
Drive T: | 931.51 Gb Total Space | 443.64 Gb Free Space | 47.63% Space Free | Partition Type: NTFS
Drive U: | 931.51 Gb Total Space | 504.59 Gb Free Space | 54.17% Space Free | Partition Type: NTFS
Drive Z: | 2794.51 Gb Total Space | 1176.84 Gb Free Space | 42.11% Space Free | Partition Type: NTFS

Computer Name: SHAWN-DESKTOP | User Name: Shawn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/12 21:12:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- I:\OTL.exe
PRC - [2012/07/03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/04/27 11:12:45 | 006,065,784 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2012/04/04 00:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/01/31 10:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2011/11/12 12:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/11/12 11:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/09/23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/08/22 05:39:44 | 002,995,568 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
PRC - [2011/08/22 05:39:42 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
PRC - [2011/08/22 05:39:36 | 002,120,048 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
PRC - [2011/08/22 05:39:28 | 001,686,384 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
PRC - [2011/08/07 15:04:50 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011/07/28 23:39:56 | 000,365,984 | ---- | M] (Creative Home) -- C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2012 Deluxe\Planner\PLNRnote.exe
PRC - [2011/03/16 10:17:57 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
PRC - [2010/11/27 01:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/27 01:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/03/27 16:07:26 | 000,362,232 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/03/27 16:06:16 | 005,107,232 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/01/19 04:19:29 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009/12/21 08:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
PRC - [2009/02/06 00:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009/01/12 09:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/11/13 11:10:36 | 000,163,840 | ---- | M] () -- C:\Windows\SQ931STI.exe
PRC - [2008/10/31 16:41:42 | 000,565,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\twain_32\Motion Tracking Camera\Motor_Tracking_Tool.exe
PRC - [2007/12/14 22:02:43 | 000,223,752 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\OfficeKB\OfficeKB.EXE
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/14 09:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/09/14 09:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/27 16:30:50 | 000,279,904 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\resource.dll
MOD - [2010/03/27 15:14:56 | 000,028,512 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\rpc_client.dll
MOD - [2010/03/27 15:13:36 | 000,019,808 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\thread_pool.dll
MOD - [2010/01/19 04:19:29 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2008/12/22 09:50:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008/11/13 11:10:36 | 000,163,840 | ---- | M] () -- C:\Windows\SQ931STI.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/05 15:29:23 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/06/17 02:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2011/03/16 10:19:38 | 000,222,720 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/11 22:11:50 | 000,147,368 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/07/11 22:11:24 | 000,375,208 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/06/17 16:13:20 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/15 05:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/05/11 15:09:52 | 000,177,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe -- (WysePocketCloud)
SRV - [2012/02/14 22:37:24 | 000,249,856 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\GSService.exe -- (GSService)
SRV - [2012/02/14 15:43:48 | 000,243,712 | ---- | M] (SMServer) [On_Demand | Stopped] -- C:\Windows\SysWOW64\snmvtsvc.exe -- (SMServer)
SRV - [2012/01/31 10:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2011/11/12 11:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/09/23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2011/09/16 15:10:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2011/08/22 05:39:42 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2011/08/07 15:04:50 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/11/27 01:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/03/27 16:09:22 | 001,054,568 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/11 22:11:27 | 000,087,488 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/03/26 18:42:14 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 00:29:54 | 000,034,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SndTAudio.sys -- (SndTAudio)
DRV:64bit: - [2011/11/12 11:18:12 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btblan.sys -- (Leapfrog-USBLAN)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/10/18 03:43:46 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011/10/18 03:43:44 | 000,095,928 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011/09/16 15:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/09/16 15:10:24 | 000,014,944 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\radpms.sys -- (radpms)
DRV:64bit: - [2011/09/16 15:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2011/08/07 15:04:53 | 000,252,512 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011/08/07 15:04:47 | 001,477,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV:64bit: - [2011/08/07 15:04:42 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/08/07 15:04:34 | 000,271,456 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/08/07 15:00:02 | 000,049,176 | ---- | M] (Gili Soft Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\FileLock.sys -- (FileLock)
DRV:64bit: - [2011/08/01 15:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/13 14:59:54 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011/07/13 14:59:54 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011/05/19 15:55:34 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/30 06:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/04/30 06:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/16 17:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 08:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 08:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 06:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/29 01:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009/12/22 18:38:44 | 000,606,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Capt931A.SYS -- (SQ931)
DRV:64bit: - [2009/09/25 09:58:32 | 000,178,688 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/09/25 09:58:24 | 000,073,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/08/24 23:10:52 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 19:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 19:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2007/03/19 16:02:32 | 000,049,664 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RLVrtAuCbl.sys -- (ReallusionVirtualAudio)
DRV:64bit: - [2007/02/15 19:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV:64bit: - [2007/01/23 15:47:00 | 000,035,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2005/09/23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2012/03/26 18:42:14 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/09/16 15:10:50 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2010/01/29 12:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/04/23 05:02:20 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008/11/14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2007/02/15 19:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://astra.nwmisso...uestPortal.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CB 65 84 5B A9 0B CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Shawn\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/04/11 07:28:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/08/08 09:14:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/17 16:13:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/11 07:28:30 | 000,000,000 | ---D | M]

[2011/08/06 08:48:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shawn\AppData\Roaming\Mozilla\Extensions
[2012/06/28 10:36:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\n3ren5xz.default\extensions
[2012/01/04 13:26:40 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\n3ren5xz.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011/08/06 22:29:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\n3ren5xz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/18 11:10:51 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\n3ren5xz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/03/23 11:45:48 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\n3ren5xz.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2012/03/29 09:40:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\n3ren5xz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/05/19 08:34:39 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\n3ren5xz.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/12/25 09:55:20 | 000,002,255 | ---- | M] () -- C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\n3ren5xz.default\searchplugins\askcom.xml
[2011/11/12 01:30:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/17 16:13:21 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 09:16:33 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/29 21:27:42 | 000,011,011 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 [bleep]up.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 0.0.0.0 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 237 more lines...
O2:64bit: - BHO: (FLockObj Class) - {97F4988F-6D68-4abc-9F18-7B5AAFFDACE4} - C:\Program Files (x86)\GiliSoft\File Lock Pro\FolderLockPlugin64.dll ()
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (FLockObj Class) - {97F4988F-6D68-4abc-9F18-7B5AAFFDACE4} - C:\Program Files (x86)\GiliSoft\File Lock Pro\FolderLockPlugin.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [Motor_Tracking_Tool] C:\Windows\twain_32\Motion Tracking Camera\Motor_Tracking_Tool.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [PocketCloud Location] C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe (Wyse Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SQ931STI] C:\Windows\SQ931STI.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [OfficeKB] C:\Program Files (x86)\OfficeKB\OfficeKB.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA008927-2601-47A1-BC35-8D5E11EE77A0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/19 16:09:30 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{658c3351-c524-11e0-9f2f-6cf049525f19}\Shell - "" = AutoRun
O33 - MountPoints2\{658c3351-c524-11e0-9f2f-6cf049525f19}\Shell\AutoRun\command - "" = K:\EasySuite.exe
O33 - MountPoints2\{658c336e-c524-11e0-9f2f-6cf049525f19}\Shell - "" = AutoRun
O33 - MountPoints2\{658c336e-c524-11e0-9f2f-6cf049525f19}\Shell\AutoRun\command - "" = K:\EasySuite.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/12 14:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/07/12 14:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/11 17:27:49 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/10 10:16:38 | 000,000,000 | ---D | C] -- C:\Users\Shawn\Desktop\Richard Cheese - Back In Black Tie (2012)
[2012/07/07 06:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/06/28 10:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/12 21:27:11 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/12 21:27:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/12 21:16:36 | 000,786,770 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/12 21:16:36 | 000,666,924 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/12 21:16:36 | 000,123,682 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/12 21:06:29 | 000,025,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/12 21:06:29 | 000,025,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/12 21:01:30 | 000,024,616 | ---- | M] () -- C:\Windows\FileLock.bin
[2012/07/12 20:54:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/12 20:52:48 | 4293,779,454 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/12 14:12:09 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/12 14:07:47 | 000,802,682 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/12 13:45:57 | 000,000,442 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/07/12 12:19:07 | 000,000,131 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012/07/11 22:11:27 | 000,087,488 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2012/07/11 22:11:25 | 000,034,720 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2012/07/11 22:11:24 | 000,080,800 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2012/07/11 16:45:45 | 000,870,128 | ---- | M] () -- C:\Users\Shawn\AppData\Roaming\mcs.rma
[2012/07/11 16:45:45 | 000,000,004 | ---- | M] () -- C:\Users\Shawn\AppData\Roaming\4B04D4
[2012/07/11 15:52:36 | 005,256,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/11 15:08:49 | 1701,584,983 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/11 12:29:37 | 000,108,656 | ---- | M] () -- C:\Users\Shawn\Desktop\img081.pdf
[2012/07/10 09:40:01 | 125,707,565 | ---- | M] () -- C:\Users\Shawn\Desktop\Richard Cheese - Back In Black Tie (2012).zip
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/27 15:09:34 | 000,116,496 | ---- | M] () -- C:\Users\Shawn\Desktop\img078.pdf
[2012/06/27 14:10:01 | 000,081,925 | ---- | M] () -- C:\Users\Shawn\Desktop\img077.pdf
[2012/06/26 13:32:44 | 000,007,680 | ---- | M] () -- C:\Users\Shawn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/26 12:16:03 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012/06/26 12:15:25 | 000,000,017 | ---- | M] () -- C:\Windows\MovingPicture.ini
[2012/06/25 15:01:12 | 000,831,620 | ---- | M] () -- C:\Users\Shawn\Desktop\Bank statement.pdf
[2012/06/22 14:06:48 | 000,056,649 | ---- | M] () -- C:\Users\Shawn\Documents\B&H Invoice.pdf
[2012/06/14 23:04:34 | 002,316,386 | ---- | M] () -- C:\Users\Shawn\Documents\SFHGLDApprovedLenders.pdf
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/12 20:49:29 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{1f56b636-80fd-296d-db26-fbc77a8ae077}\U\[email protected]
[2012/07/12 14:07:50 | 000,001,916 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/12 13:45:45 | 000,000,804 | ---- | C] () -- C:\Users\Shawn\AppData\Local\{1f56b636-80fd-296d-db26-fbc77a8ae077}\L\[email protected]
[2012/07/11 17:11:37 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{1f56b636-80fd-296d-db26-fbc77a8ae077}\L\[email protected]
[2012/07/11 15:08:49 | 1701,584,983 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/07/11 12:29:37 | 000,108,656 | ---- | C] () -- C:\Users\Shawn\Desktop\img081.pdf
[2012/07/10 09:38:21 | 125,707,565 | ---- | C] () -- C:\Users\Shawn\Desktop\Richard Cheese - Back In Black Tie (2012).zip
[2012/06/27 15:09:34 | 000,116,496 | ---- | C] () -- C:\Users\Shawn\Desktop\img078.pdf
[2012/06/27 14:10:01 | 000,081,925 | ---- | C] () -- C:\Users\Shawn\Desktop\img077.pdf
[2012/06/25 15:03:58 | 000,001,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
[2012/06/25 14:56:27 | 000,831,620 | ---- | C] () -- C:\Users\Shawn\Desktop\Bank statement.pdf
[2012/06/22 14:06:46 | 000,056,649 | ---- | C] () -- C:\Users\Shawn\Documents\B&H Invoice.pdf
[2012/06/14 23:04:34 | 002,316,386 | ---- | C] () -- C:\Users\Shawn\Documents\SFHGLDApprovedLenders.pdf
[2012/06/05 13:15:20 | 000,026,674 | ---- | C] () -- C:\Users\Shawn\cc_20120605_131518.reg
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/04/05 21:50:13 | 000,010,430 | ---- | C] () -- C:\Users\Shawn\cc_20120405_215011.reg
[2012/04/05 21:44:22 | 000,024,554 | ---- | C] () -- C:\Users\Shawn\cc_20120405_214418.reg
[2012/02/29 23:24:50 | 000,000,132 | ---- | C] () -- C:\Users\Shawn\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012/01/22 15:14:20 | 000,000,000 | ---- | C] () -- C:\Windows\SetSel.INI
[2012/01/10 22:07:06 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{1f56b636-80fd-296d-db26-fbc77a8ae077}\@
[2012/01/10 22:07:06 | 000,002,048 | -HS- | C] () -- C:\Users\Shawn\AppData\Local\{1f56b636-80fd-296d-db26-fbc77a8ae077}\@
[2012/01/01 10:22:31 | 000,007,680 | ---- | C] () -- C:\Users\Shawn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/23 11:55:40 | 000,029,820 | ---- | C] () -- C:\Users\Shawn\cc_20111223_105534.reg
[2011/12/21 14:26:04 | 000,430,567 | ---- | C] () -- C:\Users\Shawn\SCS_Tutorials.pdf
[2011/12/04 00:21:47 | 003,469,501 | ---- | C] () -- C:\Users\Shawn\WNDR3700_UM_16OCT2009.pdf
[2011/12/04 00:18:04 | 002,029,127 | ---- | C] () -- C:\Users\Shawn\wndr3300 repeater.pdf
[2011/11/30 08:50:30 | 000,014,472 | ---- | C] () -- C:\Users\Shawn\NETGEAR_WNDR3700.cfg
[2011/11/11 14:24:52 | 006,654,971 | ---- | C] () -- C:\Users\Shawn\User_Manual_HP.pdf
[2011/11/11 10:44:42 | 001,027,707 | ---- | C] () -- C:\Users\Shawn\HP specs.pdf
[2011/10/10 15:55:30 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2011/10/10 15:20:06 | 000,000,017 | ---- | C] () -- C:\Windows\MovingPicture.ini
[2011/10/03 12:04:11 | 000,000,021 | ---- | C] () -- C:\Windows\pe.ini
[2011/10/03 12:04:11 | 000,000,021 | ---- | C] () -- C:\Windows\ft99.ini
[2011/10/03 12:04:11 | 000,000,021 | ---- | C] () -- C:\Windows\cp.ini
[2011/08/31 17:39:44 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2011/08/12 15:45:49 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011/08/12 10:05:36 | 000,000,442 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/11 21:55:53 | 003,043,363 | ---- | C] () -- C:\Users\Shawn\img002.pdf
[2011/08/11 15:33:32 | 000,351,158 | ---- | C] () -- C:\Users\Shawn\Entertainers_Insurance_application.pdf
[2011/08/11 15:31:32 | 000,001,681 | ---- | C] () -- C:\Users\Shawn\ShawnWake.pfx
[2011/08/10 22:57:58 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/08/10 22:13:54 | 000,034,078 | ---- | C] () -- C:\Users\Shawn\cc_20110810_221345.reg
[2011/08/08 22:17:42 | 000,000,131 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/08/07 22:01:06 | 000,071,751 | ---- | C] () -- C:\Users\Shawn\2009_Federal_Return.pdf
[2011/08/07 22:01:06 | 000,038,623 | ---- | C] () -- C:\Users\Shawn\2009_Missouri_Return.pdf
[2011/08/07 22:00:54 | 000,081,468 | ---- | C] () -- C:\Users\Shawn\2008_Federal_Return.pdf
[2011/08/07 22:00:54 | 000,037,722 | ---- | C] () -- C:\Users\Shawn\2008_Missouri_Return.pdf
[2011/08/07 21:54:03 | 000,939,699 | ---- | C] () -- C:\Users\Shawn\JKVCS jpg small.jpg
[2011/08/07 21:54:03 | 000,935,883 | ---- | C] () -- C:\Users\Shawn\JKVCS jpg.jpg
[2011/08/07 19:57:49 | 000,018,236 | ---- | C] () -- C:\Users\Shawn\xmas 1.nra
[2011/08/07 19:57:49 | 000,018,221 | ---- | C] () -- C:\Users\Shawn\xmas 2.nra
[2011/08/07 19:57:47 | 028,023,047 | ---- | C] () -- C:\Users\Shawn\WeirdAl_620x349.flv
[2011/08/07 19:57:47 | 000,968,996 | ---- | C] () -- C:\Users\Shawn\Voice Recorder Manual.pdf
[2011/08/07 19:57:47 | 000,266,240 | ---- | C] () -- C:\Users\Shawn\Untitled.hmk
[2011/08/07 19:57:47 | 000,044,497 | ---- | C] () -- C:\Users\Shawn\Untitled Project.nvc
[2011/08/07 19:57:47 | 000,041,616 | ---- | C] () -- C:\Users\Shawn\wegner_gus_t440.jpg
[2011/08/07 19:57:47 | 000,005,069 | ---- | C] () -- C:\Users\Shawn\Untitled.ncor
[2011/08/07 19:57:42 | 001,765,376 | ---- | C] () -- C:\Users\Shawn\Students.accdb
[2011/08/07 19:57:42 | 001,298,250 | ---- | C] () -- C:\Users\Shawn\[email protected]
[2011/08/07 19:57:36 | 095,376,997 | ---- | C] () -- C:\Users\Shawn\stl.flv
[2011/08/07 19:57:36 | 001,314,304 | ---- | C] () -- C:\Users\Shawn\Sandi V-day card.pub
[2011/08/07 19:57:36 | 000,516,264 | ---- | C] () -- C:\Users\Shawn\ScholarshipApp.tif
[2011/08/07 19:57:36 | 000,451,072 | ---- | C] () -- C:\Users\Shawn\Sandi from kids.hmk
[2011/08/07 19:57:36 | 000,322,385 | ---- | C] () -- C:\Users\Shawn\SSPX0332.JPG
[2011/08/07 19:57:36 | 000,271,360 | ---- | C] () -- C:\Users\Shawn\Sandi.hmk
[2011/08/07 19:57:36 | 000,005,089 | ---- | C] () -- C:\Users\Shawn\Six Million Dollar Menu.ncor
[2011/08/07 19:57:35 | 001,688,262 | ---- | C] () -- C:\Users\Shawn\SamsungMomentUpdateInstructions.pdf
[2011/08/07 19:57:35 | 000,497,928 | ---- | C] () -- C:\Users\Shawn\ice cream maker manual.pdf
[2011/08/07 19:57:11 | 411,248,292 | ---- | C] () -- C:\Users\Shawn\regbackup.reg
[2011/08/07 19:57:05 | 001,001,352 | ---- | C] () -- C:\Users\Shawn\P3270041.JPG
[2011/08/07 19:57:05 | 000,967,011 | ---- | C] () -- C:\Users\Shawn\PA260014.JPG
[2011/08/07 19:57:05 | 000,515,536 | ---- | C] () -- C:\Users\Shawn\paw_2.psd
[2011/08/07 19:57:05 | 000,195,072 | ---- | C] () -- C:\Users\Shawn\PAC to 1014 W Cooper St, Maryville, MO 64468.est
[2011/08/07 19:57:05 | 000,031,242 | ---- | C] () -- C:\Users\Shawn\paw_2.jpg
[2011/08/07 19:57:05 | 000,027,038 | ---- | C] () -- C:\Users\Shawn\paw print.jpg
[2011/08/07 19:57:05 | 000,016,957 | ---- | C] () -- C:\Users\Shawn\Owen's Steel Drums.nra
[2011/08/07 19:57:04 | 013,581,312 | ---- | C] () -- C:\Users\Shawn\owen card.pub
[2011/08/07 19:57:04 | 000,000,334 | ---- | C] () -- C:\Users\Shawn\nero.reg
[2011/08/07 19:56:59 | 002,439,944 | ---- | C] () -- C:\Users\Shawn\Lost In Space Season 3 Theme Song.mp3
[2011/08/07 19:56:59 | 000,021,072 | ---- | C] () -- C:\Users\Shawn\Lost In Space Season 3 Theme Song.mp3.sfk
[2011/08/07 19:56:57 | 026,214,400 | ---- | C] () -- C:\Users\Shawn\Locker01.flk
[2011/08/07 19:56:57 | 001,030,819 | ---- | C] () -- C:\Users\Shawn\LoaderBackup-(2009-11-28).ipd
[2011/08/07 19:56:57 | 000,957,219 | ---- | C] () -- C:\Users\Shawn\lightscribe_eng.chm
[2011/08/07 19:56:53 | 001,285,175 | ---- | C] () -- C:\Users\Shawn\joefishsav.exe
[2011/08/07 19:56:52 | 011,333,944 | ---- | C] () -- C:\Users\Shawn\iPod_touch_3.1_User_Guide.pdf
[2011/08/07 19:56:52 | 000,329,216 | ---- | C] () -- C:\Users\Shawn\home.est
[2011/08/07 19:56:47 | 000,266,240 | ---- | C] () -- C:\Users\Shawn\Grandma from ROE.hmk
[2011/08/07 19:56:42 | 003,260,416 | ---- | C] () -- C:\Users\Shawn\DVDs.accdb
[2011/08/07 19:56:42 | 000,449,886 | ---- | C] () -- C:\Users\Shawn\WLIP Instructions.pdf
[2011/08/07 19:56:42 | 000,090,073 | ---- | C] () -- C:\Users\Shawn\FINAL_Winter_Pack_Readme.htm
[2011/08/07 19:56:40 | 005,087,820 | ---- | C] () -- C:\Users\Shawn\Video Camera Manual.pdf
[2011/08/07 19:56:40 | 000,057,828 | ---- | C] () -- C:\Users\Shawn\Creativity_Pack_ReadMe.htm
[2011/08/07 19:56:37 | 001,019,383 | ---- | C] () -- C:\Users\Shawn\Backup-(2009-08-10).ipd
[2011/08/07 19:56:37 | 000,755,406 | ---- | C] () -- C:\Users\Shawn\before.jpg
[2011/08/07 19:56:37 | 000,002,598 | ---- | C] () -- C:\Users\Shawn\Cert backup.pfx
[2011/08/07 19:56:37 | 000,001,782 | ---- | C] () -- C:\Users\Shawn\CinemaNow.lnk
[2011/08/07 19:56:33 | 002,368,091 | ---- | C] () -- C:\Users\Shawn\after.jpg
[2011/08/07 19:56:28 | 000,042,911 | ---- | C] () -- C:\Users\Shawn\633492556345304408-cowbell.jpg
[2011/08/07 19:56:25 | 017,640,852 | ---- | C] () -- C:\Users\Shawn\_quot_Weird_Al_quot__Yankovic_-_Skipper_Dan.mp4
[2011/08/07 15:01:23 | 000,024,616 | ---- | C] () -- C:\Windows\FileLock.bin
[2011/08/07 10:40:57 | 008,923,402 | ---- | C] () -- C:\Users\Shawn\soundforgepro10_manual_enu.pdf
[2011/08/07 10:40:57 | 000,375,022 | ---- | C] () -- C:\Users\Shawn\Spyware on Cell phone.pdf
[2011/08/07 10:40:56 | 013,415,918 | ---- | C] () -- C:\Users\Shawn\Nikon Coolpix Manual.pdf
[2011/08/07 10:40:56 | 003,406,628 | ---- | C] () -- C:\Users\Shawn\Rachel's camera manual.pdf
[2011/08/07 09:26:24 | 000,870,128 | ---- | C] () -- C:\Users\Shawn\AppData\Roaming\mcs.rma
[2011/08/07 09:26:24 | 000,000,004 | ---- | C] () -- C:\Users\Shawn\AppData\Roaming\4B04D4
[2011/08/07 03:15:12 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011/08/07 00:05:56 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/08/07 00:05:56 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/08/07 00:05:56 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/08/07 00:05:56 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/08/07 00:05:56 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/08/07 00:05:56 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/08/07 00:05:56 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/08/07 00:05:56 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/08/07 00:05:56 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/08/07 00:05:56 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/08/07 00:05:56 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/08/07 00:05:56 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/08/07 00:05:56 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/08/07 00:05:56 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/08/07 00:05:56 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/08/07 00:05:56 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/08/07 00:01:09 | 000,000,090 | ---- | C] () -- C:\Windows\EPART810.ini
[2011/08/06 23:57:19 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2011/08/06 23:57:19 | 000,000,246 | ---- | C] () -- C:\Windows\wpd99.drv
[2011/08/06 21:47:52 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/08/06 21:47:52 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/08/06 14:37:26 | 001,092,389 | ---- | C] () -- C:\Users\Shawn\waste king 111.pdf
[2011/08/06 14:37:25 | 003,469,501 | ---- | C] () -- C:\Users\Shawn\netgear router user manual.pdf
[2011/08/06 14:37:25 | 002,227,156 | ---- | C] () -- C:\Users\Shawn\Mower parts.pdf
[2011/08/06 14:37:25 | 000,107,643 | ---- | C] () -- C:\Users\Shawn\PAC to 1014 W Cooper St, Maryville, MO 64468.pdf
[2011/08/06 14:37:25 | 000,083,847 | ---- | C] () -- C:\Users\Shawn\Microsoft Office Online.pdf
[2011/08/06 14:37:25 | 000,039,802 | ---- | C] () -- C:\Users\Shawn\sig.jpg
[2011/08/06 14:37:25 | 000,006,039 | ---- | C] () -- C:\Users\Shawn\Router_Setup.html
[2011/08/06 14:37:24 | 019,406,014 | ---- | C] () -- C:\Users\Shawn\Motherboard Manual.pdf
[2011/08/06 14:37:24 | 000,442,030 | ---- | C] () -- C:\Users\Shawn\Hack a Keyboard for MAME.pdf
[2011/08/06 14:37:24 | 000,172,199 | ---- | C] () -- C:\Users\Shawn\W-9 Form.pdf
[2011/08/06 14:37:23 | 001,056,768 | ---- | C] () -- C:\Users\Shawn\defltbase.sdb
[2011/08/06 14:37:23 | 000,400,050 | ---- | C] () -- C:\Users\Shawn\Castle On A Cloud.pdf
[2011/08/06 14:37:23 | 000,060,904 | ---- | C] () -- C:\Users\Shawn\Aesops Cast Script.pdf
[2011/08/06 14:37:20 | 051,469,273 | ---- | C] () -- C:\Users\Shawn\Mercury Outboard Motor book.pdf
[2011/08/06 10:21:19 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2011/08/06 10:10:33 | 000,000,080 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2011/08/06 09:54:56 | 000,724,992 | ---- | C] () -- C:\Windows\SQCap.exe
[2011/08/06 09:54:56 | 000,163,840 | ---- | C] () -- C:\Windows\SQ931STI.exe
[2011/08/06 09:54:56 | 000,015,350 | ---- | C] () -- C:\Windows\931TwCfg.INI
[2011/08/06 09:54:54 | 000,032,256 | ---- | C] () -- C:\Windows\PCCam.exe
[2011/08/06 08:48:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/08/06 08:07:31 | 000,802,682 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/05 17:15:22 | 000,375,022 | ---- | C] () -- C:\Users\Shawn\spwrephon.pdf
[2011/08/05 17:15:22 | 000,000,127 | ---- | C] () -- C:\Users\Shawn\tbkup.fhf
[2011/08/05 17:15:21 | 013,415,918 | ---- | C] () -- C:\Users\Shawn\S4000_ENnoprint.pdf
[2011/08/05 17:15:21 | 000,072,438 | ---- | C] () -- C:\Users\Shawn\Receipt - PayPal.pdf
[2011/08/05 17:15:20 | 000,458,037 | ---- | C] () -- C:\Users\Shawn\Parker info.pdf
[2011/08/05 17:15:20 | 000,142,663 | ---- | C] () -- C:\Users\Shawn\Newegg.com - Once You Know,...pdf
[2011/08/05 17:15:20 | 000,073,891 | ---- | C] () -- C:\Users\Shawn\Order Completed.pdf
[2011/08/05 17:15:20 | 000,056,315 | ---- | C] () -- C:\Users\Shawn\http www.goharddrive.com ...pdf
[2011/08/05 17:15:20 | 000,000,349 | ---- | C] () -- C:\Users\Shawn\PCLECHAL.INI
[2011/08/05 17:14:48 | 000,126,275 | ---- | C] () -- C:\Users\Shawn\3B Tech Order Confirmation.pdf
[2011/08/05 17:08:00 | 004,989,116 | ---- | C] () -- C:\Users\Shawn\Sandra Wake Transcript.pdf
[2011/08/05 17:08:00 | 000,968,996 | ---- | C] () -- C:\Users\Shawn\VN-5200PC_VN-3200PC_Instructions_EN.pdf
[2011/08/05 17:06:58 | 000,001,155 | ---- | C] () -- C:\Users\Shawn\ChatLog XanGo.rtf
[2011/08/05 17:03:48 | 000,825,966 | ---- | C] () -- C:\Users\Shawn\Untitled-2.psd
[2011/08/05 17:03:37 | 000,497,928 | ---- | C] () -- C:\Users\Shawn\Rival_8804_8806.pdf.pdf
[2011/08/05 17:03:37 | 000,052,088 | ---- | C] () -- C:\Users\Shawn\saulsbury_paw.jpg
[2011/08/05 17:03:37 | 000,001,065 | ---- | C] () -- C:\Users\Shawn\script.htm
[2011/08/05 17:03:24 | 001,835,925 | ---- | C] () -- C:\Users\Shawn\lotus_lg_ug_en.pdf
[2011/08/05 17:03:09 | 000,704,512 | ---- | C] () -- C:\Users\Shawn\Faculty.accdb
[2011/08/05 17:03:09 | 000,449,886 | ---- | C] () -- C:\Users\Shawn\English_instructions1.1.pdf
[2011/08/05 17:03:09 | 000,058,188 | ---- | C] () -- C:\Users\Shawn\Excelsior Springs, MO - Red...pdf
[2011/08/05 17:03:09 | 000,000,092 | ---- | C] () -- C:\Users\Shawn\download.html
[2011/08/05 17:03:06 | 005,087,820 | ---- | C] () -- C:\Users\Shawn\DCRTRV22.pdf
[2011/08/05 17:03:04 | 000,830,529 | ---- | C] () -- C:\Users\Shawn\CIA_Fundamentals.pdf
[2011/07/31 06:27:36 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\GSService.exe
[2011/07/21 14:59:48 | 000,005,629 | ---- | C] () -- C:\Users\Shawn\NWMSU Gear Proposal 7 19 2011.pdf

========== LOP Check ==========

[2011/10/20 22:43:28 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\Acronis
[2012/04/05 21:47:09 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\Autodesk
[2011/08/06 22:12:35 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/01/18 09:20:56 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\CrashPlan
[2012/07/09 21:47:11 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\Dropbox
[2012/01/27 00:59:09 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\dvdae
[2011/09/06 20:49:54 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\Epson
[2012/02/23 23:39:38 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\FamilyTreeMaker
[2012/01/26 22:16:55 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\GetRightToGo
[2011/08/07 16:19:00 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\Gili File Lock
[2011/08/06 23:46:38 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\GrabPro
[2012/03/22 22:16:26 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\ImTOO
[2011/08/07 00:19:10 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\Leadertech
[2012/01/31 11:51:48 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\LogMeInIgnition
[2012/05/21 00:05:39 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\Mp3tag
[2011/08/06 10:28:35 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\Netgear Live Parental Controls
[2011/09/01 21:18:08 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\Octoshape
[2012/06/28 11:01:38 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\Orbit
[2011/10/10 15:55:30 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\PACE Anti-Piracy
[2011/08/31 17:39:44 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\pdf995
[2011/08/08 21:37:59 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\Philipp Winterberg
[2011/12/02 17:09:28 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\proDAD
[2011/08/07 15:14:49 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\ProgSense
[2011/08/07 15:13:57 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\Publish Providers
[2011/09/23 22:51:50 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2011/08/09 09:36:21 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\Sony
[2011/08/18 16:31:59 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/07/11 16:57:20 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\uTorrent
[2011/12/22 17:57:57 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\WindSolutions
[2012/04/26 08:11:17 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1448 bytes -> C:\Users\Shawn\AppData\Local\OGPRb6saMw2:BHgdWMRoxqKFwC3s2h3WfmhHKk
@Alternate Data Stream - 1434 bytes -> C:\Users\Shawn\AppData\Local\3o8oijHr:pgvCmNK3xhXncuDyZ5ZYCJSMv
@Alternate Data Stream - 1362 bytes -> C:\ProgramData\Microsoft:q8K9m8OFnj76LTzKmPF65Y
@Alternate Data Stream - 1301 bytes -> C:\ProgramData\Microsoft:0cqL7bJK5umgkli1MdgPwVRqHtaFDi
@Alternate Data Stream - 1276 bytes -> C:\Users\Shawn\AppData\Local\KxsJXnnc6ia:RC86bZ6mRqgN4v1rWm6v2
@Alternate Data Stream - 1207 bytes -> C:\ProgramData\Microsoft:pvLEgXcXYTOc9a8eTmDdCC9HL2D
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A1EDB939

< End of report >
  • 0

Advertisements


#2
jeffce

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.


Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.
---------

**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.

If you would like to format and reinstall your Operating System please let me know and we can assist you with that.

If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help. :)
----------

Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
----------

If you are running Malwarebytes 1.6 or better, please disable it for the duration of this run.

To disable Malwarebytes
  • Open the scanner and select the Protection tab
  • Remove the tick from "Start Protection Module with Windows" as seen below
Posted Image

Once complete continue with the instructions...
----------

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services
    
    :Files
    C:\Windows\Installer\{1f56b636-80fd-296d-db26-fbc77a8ae077}
    C:\Users\Shawn\AppData\Local\{1f56b636-80fd-296d-db26-fbc77a8ae077}
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
----------

Download Combofix from the link below, and save it to your desktop.
Link

**Note: It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
----------

In your next reply please post the logs made by OTL and ComboFix. :)
  • 0

#3
jeffce

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Are you still with us?
  • 0

#4
jeffce

jeffce

    Trusted Helper

  • Malware Removal
  • 216 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP