OTL logfile created on: 3/17/2013 6:16:12 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = E:\Users\DLee\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 16.00 Gb Total Physical Memory | 13.84 Gb Available Physical Memory | 86.50% Memory free 31.99 Gb Paging File | 29.73 Gb Available in Paging File | 92.93% Paging File free Paging file location(s): g:\pagefile.sys 0 0k:\pagefile.sy [Binary data over 200 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59.62 Gb Total Space | 23.10 Gb Free Space | 38.75% Space Free | Partition Type: NTFS Drive E: | 465.65 Gb Total Space | 153.46 Gb Free Space | 32.96% Space Free | Partition Type: NTFS Drive G: | 465.76 Gb Total Space | 263.07 Gb Free Space | 56.48% Space Free | Partition Type: NTFS Drive K: | 465.76 Gb Total Space | 206.61 Gb Free Space | 44.36% Space Free | Partition Type: NTFS Drive U: | 931.51 Gb Total Space | 268.48 Gb Free Space | 28.82% Space Free | Partition Type: NTFS Drive X: | 465.86 Gb Total Space | 306.06 Gb Free Space | 65.70% Space Free | Partition Type: NTFS Computer Name: ARMOR | User Name: DLee | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/03/17 18:11:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Users\DLee\Desktop\OTL.exe PRC - [2013/03/16 16:37:32 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe PRC - [2013/03/07 07:30:42 | 000,917,400 | ---- | M] (Mozilla Corporation) -- E:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/10/23 15:58:52 | 000,120,728 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe PRC - [2012/10/23 15:58:40 | 000,694,168 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe PRC - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe PRC - [2010/07/07 10:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- E:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe PRC - [2010/06/24 14:19:50 | 000,109,056 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe PRC - [2010/03/25 11:02:12 | 000,888,960 | ---- | M] (ASUSTeK Computer Inc.) -- E:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe PRC - [2009/05/21 16:09:04 | 000,172,032 | ---- | M] () -- E:\Program Files (x86)\ASUS\ASWLCCSVC.exe PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/03/16 16:37:31 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll MOD - [2013/03/07 07:30:45 | 003,069,848 | ---- | M] () -- E:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012/10/23 15:58:40 | 000,694,168 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe MOD - [2010/06/01 10:38:40 | 000,253,952 | ---- | M] () -- E:\Program Files\ASUS\TurboV EVO\pngio.dll MOD - [2010/02/08 17:19:52 | 000,053,248 | ---- | M] () -- E:\Program Files\ASUS\TurboV EVO\HookKey32.dll MOD - [2009/09/30 11:33:08 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2012/12/19 16:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:[b]64bit:[/b] - [2012/12/19 12:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:[b]64bit:[/b] - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:[b]64bit:[/b] - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009/07/13 18:41:10 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\iprip.dll -- (iprip) SRV - [2013/03/07 07:30:44 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/02/25 08:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/11/09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- E:\Program Files (x86)\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/10/23 15:58:52 | 000,120,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager) SRV - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service) SRV - [2010/06/24 14:19:50 | 000,109,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/05/21 16:09:04 | 000,172,032 | ---- | M] () [Auto | Running] -- E:\Program Files (x86)\ASUS\ASWLCCSVC.exe -- (ASWLCCSvc) SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2013/02/11 21:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:[b]64bit:[/b] - [2013/02/07 13:42:52 | 002,201,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:[b]64bit:[/b] - [2013/01/29 19:15:04 | 000,075,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:[b]64bit:[/b] - [2013/01/29 19:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:[b]64bit:[/b] - [2012/12/19 13:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2012/12/19 12:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2012/11/06 04:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:[b]64bit:[/b] - [2012/09/26 00:54:21 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:[b]64bit:[/b] - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2012/06/11 12:56:34 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp) DRV:[b]64bit:[/b] - [2012/06/08 17:09:12 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet) DRV:[b]64bit:[/b] - [2012/06/08 17:08:54 | 000,008,832 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService) DRV:[b]64bit:[/b] - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.0) DRV:[b]64bit:[/b] - [2012/03/30 07:49:08 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:[b]64bit:[/b] - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2012/01/25 15:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl) DRV:[b]64bit:[/b] - [2011/11/08 14:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice) DRV:[b]64bit:[/b] - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5) DRV:[b]64bit:[/b] - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4) DRV:[b]64bit:[/b] - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3) DRV:[b]64bit:[/b] - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2) DRV:[b]64bit:[/b] - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1) DRV:[b]64bit:[/b] - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver) DRV:[b]64bit:[/b] - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010/04/27 09:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:[b]64bit:[/b] - [2010/04/27 09:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:[b]64bit:[/b] - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:[b]64bit:[/b] - [2009/10/28 11:59:08 | 000,045,752 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCASp50.sys -- (PCASp50) DRV:[b]64bit:[/b] - [2009/07/16 11:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:[b]64bit:[/b] - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/07/13 18:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) DRV:[b]64bit:[/b] - [2009/07/10 15:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb) DRV:[b]64bit:[/b] - [2009/06/10 13:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb) DRV:[b]64bit:[/b] - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009/01/29 19:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService) DRV:[b]64bit:[/b] - [2007/04/23 19:12:44 | 000,739,760 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BisonCam.sys -- (Cam5603D) DRV:[b]64bit:[/b] - [2006/09/03 00:53:54 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf) DRV - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- E:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2) DRV - [2009/10/28 11:59:08 | 000,045,752 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PCASp50.sys -- (PCASp50) DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-80866519-203923749-430787433-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-80866519-203923749-430787433-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-80866519-203923749-430787433-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 B8 4B 00 BB F3 CB 01 [binary data] IE - HKU\S-1-5-21-80866519-203923749-430787433-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-80866519-203923749-430787433-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-80866519-203923749-430787433-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-80866519-203923749-430787433-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;192.168.*.* [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=642886&p=" FF - prefs.js..browser.search.param.yahoo-fr: "&hsimp=yhs-affiliate_a_ff&hspart=greentree&type=642886" FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\PROGRA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll File not found FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: E:\Users\DLee\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\DLee\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\DLee\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Users\DLee\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Users\DLee\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/01/19 17:09:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: E:\Program Files (x86)\Mozilla Firefox\components [2013/03/11 12:08:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: E:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/21 18:11:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Extensions [2012/09/21 18:18:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions [2012/09/21 18:15:09 | 000,000,000 | ---D | M] (Define Word) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{1395baf2-3aa6-4d0f-83d6-1d9b66a9420d} [2012/09/21 18:15:09 | 000,000,000 | ---D | M] (Print/Print Preview) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1} [2012/09/21 18:18:08 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0} [2012/09/21 18:15:10 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{582195F5-92E7-40a0-A127-DB71295901D7} [2012/09/21 18:15:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012/09/21 18:15:10 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2012/09/21 18:15:09 | 000,000,000 | ---D | M] (Show Picture) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\LDshowpicture_plashcor@gmail.com [2012/09/21 18:15:09 | 000,000,000 | ---D | M] (Multi Links) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\multilinks@plugin [2012/09/21 18:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions [2012/09/21 18:15:18 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30} [2012/09/21 18:15:18 | 000,000,000 | ---D | M] (Define Word) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{1395baf2-3aa6-4d0f-83d6-1d9b66a9420d} [2012/09/21 18:15:18 | 000,000,000 | ---D | M] (Print/Print Preview) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1} [2012/09/21 18:15:18 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} [2011/03/19 17:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/09/21 18:15:19 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} [2012/09/21 18:15:19 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2012/09/21 18:15:19 | 000,000,000 | ---D | M] (Data Analytics) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{377364a4-d91a-47ea-87de-c3d7eaf221cd} [2012/09/21 18:15:20 | 000,000,000 | ---D | M] (oldbar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb} [2012/09/21 18:15:21 | 000,000,000 | ---D | M] (FavLoc) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{472f4ef0-a825-11da-a746-0800200c9a66} [2012/09/21 18:15:21 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2012/09/21 18:15:21 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{582195F5-92E7-40a0-A127-DB71295901D7} [2012/09/21 18:15:21 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2012/09/21 18:15:21 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2012/09/21 18:15:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012/09/21 18:15:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2012/09/21 18:15:22 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012/09/21 18:15:23 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2012/09/21 18:15:24 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{dc572301-7619-498c-a57d-39143191b318} [2012/09/21 18:15:24 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2012/09/21 18:15:24 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD} [2012/09/21 18:15:17 | 000,000,000 | ---D | M] (Show Picture) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\LDshowpicture_plashcor@gmail.com [2012/09/21 18:15:17 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\piclens@cooliris.com [2012/09/21 18:15:17 | 000,000,000 | ---D | M] ("Highlights") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\rj@reedmace.net [2012/09/21 18:15:18 | 000,000,000 | ---D | M] ("SEO For Firefox") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\seo4firefox@seobook.com [2012/09/21 18:15:18 | 000,000,000 | ---D | M] (SeoQuake Plugin - Del.icio.us) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\seoquake-plugin-delicious@seoquake.com [2012/09/21 18:15:18 | 000,000,000 | ---D | M] (SeoQuake Plugin - Seolinx) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\seoquake-plugin-seolinx@seoquake.com [2012/09/21 18:15:18 | 000,000,000 | ---D | M] ("Simple Timer") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\simpletimer@grbradt.org [2012/09/21 18:15:18 | 000,000,000 | ---D | M] (Site Information Tool) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\siteinfo@wmtips [2012/09/21 18:15:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\staged-xpis [2012/09/21 18:15:18 | 000,000,000 | ---D | M] ("Status-bar Scientific Calculator") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\ststusscicalc@sunny [2012/08/04 15:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\fnhvl5tp.default\extensions [2012/07/05 19:12:45 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\elemhidehelper@adblockplus.org.xpi [2012/06/25 19:27:30 | 000,082,787 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\LDSI_plashcor@gmail.com.xpi [2012/05/03 22:50:55 | 000,025,907 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\restartbutton@strk.jp.xpi [2012/06/14 22:24:25 | 000,139,765 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\savefileto@mozdev.org.xpi [2012/05/03 22:44:28 | 000,042,919 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\ststusscicalc@sunny.xpi [2012/09/18 18:27:21 | 000,506,361 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2012/09/21 18:18:08 | 000,079,135 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2012/07/24 17:26:40 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012/07/23 17:30:53 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2009/03/18 14:40:42 | 000,019,153 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\staged-xpis\{20a82645-c095-46ed-80e3-08825760534b}\MicrosoftDotNetFrameworkAssistant.xpi File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Users\DLee\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Gmail = C:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/03/16 16:40:30 | 000,446,198 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 15323 more lines... O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-80866519-203923749-430787433-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [QFan Help] E:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe (ASUSTeK Computer Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-80866519-203923749-430787433-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-80866519-203923749-430787433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-80866519-203923749-430787433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:[b]64bit:[/b] - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 File not found O8:[b]64bit:[/b] - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta File not found O8:[b]64bit:[/b] - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta File not found O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 File not found O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3333508-2896-495F-9566-4737F2F7AC7B}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB5E2334-3E59-4F8D-8696-877AB6F123E7}: DhcpNameServer = 75.75.75.75 75.75.76.76 O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{07ca8828-3f49-11e2-9ee4-bcaec54ce1d6}\Shell - "" = AutoRun O33 - MountPoints2\{07ca8828-3f49-11e2-9ee4-bcaec54ce1d6}\Shell\AutoRun\command - "" = H:\MotoCastSetup.exe -a O33 - MountPoints2\{41189d8f-0438-11e2-98c9-f7d387e36a36}\Shell - "" = AutoRun O33 - MountPoints2\{41189d8f-0438-11e2-98c9-f7d387e36a36}\Shell\AutoRun\command - "" = I:\MotoCastSetup.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (SmartDefragBootTime.exe) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-80866519-203923749-430787433-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/03/16 16:37:32 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/03/16 16:37:32 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/03/16 16:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2013/03/16 16:26:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/03/13 10:54:50 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/03/13 10:54:50 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/03/13 10:54:49 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/03/13 10:54:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/03/13 10:54:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/03/13 10:54:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/03/13 10:54:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/03/13 10:54:47 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/03/13 10:54:46 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/03/13 10:54:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/03/13 10:54:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/03/13 10:54:46 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/03/13 10:54:45 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/03/13 10:54:45 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/03/13 10:54:44 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/03/13 10:34:30 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023x.sys [2013/03/13 10:34:30 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013/03/11 11:52:41 | 000,000,000 | ---D | C] -- C:\Scratch [2013/03/11 11:52:23 | 000,000,000 | ---D | C] -- E:\Users\DLee\Profiles [2013/03/08 06:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games [2013/03/08 02:33:21 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013/03/08 02:33:20 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013/03/08 02:33:20 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013/03/08 02:33:20 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013/03/08 02:33:18 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013/03/08 02:33:18 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013/03/08 02:33:17 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013/03/08 02:33:17 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013/03/08 02:33:17 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013/03/08 02:33:17 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013/03/08 02:33:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013/03/08 02:33:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013/03/08 02:33:17 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013/03/08 02:33:17 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013/03/08 02:33:16 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013/03/08 02:33:16 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013/03/08 02:33:16 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013/03/08 02:33:16 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013/03/08 02:33:16 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013/03/08 02:33:16 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013/03/08 02:33:16 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013/03/08 02:33:16 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013/03/08 02:33:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013/03/08 02:33:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013/03/08 02:33:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013/03/08 02:33:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013/03/08 02:33:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013/03/08 02:33:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013/03/08 02:33:15 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013/03/08 02:33:15 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013/03/08 02:33:15 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013/03/08 02:33:15 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013/03/08 02:33:15 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013/03/08 02:33:15 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013/03/08 02:33:15 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013/03/08 02:33:15 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013/03/08 02:33:15 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013/03/08 02:33:14 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013/03/08 02:33:14 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013/03/08 02:33:14 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013/03/08 02:33:14 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013/03/08 01:58:53 | 000,000,000 | ---D | C] -- C:\Users\DLee\Desktop\League of Legends [2013/03/04 18:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013/03/04 18:23:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013/03/04 18:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013/03/04 02:42:33 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2013/03/03 23:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2013/03/03 23:16:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2013/03/03 23:16:19 | 000,000,000 | ---D | C] -- E:\Users\DLee\.swt [2013/03/01 23:16:33 | 001,085,344 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013/03/01 19:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dumps [2013/02/28 19:37:00 | 000,000,000 | ---D | C] -- E:\Users\DLee\TAX 2012 [2013/02/27 15:02:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013/02/27 15:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013/02/20 22:24:16 | 000,000,000 | ---D | C] -- C:\XYZ [2013/02/20 18:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center [2013/02/20 18:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center [2013/02/20 00:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\xml_param [2013/02/20 00:31:38 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys [2013/02/20 00:30:47 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys [2013/02/20 00:29:47 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys [2013/02/20 00:28:48 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys [2013/02/20 00:28:18 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys [2013/02/20 00:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aimersoft [2013/02/20 00:28:14 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\Windows\SysWow64\iconv.dll [2013/02/20 00:22:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU [2013/02/20 00:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2013/02/20 00:21:48 | 010,833,920 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\libmfxsw32.dll [2013/02/20 00:21:47 | 010,915,840 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\libmfxhw32.dll [2013/02/20 00:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia [2013/02/20 00:21:35 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll [2013/02/20 00:21:35 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll [2013/02/20 00:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/03/17 17:32:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-80866519-203923749-430787433-1000UA.job [2013/03/17 16:26:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-80866519-203923749-430787433-1000UA.job [2013/03/17 15:06:31 | 000,013,760 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/17 15:06:31 | 000,013,760 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/17 15:06:19 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/03/17 15:06:19 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/03/17 15:06:19 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/03/17 14:59:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/16 22:26:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-80866519-203923749-430787433-1000Core.job [2013/03/16 18:32:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-80866519-203923749-430787433-1000Core.job [2013/03/16 16:40:30 | 000,446,198 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/03/16 16:37:32 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/03/16 16:37:32 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/03/11 12:08:29 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/03/10 15:46:14 | 000,772,990 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/03/09 14:40:52 | 000,000,544 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2013/03/08 06:20:05 | 000,000,649 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk [2013/03/08 02:00:40 | 000,446,198 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130316-164030.backup [2013/03/06 13:30:46 | 004,378,194 | ---- | M] () -- E:\Users\DLee\TAX 2012.zip [2013/03/04 14:08:19 | 000,446,198 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130308-010040.backup [2013/03/01 23:37:40 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013/03/01 23:37:40 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013/02/18 00:53:43 | 000,445,941 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130304-130819.backup [2013/02/15 22:27:54 | 000,002,568 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/03/08 06:20:05 | 000,000,649 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk [2013/03/06 13:30:46 | 004,378,194 | ---- | C] () -- E:\Users\DLee\TAX 2012.zip [2013/03/01 23:11:35 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/03/01 23:11:35 | 000,000,817 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013/02/20 00:28:14 | 000,675,840 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.ax [2013/02/20 00:28:14 | 000,496,640 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax [2013/02/20 00:28:12 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll [2012/11/29 02:52:41 | 000,424,353 | ---- | C] () -- E:\Users\DLee\fPhWx.png [2012/11/12 10:15:54 | 000,280,749 | ---- | C] () -- E:\Users\DLee\Old_poster_by_Waldemar_Kazak.jpg [2012/10/24 19:58:19 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012/10/24 19:58:19 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012/10/24 19:58:04 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2012/10/21 17:02:31 | 000,000,088 | -HS- | C] () -- C:\Windows\SysWow64\B95B2ED45B.sys [2012/10/21 01:25:06 | 000,002,568 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys [2012/10/09 00:03:21 | 000,016,578 | ---- | C] () -- E:\Users\DLee\525939_10102065825111747_1243328490_n.jpg [2012/10/07 20:17:55 | 000,387,877 | ---- | C] () -- E:\Users\DLee\9b437880-f324-012f-85f0-123138041608.jpg [2012/10/07 20:07:58 | 000,155,766 | ---- | C] () -- E:\Users\DLee\21d2f330-f323-012f-4465-1231381a1446.jpg [2012/09/26 21:10:45 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2012/09/25 23:39:29 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2012/09/25 23:39:29 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2012/09/25 00:38:50 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI [2012/09/23 01:51:20 | 000,000,706 | ---- | C] () -- E:\Users\DLee\LiveCam.lnk [2012/09/23 01:47:44 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini [2012/09/23 01:35:07 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys [2012/09/23 01:32:02 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2012/09/23 01:32:02 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012/09/22 11:59:15 | 000,000,082 | ---- | C] () -- E:\Users\DLee\cc_20120922_115907.reg [2012/09/22 11:53:45 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/09/21 15:15:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012/09/21 15:08:03 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012/08/23 20:43:30 | 000,053,710 | ---- | C] () -- E:\Users\DLee\521928_699716595901_1000917956_n.jpg [2012/07/27 18:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/07/27 18:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/07/18 15:49:06 | 000,060,304 | ---- | C] () -- E:\Users\DLee\g2mdlhlpx.exe [2012/07/15 17:12:54 | 000,012,703 | ---- | C] () -- E:\Users\DLee\BlackDragonButterflyKnife_540.jpg [2012/05/03 22:57:20 | 000,001,852 | ---- | C] () -- E:\Users\DLee\Firefox Recovery Key.html [2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012/04/30 22:21:59 | 000,225,698 | ---- | C] () -- E:\Users\DLee\522934_692759349564_201301381_33961965_1242445336_n (1).jpg [2012/04/26 23:49:46 | 000,225,698 | ---- | C] () -- E:\Users\DLee\522934_692759349564_201301381_33961965_1242445336_n.jpg [2012/04/23 23:42:09 | 000,142,140 | ---- | C] () -- E:\Users\DLee\J0KUE.jpg [2012/04/22 20:48:27 | 000,727,258 | ---- | C] () -- E:\Users\DLee\hhlXr.jpg [2012/04/22 20:35:49 | 000,402,624 | ---- | C] () -- E:\Users\DLee\23iVE.png [2012/04/22 20:29:01 | 003,215,704 | ---- | C] () -- E:\Users\DLee\U83Nv.gif [2012/04/22 19:43:50 | 000,775,117 | ---- | C] () -- E:\Users\DLee\SH6Si.jpg [2012/03/29 20:19:28 | 002,035,369 | ---- | C] () -- E:\Users\DLee\RWbMh.gif [2012/03/29 19:57:26 | 000,031,513 | ---- | C] () -- E:\Users\DLee\o3rMB.jpg [2012/03/26 22:55:54 | 000,020,162 | ---- | C] () -- E:\Users\DLee\head_banner2.png [2012/03/26 22:55:17 | 000,263,549 | ---- | C] () -- E:\Users\DLee\header_outreach.png [2012/03/17 15:27:17 | 000,060,690 | ---- | C] () -- E:\Users\DLee\028Fi.jpg [2012/03/17 15:22:35 | 000,026,615 | ---- | C] () -- E:\Users\DLee\OeXId.jpg [2012/03/17 15:06:08 | 001,967,871 | ---- | C] () -- E:\Users\DLee\VoKn3.gif [2012/03/17 01:26:53 | 000,196,960 | ---- | C] () -- E:\Users\DLee\Tu3vd.jpg [2012/03/17 01:23:48 | 000,026,145 | ---- | C] () -- E:\Users\DLee\kG7qr.png [2012/03/17 01:17:21 | 000,054,914 | ---- | C] () -- E:\Users\DLee\cZK8S.jpg [2012/03/17 00:43:39 | 000,510,901 | ---- | C] () -- E:\Users\DLee\EyMXC.gif [2012/03/14 23:12:22 | 000,038,878 | ---- | C] () -- E:\Users\DLee\313824_010_n.jpg [2012/03/14 23:11:20 | 000,038,878 | ---- | C] () -- E:\Users\DLee\mail.google.com [2012/03/04 19:57:05 | 000,073,958 | ---- | C] () -- E:\Users\DLee\419059_1507580045708_1120500823_30885928_849110466_n.jpg [2012/02/26 22:44:17 | 000,091,736 | ---- | C] () -- E:\Users\DLee\418945_194826803957023_100002891151572_274340_144036853_n.jpg [2012/02/26 22:42:55 | 000,156,471 | ---- | C] () -- E:\Users\DLee\246079567109254825_hSTsd8iz_c.jpg [2012/02/25 22:19:45 | 001,638,400 | ---- | C] () -- E:\Users\DLee\omfgdogs.mp3 [2012/02/25 22:17:39 | 000,542,471 | ---- | C] () -- E:\Users\DLee\omfgdogs.gif [2012/02/21 01:27:38 | 000,055,784 | ---- | C] () -- E:\Users\DLee\427110_10100663564692867_3600443_56173304_1559872594_n.jpg [2012/02/15 08:03:47 | 000,016,954 | ---- | C] () -- E:\Users\DLee\409376_378941472135312_205344452828349_1395421_1482267596_n.jpg [2012/02/12 19:06:15 | 000,024,829 | ---- | C] () -- E:\Users\DLee\432330_10150554871468546_591728545_8891908_585744766_n.jpg [2012/02/12 14:01:04 | 000,075,678 | ---- | C] () -- E:\Users\DLee\68700_10150292547240117_302201620116_15155542_884879_n.jpg [2012/02/11 21:28:31 | 000,169,131 | ---- | C] () -- E:\Users\DLee\2-11-2012 8-28-31 PM.jpg [2012/02/11 21:22:26 | 000,085,727 | ---- | C] () -- E:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.26_[2012.02.11_20.22.25].jpg [2012/02/11 21:22:24 | 000,076,682 | ---- | C] () -- E:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.24_[2012.02.11_20.22.23].jpg [2012/02/11 21:22:22 | 000,084,626 | ---- | C] () -- E:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.21_[2012.02.11_20.22.20].jpg [2012/02/11 21:22:13 | 000,065,024 | ---- | C] () -- E:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.16_[2012.02.11_20.22.12].jpg [2012/02/11 21:22:06 | 000,052,997 | ---- | C] () -- E:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.12_[2012.02.11_20.22.05].jpg [2012/02/11 21:21:45 | 000,074,819 | ---- | C] () -- E:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.44_[2012.02.11_20.21.44].jpg [2012/02/11 21:21:28 | 000,075,280 | ---- | C] () -- E:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.32_[2012.02.11_20.21.26].jpg [2012/02/11 21:21:21 | 000,087,204 | ---- | C] () -- E:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.30_[2012.02.11_20.21.19].jpg [2012/02/11 21:21:04 | 000,090,681 | ---- | C] () -- E:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.26_[2012.02.11_20.21.01].jpg [2012/02/11 19:45:13 | 000,127,096 | ---- | C] () -- E:\Users\DLee\2587956_700b.jpg [2012/02/11 01:21:13 | 000,070,948 | ---- | C] () -- E:\Users\DLee\Walther Standing.jpg [2012/02/08 19:58:40 | 000,079,510 | ---- | C] () -- E:\Users\DLee\281578_2026807263257_1036317068_31959519_3094117_n.jpg [2012/02/07 19:39:25 | 000,000,305 | ---- | C] () -- E:\Users\DLee\l.php [2012/02/07 18:58:39 | 000,059,854 | ---- | C] () -- E:\Users\DLee\420964_665579498204_201301381_33851538_484325604_n.jpg [2012/02/02 20:09:38 | 000,044,231 | ---- | C] () -- E:\Users\DLee\396296_10150615620547429_533717428_10881579_1823029198_n.jpg [2012/01/28 11:41:56 | 000,007,534 | ---- | C] () -- E:\Users\DLee\420427_317348844974675_131437750232453_900474_797310643_n.jpg [2011/12/20 01:57:21 | 000,037,039 | ---- | C] () -- E:\Users\DLee\bikelift.htm [2011/12/12 19:52:35 | 000,165,273 | ---- | C] () -- E:\Users\DLee\RUNholidayparty-8.jpg [2011/12/12 19:52:12 | 000,500,108 | ---- | C] () -- E:\Users\DLee\RUNholidayparty-5.jpg [2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/06/13 03:43:17 | 000,000,163 | ---- | C] () -- E:\Users\DLee\flv.reg [2011/06/10 00:48:39 | 002,387,623 | ---- | C] () -- E:\Users\DLee\protein_guide_v3.pdf [2011/03/24 23:30:52 | 003,713,534 | ---- | C] () -- E:\Users\DLee\guitarjamz_ultimate_guitar_manual.pdf [2011/03/24 04:11:10 | 000,001,007 | ---- | C] () -- E:\Users\DLee\PC Benchmark 3-25-11.htm [2011/03/21 20:51:27 | 000,000,899 | ---- | C] () -- E:\Users\DLee\George off.exe - Shortcut.lnk [2011/03/21 05:44:15 | 000,000,799 | ---- | C] () -- E:\Users\DLee\ASIO4ALL v2 Instruction Manual.lnk [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 1343 bytes -> C:\ProgramData\Microsoft:0W3Y9k6estow6ZALHWQL @Alternate Data Stream - 1193 bytes -> C:\ProgramData\Microsoft:WircfwojjIUmYtMlSVdd @Alternate Data Stream - 1187 bytes -> C:\Program Files\Common Files\Microsoft Shared:Jz77p2Ukdsg0XTfpG6QUTcgjxkYEv @Alternate Data Stream - 1148 bytes -> C:\ProgramData\Microsoft:ERZSStxkCfV7Yyk5ZTJYcx < End of report >