Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Another SmitFraud-C.generic That Won't Go Away [Solved]


  • This topic is locked This topic is locked

#1
Daniel Christmas Lee

Daniel Christmas Lee

    Member

  • Member
  • PipPipPip
  • 208 posts
Hello All Who Can Help,

My name is Daniel. I came home from work yesterday turned on my computer, it crashed. Rebooted, opened Firefox, proceeded to Google/Gmail, internet felt slow; failed to login to Gmail, tried again, then tried Google Voice, failed, then Google, and was ask to solve a Captcha, a message said they were receiving too many requests from my IP, this was odd; solved word puzzle, failed, solved another one, failed... opened Chrome, redirected to "yellow pages," I knew this was a known fraud spyware malware virus thing; quickly ran SpyBot and SuperAntiSpyware, removed all threats; did not note what threats were there; restarted, opened firefox, went to Google, still could not search, came back an hour later, opened firefox, went to google, did a search, was redirected to "yellow pages," opened chrome, did a google search, was redirected by "vred" something... ran SpyBot and SuperAntiSpyware in Safe Mode, discovered threats, removed them... everything worked fine until the next day (now)...

Same symptoms, went into safe mode, actually made note what was the problem - Smitfraud-C.generic, SpyBot found it, but even after confirming it's "removed", running another scan shows the threat is still there... "show file location" attributes the threat to C:Windows/svchost.exe

Used my smartphone and found this site; downloaded SmitfraudFix, ran that, but after selecting "2" and running the scan... it goes from "Killing Processes" to "Access Denied..." "Access Denied" a bunch of times, then blah blah, black screen, no activity, "safe mode" in all for corners of screen... ran SmitfraudFix a bunch of times after, still same results, note I also made sure to Run as Admin.

Side note, after deleting SmitFraud-C.generic via SpyBot, the "svchost" file becomes svchost.exe-old; and every time I deleted them both the svchost and old svchost, I was denied, so I used SpyBots Secure Shredder, and that "worked."

But nope, still showing SmitFraud in my system, and still getting redirected via all my browsers, Chrome, FF, Safari... Internet is slow, takes forever to reach Google and I get locked out.

Anyway, let's cut to the chase... I appreciate this forum, I've used something similar a long time ago, what you guys offer is highly valuable. Thank you in advance. Here is my OTL Log:

OTL logfile created on: 1/31/2012 22:32:25 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\DLee\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

16.00 Gb Total Physical Memory | 14.10 Gb Available Physical Memory | 88.12% Memory free
31.99 Gb Paging File | 30.16 Gb Available in Paging File | 94.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.65 Gb Total Space | 206.69 Gb Free Space | 44.39% Space Free | Partition Type: NTFS
Drive E: | 59.63 Gb Total Space | 18.99 Gb Free Space | 31.85% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 28.42 Gb Free Space | 6.10% Space Free | Partition Type: NTFS
Drive X: | 465.86 Gb Total Space | 167.25 Gb Free Space | 35.90% Space Free | Partition Type: NTFS

Computer Name: AEGIS | User Name: DLee | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/31 22:32:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\DLee\Desktop\OTL.exe
PRC - [2012/01/13 14:53:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/09/07 20:56:11 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/17 20:55:09 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/07 20:56:11 | 001,000,920 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/08 12:42:32 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/09/08 09:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/11/20 05:25:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2009/07/17 05:31:34 | 004,948,992 | ---- | M] (Native Instruments GmbH) [Auto | Stopped] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2009/07/13 17:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009/07/13 17:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/07 23:44:08 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2011/04/27 09:42:06 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/20 04:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/07/01 03:45:02 | 000,136,616 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2010/06/23 22:19:50 | 000,109,056 | R--- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/16 09:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Stopped] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/07/13 17:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 14:09:04 | 000,172,032 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe -- (ASWLCCSvc)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/09/08 10:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/08 08:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 17:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/24 05:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/06/07 23:44:14 | 000,427,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2011/06/06 22:37:18 | 000,133,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2011/06/06 22:37:18 | 000,033,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2011/06/06 22:37:18 | 000,014,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (AvgRkx64)
DRV:64bit: - [2011/06/06 14:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/04/30 03:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/04/30 03:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/03/28 02:55:50 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/03/28 02:53:22 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 15:50:14 | 000,018,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 05:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 05:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 03:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/20 09:49:06 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/12 16:42:28 | 001,104,672 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010/01/27 17:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/11 03:28:34 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/12/22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/28 09:59:08 | 000,045,752 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCASp50.sys -- (PCASp50)
DRV:64bit: - [2009/10/26 22:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/10/26 22:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/15 19:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 12:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 17:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2007/04/23 18:12:44 | 000,739,760 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BisonCam.sys -- (Cam5603D)
DRV:64bit: - [2006/09/02 23:53:54 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2010/07/09 11:19:04 | 000,021,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys -- (cpuz134)
DRV - [2009/10/28 09:59:08 | 000,045,752 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 B8 4B 00 BB F3 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63394

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\DLee\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\DLee\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\DLee\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DLee\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DLee\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: X:\Adobe\CS5 Master Suite\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/03/20 02:02:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG8\Firefox [2011/06/07 23:46:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/07 20:59:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/30 14:33:15 | 000,000,000 | ---D | M]

[2011/03/19 23:20:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Extensions
[2011/03/19 16:33:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2012/01/31 19:44:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions
[2011/09/07 20:54:57 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2011/03/19 23:21:07 | 000,000,000 | ---D | M] (Define Word) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{1395baf2-3aa6-4d0f-83d6-1d9b66a9420d}
[2011/09/08 20:16:15 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2011/03/19 23:21:07 | 000,000,000 | ---D | M] (Print/Print Preview) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}
[2011/03/19 23:21:07 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/09/07 20:54:53 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/09/07 20:54:52 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011/03/19 23:23:49 | 000,000,000 | ---D | M] (oldbar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2011/03/19 23:25:27 | 000,000,000 | ---D | M] (FavLoc) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{472f4ef0-a825-11da-a746-0800200c9a66}
[2011/03/19 23:21:04 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/09/10 13:39:06 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2011/03/19 23:21:04 | 000,000,000 | ---D | M] ("ProCon Latte") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}
[2011/03/19 23:21:04 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011/09/07 20:54:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/27 04:06:30 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/09/07 20:54:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/19 23:21:02 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/05/16 21:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/03/19 23:21:01 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/09/07 20:54:51 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/03/19 23:21:00 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2011/10/27 17:11:56 | 000,000,000 | ---D | M] (Craigslist Image Prefetcher) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/03/19 23:21:11 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/03/19 23:21:10 | 000,000,000 | ---D | M] ("KGen") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/04/24 17:01:18 | 000,000,000 | ---D | M] (Show Picture) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/08/24 21:33:18 | 000,000,000 | ---D | M] (Save Images) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/04/18 02:00:33 | 000,000,000 | ---D | M] (Multi Links) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/05/16 21:59:57 | 000,000,000 | ---D | M] ("SEO For Firefox") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/03/19 23:21:09 | 000,000,000 | ---D | M] (SeoQuake Plugin - Del.icio.us) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/03/19 23:21:09 | 000,000,000 | ---D | M] (SeoQuake Plugin - Seolinx) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/09/07 20:54:54 | 000,000,000 | ---D | M] (Simple Timer) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/03/19 23:21:09 | 000,000,000 | ---D | M] ("Status-bar Scientific Calculator") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/05/16 21:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2011/03/27 04:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions
[2011/03/19 23:20:26 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2011/03/19 23:20:26 | 000,000,000 | ---D | M] (Define Word) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{1395baf2-3aa6-4d0f-83d6-1d9b66a9420d}
[2011/03/19 23:20:26 | 000,000,000 | ---D | M] (Print/Print Preview) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}
[2011/03/19 23:20:26 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/03/19 16:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/19 23:20:26 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/03/19 23:20:25 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011/03/19 23:20:22 | 000,000,000 | ---D | M] (Data Analytics) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{377364a4-d91a-47ea-87de-c3d7eaf221cd}
[2011/03/19 23:20:22 | 000,000,000 | ---D | M] (oldbar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2011/03/19 23:20:22 | 000,000,000 | ---D | M] (FavLoc) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{472f4ef0-a825-11da-a746-0800200c9a66}
[2011/03/19 23:20:21 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/03/19 23:20:21 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2011/03/19 23:20:19 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011/03/19 23:20:19 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011/03/19 23:20:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/27 04:06:30 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/03/19 23:20:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2011/03/19 23:20:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/19 23:20:16 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/03/19 23:20:14 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/03/19 23:20:14 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/03/19 23:20:14 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2011/03/19 23:20:30 | 000,000,000 | ---D | M] (Show Picture) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:29 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:28 | 000,000,000 | ---D | M] ("Highlights") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:28 | 000,000,000 | ---D | M] ("SEO For Firefox") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:28 | 000,000,000 | ---D | M] (SeoQuake Plugin - Del.icio.us) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:28 | 000,000,000 | ---D | M] (SeoQuake Plugin - Seolinx) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:28 | 000,000,000 | ---D | M] ("Simple Timer") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:27 | 000,000,000 | ---D | M] (Site Information Tool) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\staged-xpis
[2011/03/19 23:20:26 | 000,000,000 | ---D | M] ("Status-bar Scientific Calculator") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/27 04:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\fnhvl5tp.default\extensions
[2011/03/27 04:06:30 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\fnhvl5tp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/01/31 19:44:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/19 23:18:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/04/12 23:27:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/13 12:41:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2007/12/13 09:55:00 | 000,437,760 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npagent.dll
[2010/03/27 17:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2005/12/05 21:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npmozax.dll
[2008/06/30 21:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npOGAPlugin.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Driver Agent Plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npagent.dll
CHR - plugin: Adobe Contribute CS5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
CHR - plugin: DivX\u00AE Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Office Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npOGAPlugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\DLee\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\DLee\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\DLee\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\DLee\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/30 23:00:49 | 000,441,158 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 94.63.147.14 www.google.com
O1 - Hosts: 94.63.147.15 www.bing.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15162 more lines...
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - X:\Adobe\CS5 Master Suite\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - X:\Adobe\CS5 Master Suite\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Control Center] C:\Program Files (x86)\ASUS\WLAN Card Utilities\CenterAgent.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75EF2997-7330-4525-AF98-B85397041F3F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (EXPLORER.EXE) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/31 22:32:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\DLee\Desktop\OTL.exe
[2012/01/31 22:20:02 | 000,000,000 | ---D | C] -- C:\Users\DLee\AppData\Roaming\Malwarebytes
[2012/01/31 22:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/31 22:19:55 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/31 22:19:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/31 22:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/31 22:13:10 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\DLee\Desktop\mbam-setup-1.60.1.1000.exe
[2012/01/31 22:06:48 | 000,000,000 | ---D | C] -- C:\Users\DLee\Desktop\SmitfraudFix
[2012/01/31 21:58:49 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\VCCLSID.exe
[2012/01/31 21:58:49 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\SrchSTS.exe
[2012/01/31 21:58:49 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swreg.exe
[2012/01/31 21:58:49 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\VACFix.exe
[2012/01/31 21:58:49 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.exe
[2012/01/31 21:58:49 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.C.exe
[2012/01/31 21:58:49 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\404Fix.exe
[2012/01/31 21:58:49 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\o4Patch.exe
[2012/01/31 21:58:49 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swxcacls.exe
[2012/01/31 21:58:49 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\Agent.OMZ.Fix.exe
[2012/01/31 21:58:49 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\SysWow64\Process.exe
[2012/01/30 19:28:31 | 000,108,080 | ---- | C] (Microsoft Corporation) -- C:\Users\DLee\AppData\Roaming\krnlhtml.exe
[2012/01/29 22:07:16 | 000,108,080 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\configremote.exe
[2012/01/26 21:51:37 | 000,000,000 | ---D | C] -- C:\Users\DLee\AppData\Roaming\Adobe Mini Bridge CS5
[2012/01/26 21:23:40 | 000,000,000 | ---D | C] -- C:\Users\DLee\Jobs 2012
[2012/01/15 23:15:08 | 000,000,000 | ---D | C] -- C:\Users\DLee\Marine Officer Docs
[2012/01/12 20:07:19 | 000,000,000 | ---D | C] -- C:\Users\DLee\Desktop\SAW 1-7 (2004 - 2010) DvdRips XviD Xult
[2012/01/04 00:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Swiff Player
[2012/01/04 00:50:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GlobFX
[2012/01/04 00:49:55 | 004,494,354 | ---- | C] (GlobFX Technologies ) -- C:\Users\DLee\Desktop\SwiffPlayerSetup172.exe
[2012/01/04 00:49:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/31 22:32:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\DLee\Desktop\OTL.exe
[2012/01/31 22:22:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/31 22:22:38 | 4293,533,694 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/31 22:17:10 | 000,001,552 | ---- | M] () -- C:\Windows\SysWow64\tmp.reg
[2012/01/31 22:17:10 | 000,000,691 | ---- | M] () -- C:\Users\DLee\AppData\Roaming\GetValue.vbs
[2012/01/31 22:17:10 | 000,000,035 | ---- | M] () -- C:\Users\DLee\AppData\Roaming\SetValue.bat
[2012/01/31 22:13:22 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\DLee\Desktop\mbam-setup-1.60.1.1000.exe
[2012/01/31 22:12:45 | 001,872,472 | ---- | M] () -- C:\Users\DLee\Desktop\SmitfraudFix.exe
[2012/01/31 21:56:55 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/31 21:56:55 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/31 21:56:55 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012/01/31 21:47:37 | 000,000,364 | ---- | M] () -- C:\Windows\wininit.ini
[2012/01/31 21:47:26 | 000,030,208 | ---- | M] () -- C:\Users\DLee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/31 19:54:44 | 000,000,954 | ---- | M] () -- C:\Users\DLee\Desktop\regfix.reg
[2012/01/31 19:25:04 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3964745361-1973383320-2877571132-1000UA.job
[2012/01/30 23:32:31 | 089,451,570 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2012/01/30 23:00:49 | 000,441,158 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/30 20:05:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3964745361-1973383320-2877571132-1000UA.job
[2012/01/30 18:54:59 | 000,000,882 | RH-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120130-230049.backup
[2012/01/29 22:00:37 | 031,153,970 | ---- | M] () -- C:\Users\DLee\Desktop\Harley Davidson Service Manual Sportster 86-03.pdf
[2012/01/29 19:11:35 | 159,318,503 | ---- | M] () -- C:\Users\DLee\Desktop\Episode31-TranceIsLifePodcast.mp3
[2012/01/29 18:25:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3964745361-1973383320-2877571132-1000Core.job
[2012/01/29 11:05:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3964745361-1973383320-2877571132-1000Core.job
[2012/01/28 10:41:56 | 000,007,534 | ---- | M] () -- C:\Users\DLee\420427_317348844974675_131437750232453_900474_797310643_n.jpg
[2012/01/27 16:39:59 | 000,002,932 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012/01/27 16:38:14 | 003,105,442 | ---- | M] () -- C:\Users\DLee\Desktop\Oily_Stuff_Under_Carb.flv
[2012/01/24 23:25:57 | 000,002,373 | ---- | M] () -- C:\Users\DLee\Desktop\Google Chrome.lnk
[2012/01/22 22:00:00 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2012/01/18 22:35:23 | 000,190,180 | ---- | M] () -- C:\Users\DLee\Desktop\Dynojet Normal.pdf
[2012/01/18 18:47:28 | 000,170,760 | ---- | M] () -- C:\Users\DLee\Desktop\Dynojet 883 Racer.pdf
[2012/01/15 12:13:44 | 000,440,213 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120119-175357.backup
[2012/01/14 18:54:47 | 000,029,153 | ---- | M] () -- C:\Users\DLee\Desktop\ruler_foot-1.pdf
[2012/01/11 22:38:08 | 052,451,901 | ---- | M] () -- C:\Users\DLee\Desktop\Lynyrd_Skynyrd_-_Simple_Man_-_super_easy_beginner_acoustic_g.flv
[2012/01/11 19:32:11 | 000,091,336 | ---- | M] () -- C:\Users\DLee\Desktop\SR-i900 Remote Web-500x500.jpg
[2012/01/09 22:04:09 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/09 00:49:17 | 000,440,086 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120115-121344.backup
[2012/01/09 00:47:45 | 000,007,634 | ---- | M] () -- C:\Users\DLee\AppData\Local\resmon.resmoncfg
[2012/01/09 00:35:35 | 000,440,086 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120109-004917.backup
[2012/01/08 10:17:17 | 002,375,667 | ---- | M] () -- C:\Users\DLee\Desktop\Lynyrd_Skynyrd_-_Simple_Man.flv
[2012/01/07 18:49:04 | 003,534,906 | ---- | M] () -- C:\Users\DLee\Desktop\wnr834bv2_2_1_13_na_only.chk
[2012/01/06 22:46:06 | 000,043,229 | ---- | M] () -- C:\Users\DLee\Desktop\384826_10100443104666527_3625256_55133678_1505682643_n.jpg
[2012/01/05 22:49:09 | 005,927,077 | ---- | M] () -- C:\Users\DLee\Desktop\ASVAB for Dummies (2nd Edition).pdf
[2012/01/05 17:47:56 | 000,102,999 | ---- | M] () -- C:\Users\DLee\Desktop\Gauge Amazon.pdf
[2012/01/05 17:28:45 | 000,013,077 | ---- | M] () -- C:\Users\DLee\Desktop\Balaclava Amazon.pdf
[2012/01/04 00:50:35 | 000,001,088 | ---- | M] () -- C:\Users\DLee\Desktop\Swiff Player.lnk
[2012/01/04 00:50:00 | 004,494,354 | ---- | M] (GlobFX Technologies ) -- C:\Users\DLee\Desktop\SwiffPlayerSetup172.exe
[2012/01/02 21:21:56 | 000,440,086 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120109-003535.backup
[2012/01/02 21:13:45 | 000,002,576 | -HS- | M] () -- C:\Users\DLee\AppData\Local\871tu76xx38p34227204lnianx6a578kcu0nk46016o
[2012/01/02 21:13:45 | 000,002,576 | -HS- | M] () -- C:\ProgramData\871tu76xx38p34227204lnianx6a578kcu0nk46016o
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/31 22:19:56 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/31 22:12:26 | 001,872,472 | ---- | C] () -- C:\Users\DLee\Desktop\SmitfraudFix.exe
[2012/01/31 21:59:29 | 000,000,691 | ---- | C] () -- C:\Users\DLee\AppData\Roaming\GetValue.vbs
[2012/01/31 21:59:29 | 000,000,035 | ---- | C] () -- C:\Users\DLee\AppData\Roaming\SetValue.bat
[2012/01/31 21:59:28 | 000,001,552 | ---- | C] () -- C:\Windows\SysWow64\tmp.reg
[2012/01/31 21:58:49 | 000,075,776 | ---- | C] () -- C:\Windows\SysWow64\WS2Fix.exe
[2012/01/31 21:58:49 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\dumphive.exe
[2012/01/31 21:58:49 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2012/01/31 19:54:52 | 000,000,954 | ---- | C] () -- C:\Users\DLee\Desktop\regfix.reg
[2012/01/30 20:06:51 | 000,000,364 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/29 18:07:26 | 159,318,503 | ---- | C] () -- C:\Users\DLee\Desktop\Episode31-TranceIsLifePodcast.mp3
[2012/01/28 10:41:56 | 000,007,534 | ---- | C] () -- C:\Users\DLee\420427_317348844974675_131437750232453_900474_797310643_n.jpg
[2012/01/27 16:38:08 | 003,105,442 | ---- | C] () -- C:\Users\DLee\Desktop\Oily_Stuff_Under_Carb.flv
[2012/01/18 22:35:23 | 000,190,180 | ---- | C] () -- C:\Users\DLee\Desktop\Dynojet Normal.pdf
[2012/01/18 18:47:28 | 000,170,760 | ---- | C] () -- C:\Users\DLee\Desktop\Dynojet 883 Racer.pdf
[2012/01/14 18:54:47 | 000,029,153 | ---- | C] () -- C:\Users\DLee\Desktop\ruler_foot-1.pdf
[2012/01/11 22:31:21 | 052,451,901 | ---- | C] () -- C:\Users\DLee\Desktop\Lynyrd_Skynyrd_-_Simple_Man_-_super_easy_beginner_acoustic_g.flv
[2012/01/11 19:32:10 | 000,091,336 | ---- | C] () -- C:\Users\DLee\Desktop\SR-i900 Remote Web-500x500.jpg
[2012/01/08 10:17:17 | 002,375,667 | ---- | C] () -- C:\Users\DLee\Desktop\Lynyrd_Skynyrd_-_Simple_Man.flv
[2012/01/07 18:46:00 | 003,534,906 | ---- | C] () -- C:\Users\DLee\Desktop\wnr834bv2_2_1_13_na_only.chk
[2012/01/06 22:44:29 | 000,043,229 | ---- | C] () -- C:\Users\DLee\Desktop\384826_10100443104666527_3625256_55133678_1505682643_n.jpg
[2012/01/05 22:48:56 | 005,927,077 | ---- | C] () -- C:\Users\DLee\Desktop\ASVAB for Dummies (2nd Edition).pdf
[2012/01/05 17:47:56 | 000,102,999 | ---- | C] () -- C:\Users\DLee\Desktop\Gauge Amazon.pdf
[2012/01/05 17:28:45 | 000,013,077 | ---- | C] () -- C:\Users\DLee\Desktop\Balaclava Amazon.pdf
[2012/01/04 00:50:35 | 000,001,088 | ---- | C] () -- C:\Users\DLee\Desktop\Swiff Player.lnk
[2012/01/02 20:54:56 | 000,002,576 | -HS- | C] () -- C:\Users\DLee\AppData\Local\871tu76xx38p34227204lnianx6a578kcu0nk46016o
[2012/01/02 20:54:56 | 000,002,576 | -HS- | C] () -- C:\ProgramData\871tu76xx38p34227204lnianx6a578kcu0nk46016o
[2011/12/04 12:03:15 | 000,003,520 | -HS- | C] () -- C:\Users\DLee\AppData\Local\j4nv56c0og6dvr
[2011/12/04 12:03:15 | 000,003,520 | -HS- | C] () -- C:\ProgramData\j4nv56c0og6dvr
[2011/11/09 18:47:41 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2011/09/14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/07 21:32:25 | 000,165,536 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/08/24 19:19:10 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/08/20 20:19:16 | 000,000,008 | RHS- | C] () -- C:\Windows\SysWow64\D81DEDD44C.sys
[2011/08/20 20:18:02 | 000,000,088 | RHS- | C] () -- C:\Windows\SysWow64\317C373DAA.sys
[2011/08/20 20:11:02 | 000,002,932 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011/07/07 20:55:50 | 000,001,456 | ---- | C] () -- C:\Users\DLee\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/06/27 22:23:38 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
[2011/06/02 11:34:26 | 000,008,257 | ---- | C] () -- C:\Users\DLee\AppData\Roaming\AC1A.C40
[2011/05/01 12:17:39 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys
[2011/05/01 12:17:39 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin
[2011/04/13 12:08:06 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/04/13 12:08:06 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/04/10 22:57:56 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/02 14:52:57 | 000,030,208 | ---- | C] () -- C:\Users\DLee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/02 14:45:31 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/03/24 23:46:22 | 000,000,255 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/03/24 23:46:22 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/03/24 23:45:26 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/03/24 23:45:26 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/03/24 23:44:50 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/03/24 23:44:50 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/03/24 23:44:50 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/03/20 16:40:31 | 000,003,608 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/03/20 16:40:31 | 000,000,008 | RHS- | C] () -- C:\ProgramData\0571F720CC.sys
[2011/03/20 00:48:37 | 000,120,268 | ---- | C] () -- C:\Windows\File Renamer - Basic Uninstaller.exe
[2011/03/19 22:41:55 | 000,007,634 | ---- | C] () -- C:\Users\DLee\AppData\Local\resmon.resmoncfg
[2011/03/19 22:38:22 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/03/19 20:29:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/19 20:23:46 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/03/19 20:23:46 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/03/19 20:18:08 | 000,039,233 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/03/19 20:16:17 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/03/19 20:16:13 | 000,032,217 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/05 18:48:34 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 04:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/03/29 22:32:40 | 000,032,768 | R--- | C] () -- C:\Windows\DAODx.exe
[2008/12/01 17:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2007/11/26 20:56:28 | 000,151,415 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2007/06/05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\SysWow64\PSIService.exe

========== LOP Check ==========

[2011/12/29 16:22:07 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\04802
[2011/03/21 04:27:59 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Ableton
[2011/03/21 00:58:33 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\acccore
[2012/01/29 00:30:41 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Azureus
[2011/04/11 22:10:33 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Braid
[2011/03/31 01:49:31 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\DAEMON Tools Lite
[2011/03/25 02:30:31 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Guitar Pro 6
[2011/03/20 00:01:03 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\IObit
[2011/05/31 22:16:42 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\IrfanView
[2011/03/22 00:00:50 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Leadertech
[2011/10/22 18:05:57 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Magic Set Editor
[2012/01/15 12:05:17 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Notepad++
[2011/09/07 21:46:01 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Opera
[2011/11/09 18:47:41 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\PACE Anti-Piracy
[2011/05/01 03:00:04 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\SoundSpectrum
[2011/04/12 23:43:33 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/05/15 04:16:12 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\vghd
[2011/09/17 22:03:09 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Wizards of the Coast
[2012/01/29 11:05:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3964745361-1973383320-2877571132-1000Core.job
[2012/01/30 20:05:00 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3964745361-1973383320-2877571132-1000UA.job
[2012/01/30 23:25:13 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/22 22:00:00 | 000,000,406 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1284 bytes -> C:\ProgramData\Microsoft:E1HQlF49b7FE0gm1oxnRymW
@Alternate Data Stream - 1232 bytes -> C:\ProgramData\Microsoft:WircfwojjIUmYtMlSVdd

< End of report >

Please help. Thank you!

Attached Files


Edited by Daniel Christmas Lee, 01 February 2012 - 01:14 AM.

  • 0

Advertisements


#2
Daniel Christmas Lee

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts
And against instructions, I ran a ComboFix because that's usually what would be advised... so to save time.. I'd appreciate it if someone can analyze my CombixFix Log.
Thanks!

ComboFix 12-01-31.01 - DLee 01/31/2012 22:55:50.1.6 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16382.14493 [GMT -8:00]
Running from: c:\users\DLee\Desktop\DLeeFix.exe
AV: AVG Anti-Virus *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\LP
c:\program files (x86)\LP\1D60\194C.tmp
c:\program files (x86)\LP\1D60\2174.tmp
c:\program files (x86)\LP\1D60\33A.tmp
c:\program files (x86)\LP\1D60\6AD6.tmp
c:\program files (x86)\LP\1D60\76F.tmp
c:\program files (x86)\LP\1D60\779F.tmp
c:\program files (x86)\LP\1D60\7ADA.tmp
c:\program files (x86)\LP\1D60\B6E6.tmp
c:\program files (x86)\LP\1D60\D994.tmp
c:\program files (x86)\LP\1D60\E906.tmp
c:\program files (x86)\LP\1D60\ECA0.tmp
c:\program files (x86)\Mozilla Firefox\components\npclntax.xpt
c:\programdata\configremote.exe
c:\users\DLee\AppData\Roaming\krnlhtml.exe
c:\users\DLee\AppData\Roaming\Microsoft\Windows\Templates\871tu76xx38p34227204lnianx6a578kcu0nk46016o
c:\users\DLee\g2mdlhlpx.exe
c:\users\DLee\George off.exe
c:\windows\svchost.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\404Fix.exe
c:\windows\SysWow64\Agent.OMZ.Fix.exe
c:\windows\SysWow64\dumphive.exe
c:\windows\SysWow64\IEDFix.C.exe
c:\windows\SysWow64\IEDFix.exe
c:\windows\SysWow64\local.txt
c:\windows\SysWow64\o4Patch.exe
c:\windows\SysWow64\Process.exe
c:\windows\SysWow64\SrchSTS.exe
c:\windows\SysWow64\tmp.reg
c:\windows\SysWow64\VACFix.exe
c:\windows\SysWow64\VCCLSID.exe
c:\windows\SysWow64\WS2Fix.exe
X:\uninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-01 to 2012-02-01 )))))))))))))))))))))))))))))))
.
.
2012-02-01 06:20 . 2012-02-01 06:20 -------- d-----w- c:\users\DLee\AppData\Roaming\Malwarebytes
2012-02-01 06:19 . 2012-02-01 06:19 -------- d-----w- c:\programdata\Malwarebytes
2012-02-01 05:59 . 2012-02-01 06:17 691 ----a-w- c:\users\DLee\AppData\Roaming\GetValue.vbs
2012-02-01 05:59 . 2012-02-01 06:17 35 ----a-w- c:\users\DLee\AppData\Roaming\SetValue.bat
2012-02-01 05:36 . 2009-07-14 01:14 20480 ------w- c:\windows\fvnllrxv.lqc
2012-02-01 04:49 . 2009-07-14 01:14 20480 ------w- c:\windows\tklifost.gsg
2012-01-27 05:51 . 2012-01-27 05:51 -------- d-----w- c:\users\DLee\AppData\Roaming\Adobe Mini Bridge CS5
2012-01-27 05:23 . 2012-01-27 07:36 -------- d-----w- c:\users\DLee\Jobs 2012
2012-01-16 07:15 . 2012-01-16 07:15 -------- d-----w- c:\users\DLee\Marine Officer Docs
2012-01-15 20:12 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-15 20:12 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-15 20:12 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-15 20:12 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-15 20:12 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-15 20:12 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-15 20:12 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-15 20:12 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-04 08:50 . 2012-01-04 08:50 -------- d-----w- c:\program files (x86)\GlobFX
2012-01-04 08:49 . 2012-01-04 08:49 -------- d-----w- c:\windows\SysWow64\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 04:52 . 2011-12-16 01:34 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 04:55 . 2011-05-16 11:52 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 05:32 . 2011-12-16 01:34 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-16 01:34 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-16 02:20 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-16 02:20 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-16 02:20 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-16 02:20 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-16 02:19 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-16 02:20 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-16 02:20 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-16 02:20 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-12-09 19:51 3911776 ----a-w- c:\program files (x86)\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Control Center"="c:\program files (x86)\ASUS\WLAN Card Utilities\CenterAgent.exe" [2009-05-21 544256]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"EC5.exe"=c:\program files (x86)\LP\1D60\EC5.exe
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SASCORE;SAS Core Service;c:\program files (x86)\SUPERAntiSpyware\SASCore.exe [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 ATSZIO;ATSZIO;c:\windows\SysWOW64\ATSZIO64.sys [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [x]
R3 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2010-07-01 136616]
S0 AvgRkx64;AvgRkx64;c:\windows\System32\Drivers\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [x]
S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [x]
S1 AvgTdiA;AVG8 Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-08 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
S2 ASWLCCSvc;ASUS Wireless Card Service;c:\program files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe [2009-05-21 172032]
S2 avg8wd;AVG8 WatchDog;c:\progra~2\AVG\AVG8\avgwdsvc.exe [2011-06-08 297752]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-10-16 319488]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 4948992]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3964745361-1973383320-2877571132-1000Core.job
- c:\users\DLee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 07:41]
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3964745361-1973383320-2877571132-1000UA.job
- c:\users\DLee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 07:41]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1873288]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:63394
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\
FF - prefs.js: browser.search.selectedEngine - Answers.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Define Word: {1395baf2-3aa6-4d0f-83d6-1d9b66a9420d} - %profile%\extensions\{1395baf2-3aa6-4d0f-83d6-1d9b66a9420d}
FF - Ext: Show Picture: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: Print/Print Preview: {19EB90DC-A456-458b-8AAC-616D91AAFCE1} - %profile%\extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Ext: FavLoc: {472f4ef0-a825-11da-a746-0800200c9a66} - %profile%\extensions\{472f4ef0-a825-11da-a746-0800200c9a66}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: QuickRestart: {F645A8C9-E969-42D9-B3F3-F325537222FD} - %profile%\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
FF - Ext: oldbar: {46868735-c3fa-47ce-8ce7-cce51a66aceb} - %profile%\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Status-bar Scientific Calculator: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
FF - Ext: Element Hiding Helper for Adblock Plus: [email protected] - %profile%\extensions\[email protected]
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Save Images: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Multi Links: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Gmail Manager: {582195F5-92E7-40a0-A127-DB71295901D7} - %profile%\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
FF - Ext: Craigslist Image Prefetcher: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
AddRemove-8461-7759-5462-8226 - X:\uninstall.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:12,72,46,44,94,3f,d2,9f,72,0a,dd,16,58,ec,51,ad,0a,92,fc,5f,07,
c8,04,bd,43,8b,74,f6,14,47,12,89,91,72,3e,f7,bd,b7,76,95,84,58,b4,e2,2c,26,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:12,72,46,44,94,3f,d2,9f,72,0a,dd,16,58,ec,51,ad,0a,92,fc,5f,07,
c8,04,bd,43,8b,74,f6,14,47,12,89,91,72,3e,f7,bd,b7,76,95,84,58,b4,e2,2c,26,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\progra~2\AVG\AVG8\avgam.exe
c:\windows\SysWOW64\PSIService.exe
c:\windows\DAODx.exe
c:\program files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
c:\program files\ASUS\GPU Boost Driver\GpuBoostServer.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-01-31 23:09:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-01 07:09
.
Pre-Run: 221,789,749,248 bytes free
Post-Run: 221,728,874,496 bytes free
.
- - End Of File - - 0CF111148050D8E92A720A996C0AE130

Attached Files


  • 0

#3
Daniel Christmas Lee

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts
And here is another go of ComboFix:

ComboFix 12-01-31.01 - DLee 01/31/2012 23:16:13.2.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16382.14195 [GMT -8:00]
Running from: c:\users\DLee\Desktop\DLeeFix.exe
AV: AVG Anti-Virus *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-01 to 2012-02-01 )))))))))))))))))))))))))))))))
.
.
2012-02-01 07:20 . 2012-02-01 07:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-01 06:20 . 2012-02-01 06:20 -------- d-----w- c:\users\DLee\AppData\Roaming\Malwarebytes
2012-02-01 06:19 . 2012-02-01 06:19 -------- d-----w- c:\programdata\Malwarebytes
2012-02-01 05:59 . 2012-02-01 06:17 691 ----a-w- c:\users\DLee\AppData\Roaming\GetValue.vbs
2012-02-01 05:59 . 2012-02-01 06:17 35 ----a-w- c:\users\DLee\AppData\Roaming\SetValue.bat
2012-02-01 05:36 . 2009-07-14 01:14 20480 ------w- c:\windows\fvnllrxv.lqc
2012-02-01 04:49 . 2009-07-14 01:14 20480 ------w- c:\windows\tklifost.gsg
2012-01-27 05:51 . 2012-01-27 05:51 -------- d-----w- c:\users\DLee\AppData\Roaming\Adobe Mini Bridge CS5
2012-01-27 05:23 . 2012-01-27 07:36 -------- d-----w- c:\users\DLee\Jobs 2012
2012-01-16 07:15 . 2012-01-16 07:15 -------- d-----w- c:\users\DLee\Marine Officer Docs
2012-01-15 20:12 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-15 20:12 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-15 20:12 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-15 20:12 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-15 20:12 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-15 20:12 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-15 20:12 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-15 20:12 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-04 08:50 . 2012-01-04 08:50 -------- d-----w- c:\program files (x86)\GlobFX
2012-01-04 08:49 . 2012-01-04 08:49 -------- d-----w- c:\windows\SysWow64\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 04:52 . 2011-12-16 01:34 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 04:55 . 2011-05-16 11:52 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 05:32 . 2011-12-16 01:34 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-16 01:34 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-16 02:20 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-16 02:20 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-16 02:20 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-16 02:20 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-16 02:19 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-16 02:20 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-16 02:20 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-16 02:20 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( [email protected]_07.03.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-01-30 06:07 . 2012-02-01 06:23 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-01-30 06:07 . 2012-02-01 07:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-03-20 04:31 . 2012-02-01 07:24 58150 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-01 07:24 83458 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-20 04:21 . 2012-02-01 07:24 16572 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3964745361-1973383320-2877571132-1000_UserData.bin
- 2012-02-01 07:00 . 2012-02-01 07:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-01 07:21 . 2012-02-01 07:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-01 07:00 . 2012-02-01 07:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-01 07:21 . 2012-02-01 07:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-03-24 04:56 . 2012-02-01 07:01 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-03-24 04:56 . 2012-02-01 07:22 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-02-01 07:01 180224 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-01 07:22 180224 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 05:01 . 2012-02-01 05:56 438792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-01 07:20 438792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-02-01 07:01 2752512 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-01 07:22 2752512 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-01 07:22 8011776 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-30 06:21 . 2012-02-01 07:20 2416432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2012-01-30 06:21 . 2012-02-01 05:56 2416432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-12-09 19:51 3911776 ----a-w- c:\program files (x86)\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Control Center"="c:\program files (x86)\ASUS\WLAN Card Utilities\CenterAgent.exe" [2009-05-21 544256]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"EC5.exe"=c:\program files (x86)\LP\1D60\EC5.exe
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SASCORE;SAS Core Service;c:\program files (x86)\SUPERAntiSpyware\SASCore.exe [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 ATSZIO;ATSZIO;c:\windows\SysWOW64\ATSZIO64.sys [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [x]
R3 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2010-07-01 136616]
S0 AvgRkx64;AvgRkx64;c:\windows\System32\Drivers\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [x]
S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [x]
S1 AvgTdiA;AVG8 Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-08 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
S2 ASWLCCSvc;ASUS Wireless Card Service;c:\program files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe [2009-05-21 172032]
S2 avg8wd;AVG8 WatchDog;c:\progra~2\AVG\AVG8\avgwdsvc.exe [2011-06-08 297752]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-10-16 319488]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 4948992]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3964745361-1973383320-2877571132-1000Core.job
- c:\users\DLee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 07:41]
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3964745361-1973383320-2877571132-1000UA.job
- c:\users\DLee\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 07:41]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1873288]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:63394
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\
FF - prefs.js: browser.search.selectedEngine - Answers.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Define Word: {1395baf2-3aa6-4d0f-83d6-1d9b66a9420d} - %profile%\extensions\{1395baf2-3aa6-4d0f-83d6-1d9b66a9420d}
FF - Ext: Show Picture: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: Print/Print Preview: {19EB90DC-A456-458b-8AAC-616D91AAFCE1} - %profile%\extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Ext: FavLoc: {472f4ef0-a825-11da-a746-0800200c9a66} - %profile%\extensions\{472f4ef0-a825-11da-a746-0800200c9a66}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: QuickRestart: {F645A8C9-E969-42D9-B3F3-F325537222FD} - %profile%\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
FF - Ext: oldbar: {46868735-c3fa-47ce-8ce7-cce51a66aceb} - %profile%\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Status-bar Scientific Calculator: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
FF - Ext: Element Hiding Helper for Adblock Plus: [email protected] - %profile%\extensions\[email protected]
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Save Images: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Multi Links: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Gmail Manager: {582195F5-92E7-40a0-A127-DB71295901D7} - %profile%\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
FF - Ext: Craigslist Image Prefetcher: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:12,72,46,44,94,3f,d2,9f,72,0a,dd,16,58,ec,51,ad,0a,92,fc,5f,07,
c8,04,bd,43,8b,74,f6,14,47,12,89,91,72,3e,f7,bd,b7,76,95,84,58,b4,e2,2c,26,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:12,72,46,44,94,3f,d2,9f,72,0a,dd,16,58,ec,51,ad,0a,92,fc,5f,07,
c8,04,bd,43,8b,74,f6,14,47,12,89,91,72,3e,f7,bd,b7,76,95,84,58,b4,e2,2c,26,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PSIService.exe
c:\progra~2\AVG\AVG8\avgam.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\windows\DAODx.exe
c:\program files\ASUS\GPU Boost Driver\GpuBoostServer.exe
c:\program files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
.
**************************************************************************
.
Completion time: 2012-01-31 23:30:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-01 07:30
ComboFix2.txt 2012-02-01 07:09
.
Pre-Run: 221,803,515,904 bytes free
Post-Run: 221,713,559,552 bytes free
.
- - End Of File - - E23EF2EF2E1DFD3D90736CE3E264265C

Please Help. Thanks! I appreciate it!

Attached Files


  • 0

#4
Daniel Christmas Lee

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts
Update 02/02/12: SmitFraud-C returned... I thought it was gone after running the ComboFix, but it returned... someone please help?
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay, could you update me on the current problems please

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

AND FINALLY

Please download GetPartitions from the link bellow. You must right click on the link and choose Save as.... Save it as GetPartitions.bat on your desktop

getpartitions.bat

Double click it to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator").
It will produce C:\DiskReport.txt log please post results from that log here to me.
  • 0

#6
Daniel Christmas Lee

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts
Thank you Essexboy for coming to my rescue!

Attached are the text files you've requested.

Attached File  OTL.Txt   142.07KB   56 downloads
The Extras file did not produce after running OTL. I have attached an older Extras. Attached File  Extras.Txt   59.05KB   96 downloads
Attached File  aswMBR.txt   1.92KB   49 downloads
Attached File  DiskReport.txt   834bytes   48 downloads

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-04 11:57:35
-----------------------------
11:57:35.707 OS Version: Windows x64 6.1.7601 Service Pack 1
11:57:35.707 Number of processors: 6 586 0xA00
11:57:35.708 ComputerName: AEGIS UserName: DLee
11:57:36.938 Initialize success
11:57:46.596 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:57:46.599 Disk 0 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 3
11:57:46.603 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-2
11:57:46.607 Disk 1 Vendor: C300-CTFDDAC064MAG 0006 Size: 61057MB BusType: 3
11:57:46.611 Device \Driver\atapi -> MajorFunction fffffa800e6845c4
11:57:46.617 Disk 0 MBR read successfully
11:57:46.621 Disk 0 MBR scan
11:57:46.626 Disk 0 [email protected] code has been found
11:57:46.632 Disk 0 Windows 7 default MBR code found via API
11:57:46.636 Disk 0 MBR hidden
11:57:46.638 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476827 MB offset 2048
11:57:46.656 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 477039 MB offset 976543744
11:57:46.658 Disk 0 MBR [TDL4] **ROOTKIT**
11:57:46.661 Disk 0 trace - called modules:
11:57:46.665 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800e6845c4]<<
11:57:46.668 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800cb91790]
11:57:46.671 3 CLASSPNP.SYS[fffff88001bc543f] -> nt!IofCallDriver -> [0xfffffa800d9a09b0]
11:57:46.676 5 ACPI.sys[fffff880011977a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800da62680]
11:57:46.679 \Driver\atapi[0xfffffa800e633060] -> IRP_MJ_CREATE -> 0xfffffa800e6845c4
11:57:46.683 Scan finished successfully
11:57:55.371 Disk 0 MBR has been saved successfully to "C:\Users\DLee\Desktop\MBR.dat"
11:57:55.373 The log file has been saved successfully to "C:\Users\DLee\Desktop\aswMBR.txt"

OTL logfile created on: 2/4/2012 11:45:10 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\DLee\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

16.00 Gb Total Physical Memory | 13.38 Gb Available Physical Memory | 83.66% Memory free
31.99 Gb Paging File | 29.37 Gb Available in Paging File | 91.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.65 Gb Total Space | 206.98 Gb Free Space | 44.45% Space Free | Partition Type: NTFS
Drive E: | 59.63 Gb Total Space | 19.30 Gb Free Space | 32.36% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 28.78 Gb Free Space | 6.18% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 143.33 Gb Free Space | 30.77% Space Free | Partition Type: NTFS
Drive X: | 465.86 Gb Total Space | 167.89 Gb Free Space | 36.04% Space Free | Partition Type: NTFS

Computer Name: AEGIS | User Name: DLee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/31 22:32:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\DLee\Desktop\OTL.exe
PRC - [2011/06/07 23:44:08 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe
PRC - [2011/06/06 22:36:25 | 000,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgam.exe
PRC - [2011/01/13 08:42:54 | 001,799,168 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\Program Files (x86)\ASUS\WLAN Card Utilities\Center.exe
PRC - [2010/07/07 09:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010/06/23 22:19:50 | 000,109,056 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
PRC - [2010/03/27 11:41:20 | 001,137,280 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe
PRC - [2009/10/21 11:12:50 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/10/16 09:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 17:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/05/21 14:09:04 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe
PRC - [2009/03/29 22:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe


========== Modules (No Company Name) ==========

MOD - [2010/06/01 09:38:40 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll
MOD - [2010/02/08 16:19:52 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll
MOD - [2009/03/29 22:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/08 12:42:32 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/09/08 09:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/11/20 05:25:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2009/07/17 05:31:34 | 004,948,992 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2009/07/13 17:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009/07/13 17:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2011/06/07 23:44:08 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2011/04/27 09:42:06 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/20 04:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/07/01 03:45:02 | 000,136,616 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2010/06/23 22:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/16 09:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/07/13 17:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 14:09:04 | 000,172,032 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe -- (ASWLCCSvc)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/08 10:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/08 08:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 17:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/24 05:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/06/07 23:44:14 | 000,427,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2011/06/06 22:37:18 | 000,133,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2011/06/06 22:37:18 | 000,033,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2011/06/06 22:37:18 | 000,014,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (AvgRkx64)
DRV:64bit: - [2011/06/06 14:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/04/30 03:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/04/30 03:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/03/28 02:55:50 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/03/28 02:53:22 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 15:50:14 | 000,018,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 05:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 05:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 03:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/20 09:49:06 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/12 16:42:28 | 001,104,672 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010/01/27 17:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/11 03:28:34 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/12/22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/28 09:59:08 | 000,045,752 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCASp50.sys -- (PCASp50)
DRV:64bit: - [2009/10/26 22:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/10/26 22:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/15 19:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 12:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 17:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2007/04/23 18:12:44 | 000,739,760 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BisonCam.sys -- (Cam5603D)
DRV:64bit: - [2006/09/02 23:53:54 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2010/07/09 11:19:04 | 000,021,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys -- (cpuz134)
DRV - [2009/10/28 09:59:08 | 000,045,752 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 B8 4B 00 BB F3 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63394

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\DLee\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DLee\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DLee\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: X:\Adobe\CS5 Master Suite\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/03/20 02:02:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG8\Firefox [2011/06/07 23:46:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/31 22:58:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/30 14:33:15 | 000,000,000 | ---D | M]

[2011/03/19 23:20:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Extensions
[2011/03/19 16:33:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2012/02/03 19:26:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions
[2011/09/07 20:54:57 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2011/03/19 23:21:07 | 000,000,000 | ---D | M] (Define Word) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{1395baf2-3aa6-4d0f-83d6-1d9b66a9420d}
[2011/09/08 20:16:15 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2011/03/19 23:21:07 | 000,000,000 | ---D | M] (Print/Print Preview) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}
[2011/03/19 23:21:07 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/09/07 20:54:53 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/09/07 20:54:52 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011/03/19 23:23:49 | 000,000,000 | ---D | M] (oldbar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2011/03/19 23:25:27 | 000,000,000 | ---D | M] (FavLoc) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{472f4ef0-a825-11da-a746-0800200c9a66}
[2011/03/19 23:21:04 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/09/10 13:39:06 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2011/03/19 23:21:04 | 000,000,000 | ---D | M] ("ProCon Latte") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}
[2011/03/19 23:21:04 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011/09/07 20:54:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/27 04:06:30 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/09/07 20:54:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/19 23:21:02 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/05/16 21:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/03/19 23:21:01 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/09/07 20:54:51 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/03/19 23:21:00 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2011/10/27 17:11:56 | 000,000,000 | ---D | M] (Craigslist Image Prefetcher) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/03/19 23:21:11 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/03/19 23:21:10 | 000,000,000 | ---D | M] ("KGen") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/04/24 17:01:18 | 000,000,000 | ---D | M] (Show Picture) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/08/24 21:33:18 | 000,000,000 | ---D | M] (Save Images) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/04/18 02:00:33 | 000,000,000 | ---D | M] (Multi Links) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/05/16 21:59:57 | 000,000,000 | ---D | M] ("SEO For Firefox") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/03/19 23:21:09 | 000,000,000 | ---D | M] (SeoQuake Plugin - Del.icio.us) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/03/19 23:21:09 | 000,000,000 | ---D | M] (SeoQuake Plugin - Seolinx) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/09/07 20:54:54 | 000,000,000 | ---D | M] (Simple Timer) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/03/19 23:21:09 | 000,000,000 | ---D | M] ("Status-bar Scientific Calculator") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/05/16 21:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2011/03/27 04:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions
[2011/03/19 23:20:26 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2011/03/19 23:20:26 | 000,000,000 | ---D | M] (Define Word) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{1395baf2-3aa6-4d0f-83d6-1d9b66a9420d}
[2011/03/19 23:20:26 | 000,000,000 | ---D | M] (Print/Print Preview) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}
[2011/03/19 23:20:26 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/03/19 16:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/19 23:20:26 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/03/19 23:20:25 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011/03/19 23:20:22 | 000,000,000 | ---D | M] (Data Analytics) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{377364a4-d91a-47ea-87de-c3d7eaf221cd}
[2011/03/19 23:20:22 | 000,000,000 | ---D | M] (oldbar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2011/03/19 23:20:22 | 000,000,000 | ---D | M] (FavLoc) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{472f4ef0-a825-11da-a746-0800200c9a66}
[2011/03/19 23:20:21 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/03/19 23:20:21 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2011/03/19 23:20:19 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011/03/19 23:20:19 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011/03/19 23:20:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/27 04:06:30 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/03/19 23:20:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2011/03/19 23:20:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/19 23:20:16 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/03/19 23:20:14 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/03/19 23:20:14 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/03/19 23:20:14 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2011/03/19 23:20:30 | 000,000,000 | ---D | M] (Show Picture) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:29 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:28 | 000,000,000 | ---D | M] ("Highlights") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:28 | 000,000,000 | ---D | M] ("SEO For Firefox") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:28 | 000,000,000 | ---D | M] (SeoQuake Plugin - Del.icio.us) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:28 | 000,000,000 | ---D | M] (SeoQuake Plugin - Seolinx) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:28 | 000,000,000 | ---D | M] ("Simple Timer") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:27 | 000,000,000 | ---D | M] (Site Information Tool) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\staged-xpis
[2011/03/19 23:20:26 | 000,000,000 | ---D | M] ("Status-bar Scientific Calculator") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/27 04:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\fnhvl5tp.default\extensions
[2011/03/27 04:06:30 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\fnhvl5tp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/02/03 19:26:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/19 23:18:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/04/12 23:27:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/13 12:41:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2007/12/13 09:55:00 | 000,437,760 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npagent.dll
[2010/03/27 17:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2005/12/05 21:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npmozax.dll
[2008/06/30 21:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npOGAPlugin.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Driver Agent Plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npagent.dll
CHR - plugin: Adobe Contribute CS5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
CHR - plugin: DivX\u00AE Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Office Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npOGAPlugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\DLee\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\DLee\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\DLee\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\DLee\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/03 18:17:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - X:\Adobe\CS5 Master Suite\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - X:\Adobe\CS5 Master Suite\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Control Center] C:\Program Files (x86)\ASUS\WLAN Card Utilities\CenterAgent.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75EF2997-7330-4525-AF98-B85397041F3F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/04 11:42:37 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\DLee\Desktop\aswMBR.exe
[2012/02/03 18:17:18 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/02/03 18:05:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/03 17:00:28 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/01/31 22:53:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/31 22:53:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/31 22:53:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/31 22:53:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/31 22:53:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/31 22:36:58 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\DLee\Desktop\HiJackThis.exe
[2012/01/31 22:36:28 | 004,395,075 | R--- | C] (Swearware) -- C:\Users\DLee\Desktop\DLeeFix.exe
[2012/01/31 22:32:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\DLee\Desktop\OTL.exe
[2012/01/31 22:20:02 | 000,000,000 | ---D | C] -- C:\Users\DLee\AppData\Roaming\Malwarebytes
[2012/01/31 22:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/31 22:13:10 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\DLee\Desktop\mbam-setup-1.60.1.1000.exe
[2012/01/31 22:06:48 | 000,000,000 | ---D | C] -- C:\Users\DLee\Desktop\SmitfraudFix
[2012/01/26 21:51:37 | 000,000,000 | ---D | C] -- C:\Users\DLee\AppData\Roaming\Adobe Mini Bridge CS5
[2012/01/26 21:23:40 | 000,000,000 | ---D | C] -- C:\Users\DLee\Jobs 2012
[2012/01/15 23:15:08 | 000,000,000 | ---D | C] -- C:\Users\DLee\Marine Officer Docs
[2012/01/12 20:07:19 | 000,000,000 | ---D | C] -- C:\Users\DLee\Desktop\SAW 1-7 (2004 - 2010) DvdRips XviD Xult
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/04 11:43:21 | 000,000,131 | ---- | M] () -- C:\Users\DLee\Desktop\getpartitions.bat
[2012/02/04 11:43:00 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\DLee\Desktop\aswMBR.exe
[2012/02/04 11:42:28 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012/02/04 11:39:37 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/04 11:39:37 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/04 11:31:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/04 11:31:53 | 4293,533,694 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/04 01:57:03 | 000,000,504 | ---- | M] () -- C:\Windows\wininit.ini
[2012/02/04 01:30:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3964745361-1973383320-2877571132-1000UA.job
[2012/02/03 21:55:29 | 031,162,464 | ---- | M] () -- C:\Users\DLee\Desktop\Harley Davidson Service Manual Sportster 86-03.pdf
[2012/02/03 19:32:27 | 089,603,428 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2012/02/03 18:30:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3964745361-1973383320-2877571132-1000Core.job
[2012/02/03 18:17:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/03 17:49:38 | 000,000,691 | ---- | M] () -- C:\Users\DLee\AppData\Roaming\GetValue.vbs
[2012/02/03 17:49:38 | 000,000,035 | ---- | M] () -- C:\Users\DLee\AppData\Roaming\SetValue.bat
[2012/02/02 23:17:57 | 000,031,744 | ---- | M] () -- C:\Users\DLee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/02 23:15:53 | 000,440,303 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120203-171806.backup
[2012/02/02 23:08:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120202-231553.backup
[2012/02/02 19:09:38 | 000,044,231 | ---- | M] () -- C:\Users\DLee\396296_10150615620547429_533717428_10881579_1823029198_n.jpg
[2012/02/01 23:13:56 | 012,424,321 | ---- | M] () -- C:\Users\DLee\Desktop\Motorcycle_Lair_How_to_Change_a_Fork_Seal_Leak_Part_2_of_2.flv
[2012/02/01 22:54:05 | 009,395,590 | ---- | M] () -- C:\Users\DLee\Desktop\39mm_Front_Fork_Assembly.flv
[2012/02/01 22:52:51 | 049,461,583 | ---- | M] () -- C:\Users\DLee\Desktop\Motorcycle_Lair_How_to_Fix_a_Fork_Seal_Leak_Part_1_of_2.flv
[2012/02/01 21:36:29 | 000,002,932 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012/01/31 23:23:06 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120201-000008.backup
[2012/01/31 22:38:04 | 014,357,624 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\DLee\Desktop\SUPERAntiSpyware.exe
[2012/01/31 22:37:33 | 001,872,472 | ---- | M] () -- C:\Users\DLee\Desktop\SmackfrizFax.exe
[2012/01/31 22:36:58 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\DLee\Desktop\HiJackThis.exe
[2012/01/31 22:36:32 | 004,395,075 | R--- | M] (Swearware) -- C:\Users\DLee\Desktop\DLeeFix.exe
[2012/01/31 22:32:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\DLee\Desktop\OTL.exe
[2012/01/31 22:13:22 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\DLee\Desktop\mbam-setup-1.60.1.1000.exe
[2012/01/31 19:54:44 | 000,000,954 | ---- | M] () -- C:\Users\DLee\Desktop\regfix.reg
[2012/01/30 18:54:59 | 000,000,882 | RH-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120130-230049.backup
[2012/01/29 19:11:35 | 159,318,503 | ---- | M] () -- C:\Users\DLee\Desktop\Episode31-TranceIsLifePodcast.mp3
[2012/01/28 10:41:56 | 000,007,534 | ---- | M] () -- C:\Users\DLee\420427_317348844974675_131437750232453_900474_797310643_n.jpg
[2012/01/27 16:38:14 | 003,105,442 | ---- | M] () -- C:\Users\DLee\Desktop\Oily_Stuff_Under_Carb.flv
[2012/01/24 23:25:57 | 000,002,373 | ---- | M] () -- C:\Users\DLee\Desktop\Google Chrome.lnk
[2012/01/18 22:35:23 | 000,190,180 | ---- | M] () -- C:\Users\DLee\Desktop\Dynojet Normal.pdf
[2012/01/18 18:47:28 | 000,170,760 | ---- | M] () -- C:\Users\DLee\Desktop\Dynojet 883 Racer.pdf
[2012/01/15 12:13:44 | 000,440,213 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120119-175357.backup
[2012/01/14 18:54:47 | 000,029,153 | ---- | M] () -- C:\Users\DLee\Desktop\ruler_foot-1.pdf
[2012/01/11 22:38:08 | 052,451,901 | ---- | M] () -- C:\Users\DLee\Desktop\Lynyrd_Skynyrd_-_Simple_Man_-_super_easy_beginner_acoustic_g.flv
[2012/01/11 19:32:11 | 000,091,336 | ---- | M] () -- C:\Users\DLee\Desktop\SR-i900 Remote Web-500x500.jpg
[2012/01/09 22:04:09 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/09 00:49:17 | 000,440,086 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120115-121344.backup
[2012/01/09 00:47:45 | 000,007,634 | ---- | M] () -- C:\Users\DLee\AppData\Local\resmon.resmoncfg
[2012/01/09 00:35:35 | 000,440,086 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120109-004917.backup
[2012/01/08 10:17:17 | 002,375,667 | ---- | M] () -- C:\Users\DLee\Desktop\Lynyrd_Skynyrd_-_Simple_Man.flv
[2012/01/07 18:49:04 | 003,534,906 | ---- | M] () -- C:\Users\DLee\Desktop\wnr834bv2_2_1_13_na_only.chk
[2012/01/06 22:46:06 | 000,043,229 | ---- | M] () -- C:\Users\DLee\Desktop\384826_10100443104666527_3625256_55133678_1505682643_n.jpg
[2012/01/05 22:49:09 | 005,927,077 | ---- | M] () -- C:\Users\DLee\Desktop\ASVAB for Dummies (2nd Edition).pdf
[2012/01/05 17:47:56 | 000,102,999 | ---- | M] () -- C:\Users\DLee\Desktop\Gauge Amazon.pdf
[2012/01/05 17:28:45 | 000,013,077 | ---- | M] () -- C:\Users\DLee\Desktop\Balaclava Amazon.pdf
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/04 11:43:21 | 000,000,131 | ---- | C] () -- C:\Users\DLee\Desktop\getpartitions.bat
[2012/02/02 19:09:38 | 000,044,231 | ---- | C] () -- C:\Users\DLee\396296_10150615620547429_533717428_10881579_1823029198_n.jpg
[2012/02/01 23:10:12 | 012,424,321 | ---- | C] () -- C:\Users\DLee\Desktop\Motorcycle_Lair_How_to_Change_a_Fork_Seal_Leak_Part_2_of_2.flv
[2012/02/01 22:51:12 | 009,395,590 | ---- | C] () -- C:\Users\DLee\Desktop\39mm_Front_Fork_Assembly.flv
[2012/02/01 22:46:41 | 049,461,583 | ---- | C] () -- C:\Users\DLee\Desktop\Motorcycle_Lair_How_to_Fix_a_Fork_Seal_Leak_Part_1_of_2.flv
[2012/01/31 22:53:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/31 22:53:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/31 22:53:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/31 22:53:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/31 22:53:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/31 22:12:26 | 001,872,472 | ---- | C] () -- C:\Users\DLee\Desktop\SmackfrizFax.exe
[2012/01/31 21:59:29 | 000,000,691 | ---- | C] () -- C:\Users\DLee\AppData\Roaming\GetValue.vbs
[2012/01/31 21:59:29 | 000,000,035 | ---- | C] () -- C:\Users\DLee\AppData\Roaming\SetValue.bat
[2012/01/31 19:54:52 | 000,000,954 | ---- | C] () -- C:\Users\DLee\Desktop\regfix.reg
[2012/01/30 20:06:51 | 000,000,504 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/29 18:07:26 | 159,318,503 | ---- | C] () -- C:\Users\DLee\Desktop\Episode31-TranceIsLifePodcast.mp3
[2012/01/28 10:41:56 | 000,007,534 | ---- | C] () -- C:\Users\DLee\420427_317348844974675_131437750232453_900474_797310643_n.jpg
[2012/01/27 16:38:08 | 003,105,442 | ---- | C] () -- C:\Users\DLee\Desktop\Oily_Stuff_Under_Carb.flv
[2012/01/18 22:35:23 | 000,190,180 | ---- | C] () -- C:\Users\DLee\Desktop\Dynojet Normal.pdf
[2012/01/18 18:47:28 | 000,170,760 | ---- | C] () -- C:\Users\DLee\Desktop\Dynojet 883 Racer.pdf
[2012/01/14 18:54:47 | 000,029,153 | ---- | C] () -- C:\Users\DLee\Desktop\ruler_foot-1.pdf
[2012/01/11 22:31:21 | 052,451,901 | ---- | C] () -- C:\Users\DLee\Desktop\Lynyrd_Skynyrd_-_Simple_Man_-_super_easy_beginner_acoustic_g.flv
[2012/01/11 19:32:10 | 000,091,336 | ---- | C] () -- C:\Users\DLee\Desktop\SR-i900 Remote Web-500x500.jpg
[2012/01/08 10:17:17 | 002,375,667 | ---- | C] () -- C:\Users\DLee\Desktop\Lynyrd_Skynyrd_-_Simple_Man.flv
[2012/01/07 18:46:00 | 003,534,906 | ---- | C] () -- C:\Users\DLee\Desktop\wnr834bv2_2_1_13_na_only.chk
[2012/01/06 22:44:29 | 000,043,229 | ---- | C] () -- C:\Users\DLee\Desktop\384826_10100443104666527_3625256_55133678_1505682643_n.jpg
[2012/01/05 22:48:56 | 005,927,077 | ---- | C] () -- C:\Users\DLee\Desktop\ASVAB for Dummies (2nd Edition).pdf
[2012/01/05 17:47:56 | 000,102,999 | ---- | C] () -- C:\Users\DLee\Desktop\Gauge Amazon.pdf
[2012/01/05 17:28:45 | 000,013,077 | ---- | C] () -- C:\Users\DLee\Desktop\Balaclava Amazon.pdf
[2012/01/02 20:54:56 | 000,002,576 | -HS- | C] () -- C:\Users\DLee\AppData\Local\871tu76xx38p34227204lnianx6a578kcu0nk46016o
[2012/01/02 20:54:56 | 000,002,576 | -HS- | C] () -- C:\ProgramData\871tu76xx38p34227204lnianx6a578kcu0nk46016o
[2011/12/04 12:03:15 | 000,003,520 | -HS- | C] () -- C:\Users\DLee\AppData\Local\j4nv56c0og6dvr
[2011/12/04 12:03:15 | 000,003,520 | -HS- | C] () -- C:\ProgramData\j4nv56c0og6dvr
[2011/11/09 18:47:41 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2011/09/14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/07 21:32:25 | 000,165,536 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/08/24 19:19:10 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/08/20 20:19:16 | 000,000,008 | RHS- | C] () -- C:\Windows\SysWow64\D81DEDD44C.sys
[2011/08/20 20:18:02 | 000,000,088 | RHS- | C] () -- C:\Windows\SysWow64\317C373DAA.sys
[2011/08/20 20:11:02 | 000,002,932 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011/07/07 20:55:50 | 000,001,456 | ---- | C] () -- C:\Users\DLee\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/06/27 22:23:38 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
[2011/06/02 11:34:26 | 000,008,257 | ---- | C] () -- C:\Users\DLee\AppData\Roaming\AC1A.C40
[2011/05/01 12:17:39 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys
[2011/05/01 12:17:39 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin
[2011/04/13 12:08:06 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/04/13 12:08:06 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/04/10 22:57:56 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/02 14:52:57 | 000,031,744 | ---- | C] () -- C:\Users\DLee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/02 14:45:31 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/03/24 23:46:22 | 000,000,255 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/03/24 23:46:22 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/03/24 23:45:26 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/03/24 23:45:26 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/03/24 23:44:50 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/03/24 23:44:50 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/03/24 23:44:50 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/03/20 16:40:31 | 000,003,608 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/03/20 16:40:31 | 000,000,008 | RHS- | C] () -- C:\ProgramData\0571F720CC.sys
[2011/03/20 00:48:37 | 000,120,268 | ---- | C] () -- C:\Windows\File Renamer - Basic Uninstaller.exe
[2011/03/19 22:41:55 | 000,007,634 | ---- | C] () -- C:\Users\DLee\AppData\Local\resmon.resmoncfg
[2011/03/19 22:38:22 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/03/19 20:29:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/19 20:23:46 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/03/19 20:23:46 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/03/19 20:18:08 | 000,039,233 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/03/19 20:16:17 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/03/19 20:16:13 | 000,032,217 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/05 18:48:34 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 04:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/03/29 22:32:40 | 000,032,768 | R--- | C] () -- C:\Windows\DAODx.exe
[2008/12/01 17:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2007/11/26 20:56:28 | 000,151,415 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2007/06/05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\SysWow64\PSIService.exe

========== LOP Check ==========

[2011/12/29 16:22:07 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\04802
[2011/03/21 04:27:59 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Ableton
[2011/03/21 00:58:33 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\acccore
[2012/02/02 21:12:15 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Azureus
[2011/04/11 22:10:33 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Braid
[2011/03/31 01:49:31 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\DAEMON Tools Lite
[2011/03/25 02:30:31 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Guitar Pro 6
[2011/03/20 00:01:03 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\IObit
[2011/05/31 22:16:42 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\IrfanView
[2011/03/22 00:00:50 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Leadertech
[2011/10/22 18:05:57 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Magic Set Editor
[2012/01/15 12:05:17 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Notepad++
[2011/09/07 21:46:01 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Opera
[2011/11/09 18:47:41 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\PACE Anti-Piracy
[2011/05/01 03:00:04 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\SoundSpectrum
[2011/04/12 23:43:33 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/05/15 04:16:12 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\vghd
[2011/09/17 22:03:09 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Wizards of the Coast
[2012/01/30 23:25:13 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/25 21:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 22:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 04:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 05:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 17:14:45 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=2CEFF13ACE25A40BD8D97654944297CD -- C:\Windows\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 87
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{75EF2997-7330-4525-AF98-B85397041F3F}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{EC6DFCFE-5263-46C9-AE15-C790F77E866B}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{ED5ECA2B-53B0-4708-9817-009EEFC58A34}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 07 01 03 01 01 01 0A 01 05 01 06 01 00 01 09 01 08 01 04 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 10
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

========== Alternate Data Streams ==========

@Alternate Data Stream - 1284 bytes -> C:\ProgramData\Microsoft:E1HQlF49b7FE0gm1oxnRymW
@Alternate Data Stream - 1232 bytes -> C:\ProgramData\Microsoft:WircfwojjIUmYtMlSVdd

< End of report >
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It is not smitfraud you have but a TDL rootkit

Re-Run aswMBR

Click Scan

On completion of the scan
Click the Fix Button

Posted Image

Save the log as before and post in your next reply


THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63394
    [2011/03/19 16:33:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
    [2012/01/02 20:54:56 | 000,002,576 | -HS- | C] () -- C:\Users\DLee\AppData\Local\871tu76xx38p34227204lnianx6a578kcu0nk46016o
    [2012/01/02 20:54:56 | 000,002,576 | -HS- | C] () -- C:\ProgramData\871tu76xx38p34227204lnianx6a578kcu0nk46016o
    [2011/12/04 12:03:15 | 000,003,520 | -HS- | C] () -- C:\Users\DLee\AppData\Local\j4nv56c0og6dvr
    [2011/12/04 12:03:15 | 000,003,520 | -HS- | C] () -- C:\ProgramData\j4nv56c0og6dvr
    [2011/12/29 16:22:07 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\04802
    @Alternate Data Stream - 1284 bytes -> C:\ProgramData\Microsoft:E1HQlF49b7FE0gm1oxnRymW
    @Alternate Data Stream - 1232 bytes -> C:\ProgramData\Microsoft:WircfwojjIUmYtMlSVdd

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#8
Daniel Christmas Lee

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts
Thank you for the instructions!

aswMBR result =
Attached File  aswMBR2.txt   2.39KB   47 downloads

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-04 17:24:16
-----------------------------
17:24:16.160 OS Version: Windows x64 6.1.7601 Service Pack 1
17:24:16.160 Number of processors: 6 586 0xA00
17:24:16.160 ComputerName: AEGIS UserName: DLee
17:24:17.359 Initialize success
17:24:29.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:24:29.157 Disk 0 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 3
17:24:29.158 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-2
17:24:29.159 Disk 1 Vendor: C300-CTFDDAC064MAG 0006 Size: 61057MB BusType: 3
17:24:29.161 Device \Driver\atapi -> MajorFunction fffffa800e5ac5c4
17:24:29.183 Disk 0 MBR read successfully
17:24:29.185 Disk 0 MBR scan
17:24:29.186 Disk 0 [email protected] code has been found
17:24:29.188 Disk 0 Windows 7 default MBR code found via API
17:24:29.189 Disk 0 MBR hidden
17:24:29.198 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476827 MB offset 2048
17:24:29.219 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 477039 MB offset 976543744
17:24:29.221 Disk 0 MBR [TDL4] **ROOTKIT**
17:24:29.224 Disk 0 trace - called modules:
17:24:29.227 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800e5ac5c4]<<
17:24:29.230 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800cb91790]
17:24:29.233 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa800d9cc960]
17:24:29.236 5 ACPI.sys[fffff8800103a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800da8f680]
17:24:29.239 \Driver\atapi[0xfffffa800e5aa550] -> IRP_MJ_CREATE -> 0xfffffa800e5ac5c4
17:24:29.243 Scan finished successfully
17:24:30.391 Disk 0 MBR read successfully
17:24:30.394 Disk 0 [email protected] code has been found
17:24:30.406 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476827 MB offset 2048
17:24:30.428 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 477039 MB offset 976543744
17:24:30.431 Disk 0 fixing MBR ...
17:24:30.445 Disk 0 MBR restored successfully
17:24:30.510 Verifying disinfection
17:24:40.578 Infection fixed successfully - please reboot ASAP
17:25:02.814 Disk 0 MBR has been saved successfully to "C:\Users\DLee\Desktop\MBR.dat"
17:25:02.816 The log file has been saved successfully to "C:\Users\DLee\Desktop\aswMBR2.txt"

OTL result =
Attached File  02042012_173254.log   10.46KB   47 downloads

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\Users\DLee\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a} folder moved successfully.
C:\Users\DLee\AppData\Local\871tu76xx38p34227204lnianx6a578kcu0nk46016o moved successfully.
C:\ProgramData\871tu76xx38p34227204lnianx6a578kcu0nk46016o moved successfully.
C:\Users\DLee\AppData\Local\j4nv56c0og6dvr moved successfully.
C:\ProgramData\j4nv56c0og6dvr moved successfully.
C:\Users\DLee\AppData\Roaming\04802 folder moved successfully.
ADS C:\ProgramData\Microsoft:E1HQlF49b7FE0gm1oxnRymW deleted successfully.
ADS C:\ProgramData\Microsoft:WircfwojjIUmYtMlSVdd deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\DLee\Desktop\cmd.bat deleted successfully.
C:\Users\DLee\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DLee
->Temp folder emptied: 10812 bytes
->Temporary Internet Files folder emptied: 2118063 bytes
->Java cache emptied: 16327466 bytes
->FireFox cache emptied: 154301274 bytes
->Google Chrome cache emptied: 179471274 bytes
->Apple Safari cache emptied: 29519872 bytes
->Opera cache emptied: 3797236 bytes
->Flash cache emptied: 170405 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 287289 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11585 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 368.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 02042012_173254

Files\Folders moved on Reboot...
C:\Users\DLee\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\01cf7158-6c4a-4282-8869-1b7740be66f3.tmp not found!
File\Folder C:\Windows\temp\1f1c24c3-b4a8-4497-b470-f956468bede9.tmp not found!
File\Folder C:\Windows\temp\20f84842-4848-40de-9ffb-bbedb6316e1d.tmp not found!
File\Folder C:\Windows\temp\220d85a6-18f1-4e2f-8f94-094ffc2aecf4.tmp not found!
File\Folder C:\Windows\temp\26b88350-4e52-4bcd-a235-b53c80595286.tmp not found!
File\Folder C:\Windows\temp\2c6148ee-1ab0-4f3d-813d-e21831273240.tmp not found!
File\Folder C:\Windows\temp\33fc4f81-dda0-4441-bb6c-afcd2f88ed9f.tmp not found!
File\Folder C:\Windows\temp\3d900689-bf8b-4e41-9f13-ff8e5b3ab628.tmp not found!
File\Folder C:\Windows\temp\408bf544-5eef-43cd-98fd-b161980d94bc.tmp not found!
File\Folder C:\Windows\temp\44348db2-a3e1-48c2-975c-ee82dac79230.tmp not found!
File\Folder C:\Windows\temp\48dc982e-7e03-4771-8158-6d4dc0de14f4.tmp not found!
File\Folder C:\Windows\temp\516c63dc-c7b3-49da-af16-5a934d9e206a.tmp not found!
File\Folder C:\Windows\temp\5339d505-9cd8-4ce6-ad47-9a70af1c079d.tmp not found!
File\Folder C:\Windows\temp\58f773e6-099b-453a-94a9-acce1a8ed312.tmp not found!
File\Folder C:\Windows\temp\5e7cd0f9-8484-426b-843f-a88ee96444dd.tmp not found!
File\Folder C:\Windows\temp\616bc112-1361-4760-96d1-fc995a7c57b0.tmp not found!
File\Folder C:\Windows\temp\6c23dd7f-dbef-4f26-8744-2333a74d85ce.tmp not found!
File\Folder C:\Windows\temp\6cde89b4-1fcc-4d40-984c-ec0440b3d628.tmp not found!
File\Folder C:\Windows\temp\79b27a7b-5a49-469c-a4a1-db499cfc41f8.tmp not found!
File\Folder C:\Windows\temp\80502509-a3b2-4f74-9214-2f6e70de22d9.tmp not found!
File\Folder C:\Windows\temp\83b6167b-6e25-4d6c-aa01-bb810000bbc9.tmp not found!
File\Folder C:\Windows\temp\87261a39-9545-4e44-ac1b-cceca13881e8.tmp not found!
File\Folder C:\Windows\temp\8bcfadc7-4c6e-451e-8641-2b521c2e19a1.tmp not found!
File\Folder C:\Windows\temp\92bb23ef-716b-4d43-a292-8e676400dfde.tmp not found!
File\Folder C:\Windows\temp\956ccfe3-1e75-4972-b893-ea5dcaa26d07.tmp not found!
File\Folder C:\Windows\temp\97506e24-ffe8-4b1b-920e-a5ad5f5ae1d7.tmp not found!
File\Folder C:\Windows\temp\9e24814f-241b-4e70-be14-ff68a4b5a131.tmp not found!
File\Folder C:\Windows\temp\a13260a8-0d18-464a-b3bf-f7a83c7def69.tmp not found!
File\Folder C:\Windows\temp\a293ee48-2b1c-402e-b702-1ec12870c91b.tmp not found!
File\Folder C:\Windows\temp\e060055d-6b29-48b2-b054-40ded0c9e626.tmp not found!
File\Folder C:\Windows\temp\e49dc9ab-8081-4270-b619-3d1864d89f54.tmp not found!
File\Folder C:\Windows\temp\f3dc0647-f299-43bb-bffe-934b6a28d19b.tmp not found!
File\Folder C:\Windows\temp\fbf00559-556b-490b-9101-da42e16acf13.tmp not found!
C:\Windows\temp\flaB6F5.tmp moved successfully.

Registry entries deleted on Reboot...

Edited by Daniel Christmas Lee, 04 February 2012 - 07:41 PM.

  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now run a fresh OTL log please.. Selecting all users and running a quick scan

Also what is the the current situation with regards to svchost ?
  • 0

#10
Daniel Christmas Lee

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts
Attached here is a recent OTL Log: Attached File  OTL-Tree.Txt   128.32KB   44 downloads

My situation with svchost.exe is... I don't know what/why it's giving me a problem.

I haven't ran a scan yet, but I can say that's what Spy Bot is showing as the problem associated with SmitFraud-C.generic.

In the past, svchost has been a resource hog... there would be multiple svchost processes opened in my task manager.

Sorry for the little detail... I'm preoccupied at the moment.

Thanks for your help! Please let me now what are the next steps!

OTL logfile created on: 2/5/2012 12:21:53 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\DLee\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

16.00 Gb Total Physical Memory | 13.93 Gb Available Physical Memory | 87.06% Memory free
31.99 Gb Paging File | 29.54 Gb Available in Paging File | 92.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.65 Gb Total Space | 204.72 Gb Free Space | 43.97% Space Free | Partition Type: NTFS
Drive E: | 59.63 Gb Total Space | 19.23 Gb Free Space | 32.26% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 28.53 Gb Free Space | 6.13% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 141.44 Gb Free Space | 30.37% Space Free | Partition Type: NTFS
Drive X: | 465.86 Gb Total Space | 167.89 Gb Free Space | 36.04% Space Free | Partition Type: NTFS

Computer Name: AEGIS | User Name: DLee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/31 22:32:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\DLee\Desktop\OTL.exe
PRC - [2011/11/17 15:56:12 | 000,561,664 | ---- | M] (Totem Entertainment) -- C:\Users\DLee\AppData\Local\vghd\bin\Virtuagirl_Downloader.exe
PRC - [2011/11/17 15:55:12 | 001,624,576 | ---- | M] (Totem Entertainment) -- C:\Users\DLee\AppData\Local\vghd\bin\vghd.exe
PRC - [2011/06/07 23:44:08 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe
PRC - [2011/06/06 22:36:25 | 000,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgam.exe
PRC - [2011/01/13 08:42:54 | 001,799,168 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\Program Files (x86)\ASUS\WLAN Card Utilities\Center.exe
PRC - [2010/07/07 09:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010/06/23 22:19:50 | 000,109,056 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
PRC - [2010/03/27 11:41:20 | 001,137,280 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe
PRC - [2009/10/21 11:12:50 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/10/16 09:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009/05/21 14:09:04 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe
PRC - [2009/03/29 22:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/17 15:56:10 | 000,073,216 | ---- | M] () -- C:\Users\DLee\AppData\Local\vghd\bin\system.dll
MOD - [2011/11/16 14:33:10 | 000,029,184 | ---- | M] () -- C:\Users\DLee\AppData\Local\vghd\bin\imageformats\qico4.dll
MOD - [2011/11/16 14:33:08 | 000,287,232 | ---- | M] () -- C:\Users\DLee\AppData\Local\vghd\bin\imageformats\qtiff4.dll
MOD - [2011/11/16 14:32:56 | 000,222,720 | ---- | M] () -- C:\Users\DLee\AppData\Local\vghd\bin\imageformats\qmng4.dll
MOD - [2011/11/16 14:32:50 | 000,026,624 | ---- | M] () -- C:\Users\DLee\AppData\Local\vghd\bin\imageformats\qgif4.dll
MOD - [2011/11/16 14:32:46 | 000,200,704 | ---- | M] () -- C:\Users\DLee\AppData\Local\vghd\bin\imageformats\qjpeg4.dll
MOD - [2011/11/16 14:20:20 | 011,159,552 | ---- | M] () -- C:\Users\DLee\AppData\Local\vghd\bin\QtWebKit4.dll
MOD - [2011/11/16 13:18:30 | 000,270,336 | ---- | M] () -- C:\Users\DLee\AppData\Local\vghd\bin\phonon4.dll
MOD - [2011/11/16 13:12:28 | 008,451,072 | ---- | M] () -- C:\Users\DLee\AppData\Local\vghd\bin\QtGui4.dll
MOD - [2011/11/16 13:04:24 | 000,860,160 | ---- | M] () -- C:\Users\DLee\AppData\Local\vghd\bin\QtNetwork4.dll
MOD - [2011/11/16 13:03:36 | 000,358,400 | ---- | M] () -- C:\Users\DLee\AppData\Local\vghd\bin\QtXml4.dll
MOD - [2011/11/16 13:03:28 | 002,349,056 | ---- | M] () -- C:\Users\DLee\AppData\Local\vghd\bin\QtCore4.dll
MOD - [2011/10/27 16:49:34 | 000,184,832 | ---- | M] () -- C:\Users\DLee\AppData\Local\vghd\bin\dxmodules.dll
MOD - [2011/06/01 14:28:02 | 000,045,056 | ---- | M] () -- C:\Users\DLee\AppData\Local\vghd\bin\Windows.dll
MOD - [2011/06/01 14:27:48 | 000,818,176 | ---- | M] () -- C:\Users\DLee\AppData\Local\vghd\bin\vhd.dll
MOD - [2010/06/01 09:38:40 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll
MOD - [2010/02/08 16:19:52 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll
MOD - [2009/03/29 22:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/08 12:42:32 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/09/08 09:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/11/20 05:25:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2009/07/17 05:31:34 | 004,948,992 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2009/07/13 17:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009/07/13 17:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2011/06/07 23:44:08 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2011/04/27 09:42:06 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/20 04:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/07/01 03:45:02 | 000,136,616 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2010/06/23 22:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/16 09:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/07/13 17:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 14:09:04 | 000,172,032 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe -- (ASWLCCSvc)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Start_Pending] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/08 10:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/08 08:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 17:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/24 05:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/06/07 23:44:14 | 000,427,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2011/06/06 22:37:18 | 000,133,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2011/06/06 22:37:18 | 000,033,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2011/06/06 22:37:18 | 000,014,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (AvgRkx64)
DRV:64bit: - [2011/06/06 14:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/04/30 03:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/04/30 03:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/03/28 02:55:50 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/03/28 02:53:22 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 15:50:14 | 000,018,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 05:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 05:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 03:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/20 09:49:06 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/12 16:42:28 | 001,104,672 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010/01/27 17:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/11 03:28:34 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/12/22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/28 09:59:08 | 000,045,752 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCASp50.sys -- (PCASp50)
DRV:64bit: - [2009/10/26 22:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/10/26 22:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/15 19:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 12:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 17:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2007/04/23 18:12:44 | 000,739,760 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BisonCam.sys -- (Cam5603D)
DRV:64bit: - [2006/09/02 23:53:54 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2010/07/09 11:19:04 | 000,021,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys -- (cpuz134)
DRV - [2009/10/28 09:59:08 | 000,045,752 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3964745361-1973383320-2877571132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3964745361-1973383320-2877571132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3964745361-1973383320-2877571132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 B8 4B 00 BB F3 CB 01 [binary data]
IE - HKU\S-1-5-21-3964745361-1973383320-2877571132-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\DLee\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DLee\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DLee\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: X:\Adobe\CS5 Master Suite\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/03/20 02:02:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG8\Firefox [2011/06/07 23:46:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/31 22:58:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/30 14:33:15 | 000,000,000 | ---D | M]

[2012/02/04 17:32:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Extensions
[2012/02/04 17:48:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions
[2011/09/07 20:54:57 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2011/03/19 23:21:07 | 000,000,000 | ---D | M] (Define Word) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{1395baf2-3aa6-4d0f-83d6-1d9b66a9420d}
[2011/09/08 20:16:15 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2011/03/19 23:21:07 | 000,000,000 | ---D | M] (Print/Print Preview) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}
[2011/03/19 23:21:07 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/09/07 20:54:53 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/09/07 20:54:52 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011/03/19 23:23:49 | 000,000,000 | ---D | M] (oldbar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2011/03/19 23:25:27 | 000,000,000 | ---D | M] (FavLoc) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{472f4ef0-a825-11da-a746-0800200c9a66}
[2011/03/19 23:21:04 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/09/10 13:39:06 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2011/03/19 23:21:04 | 000,000,000 | ---D | M] ("ProCon Latte") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}
[2011/03/19 23:21:04 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011/09/07 20:54:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/27 04:06:30 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/09/07 20:54:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/19 23:21:02 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/05/16 21:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/03/19 23:21:01 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/09/07 20:54:51 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/03/19 23:21:00 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2011/10/27 17:11:56 | 000,000,000 | ---D | M] (Craigslist Image Prefetcher) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/03/19 23:21:11 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/03/19 23:21:10 | 000,000,000 | ---D | M] ("KGen") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/04/24 17:01:18 | 000,000,000 | ---D | M] (Show Picture) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/08/24 21:33:18 | 000,000,000 | ---D | M] (Save Images) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/04/18 02:00:33 | 000,000,000 | ---D | M] (Multi Links) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/05/16 21:59:57 | 000,000,000 | ---D | M] ("SEO For Firefox") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/03/19 23:21:09 | 000,000,000 | ---D | M] (SeoQuake Plugin - Del.icio.us) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/03/19 23:21:09 | 000,000,000 | ---D | M] (SeoQuake Plugin - Seolinx) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/09/07 20:54:54 | 000,000,000 | ---D | M] (Simple Timer) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/03/19 23:21:09 | 000,000,000 | ---D | M] ("Status-bar Scientific Calculator") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/05/16 21:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2011/03/27 04:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions
[2011/03/19 23:20:26 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2011/03/19 23:20:26 | 000,000,000 | ---D | M] (Define Word) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{1395baf2-3aa6-4d0f-83d6-1d9b66a9420d}
[2011/03/19 23:20:26 | 000,000,000 | ---D | M] (Print/Print Preview) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}
[2011/03/19 23:20:26 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/03/19 16:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/19 23:20:26 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/03/19 23:20:25 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011/03/19 23:20:22 | 000,000,000 | ---D | M] (Data Analytics) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{377364a4-d91a-47ea-87de-c3d7eaf221cd}
[2011/03/19 23:20:22 | 000,000,000 | ---D | M] (oldbar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2011/03/19 23:20:22 | 000,000,000 | ---D | M] (FavLoc) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{472f4ef0-a825-11da-a746-0800200c9a66}
[2011/03/19 23:20:21 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/03/19 23:20:21 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2011/03/19 23:20:19 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011/03/19 23:20:19 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011/03/19 23:20:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/27 04:06:30 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/03/19 23:20:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2011/03/19 23:20:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/19 23:20:16 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/03/19 23:20:14 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/03/19 23:20:14 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/03/19 23:20:14 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2011/03/19 23:20:30 | 000,000,000 | ---D | M] (Show Picture) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:29 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:28 | 000,000,000 | ---D | M] ("Highlights") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:28 | 000,000,000 | ---D | M] ("SEO For Firefox") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:28 | 000,000,000 | ---D | M] (SeoQuake Plugin - Del.icio.us) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:28 | 000,000,000 | ---D | M] (SeoQuake Plugin - Seolinx) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:28 | 000,000,000 | ---D | M] ("Simple Timer") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:27 | 000,000,000 | ---D | M] (Site Information Tool) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\staged-xpis
[2011/03/19 23:20:26 | 000,000,000 | ---D | M] ("Status-bar Scientific Calculator") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/27 04:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\fnhvl5tp.default\extensions
[2011/03/27 04:06:30 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\fnhvl5tp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/02/04 17:48:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/19 23:18:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/04/12 23:27:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/13 12:41:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2007/12/13 09:55:00 | 000,437,760 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npagent.dll
[2010/03/27 17:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2005/12/05 21:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npmozax.dll
[2008/06/30 21:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npOGAPlugin.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Driver Agent Plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npagent.dll
CHR - plugin: Adobe Contribute CS5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
CHR - plugin: DivX\u00AE Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Office Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npOGAPlugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\DLee\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\DLee\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\DLee\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\DLee\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/04 17:32:55 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - X:\Adobe\CS5 Master Suite\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - X:\Adobe\CS5 Master Suite\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-3964745361-1973383320-2877571132-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Control Center] C:\Program Files (x86)\ASUS\WLAN Card Utilities\CenterAgent.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3964745361-1973383320-2877571132-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3964745361-1973383320-2877571132-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3964745361-1973383320-2877571132-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75EF2997-7330-4525-AF98-B85397041F3F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3964745361-1973383320-2877571132-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/02/04 17:32:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/04 17:22:30 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\DLee\Desktop\aswMBR.exe
[2012/02/03 18:17:18 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/02/03 18:05:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/03 17:00:28 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/01/31 22:53:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/31 22:53:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/31 22:53:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/31 22:53:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/31 22:53:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/31 22:36:58 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\DLee\Desktop\HiJackThis.exe
[2012/01/31 22:36:28 | 004,395,075 | R--- | C] (Swearware) -- C:\Users\DLee\Desktop\DLeeFix.exe
[2012/01/31 22:32:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\DLee\Desktop\OTL.exe
[2012/01/31 22:20:02 | 000,000,000 | ---D | C] -- C:\Users\DLee\AppData\Roaming\Malwarebytes
[2012/01/31 22:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/31 22:13:10 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\DLee\Desktop\mbam-setup-1.60.1.1000.exe
[2012/01/31 22:06:48 | 000,000,000 | ---D | C] -- C:\Users\DLee\Desktop\SmitfraudFix
[2012/01/26 21:51:37 | 000,000,000 | ---D | C] -- C:\Users\DLee\AppData\Roaming\Adobe Mini Bridge CS5
[2012/01/26 21:23:40 | 000,000,000 | ---D | C] -- C:\Users\DLee\Jobs 2012
[2012/01/15 23:15:08 | 000,000,000 | ---D | C] -- C:\Users\DLee\Marine Officer Docs
[2012/01/12 20:07:19 | 000,000,000 | ---D | C] -- C:\Users\DLee\Desktop\SAW 1-7 (2004 - 2010) DvdRips XviD Xult

========== Files - Modified Within 30 Days ==========

[2012/02/05 12:21:49 | 000,030,720 | ---- | M] () -- C:\Users\DLee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/05 12:15:29 | 005,036,553 | ---- | M] () -- C:\Users\DLee\Desktop\Suzuki_m50_m800_Boulevard_BURNCHASSIS_DIY_Homemade_motorcycl.flv
[2012/02/05 12:13:09 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012/02/05 11:59:48 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3964745361-1973383320-2877571132-1000UA.job
[2012/02/05 11:59:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/04 18:30:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3964745361-1973383320-2877571132-1000Core.job
[2012/02/04 17:44:39 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/04 17:44:39 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/04 17:37:09 | 4293,533,694 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/04 17:32:55 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/02/04 17:25:02 | 000,000,512 | ---- | M] () -- C:\Users\DLee\Desktop\MBR.dat
[2012/02/04 17:23:52 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\DLee\Desktop\aswMBR.exe
[2012/02/04 17:20:10 | 089,634,404 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2012/02/03 21:55:29 | 031,162,464 | ---- | M] () -- C:\Users\DLee\Desktop\Harley Davidson Service Manual Sportster 86-03.pdf
[2012/02/03 17:49:38 | 000,000,691 | ---- | M] () -- C:\Users\DLee\AppData\Roaming\GetValue.vbs
[2012/02/03 17:49:38 | 000,000,035 | ---- | M] () -- C:\Users\DLee\AppData\Roaming\SetValue.bat
[2012/02/03 17:44:16 | 000,000,456 | ---- | M] () -- C:\Windows\wininit.ini
[2012/02/02 23:15:53 | 000,440,303 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120203-171806.backup
[2012/02/02 23:08:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120202-231553.backup
[2012/02/02 19:09:38 | 000,044,231 | ---- | M] () -- C:\Users\DLee\396296_10150615620547429_533717428_10881579_1823029198_n.jpg
[2012/02/01 23:13:56 | 012,424,321 | ---- | M] () -- C:\Users\DLee\Desktop\Motorcycle_Lair_How_to_Change_a_Fork_Seal_Leak_Part_2_of_2.flv
[2012/02/01 22:54:05 | 009,395,590 | ---- | M] () -- C:\Users\DLee\Desktop\39mm_Front_Fork_Assembly.flv
[2012/02/01 22:52:51 | 049,461,583 | ---- | M] () -- C:\Users\DLee\Desktop\Motorcycle_Lair_How_to_Fix_a_Fork_Seal_Leak_Part_1_of_2.flv
[2012/02/01 21:36:29 | 000,002,932 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012/01/31 23:23:06 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120201-000008.backup
[2012/01/31 22:38:04 | 014,357,624 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\DLee\Desktop\SUPERAntiSpyware.exe
[2012/01/31 22:37:33 | 001,872,472 | ---- | M] () -- C:\Users\DLee\Desktop\SmackfrizFax.exe
[2012/01/31 22:36:58 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\DLee\Desktop\HiJackThis.exe
[2012/01/31 22:36:32 | 004,395,075 | R--- | M] (Swearware) -- C:\Users\DLee\Desktop\DLeeFix.exe
[2012/01/31 22:32:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\DLee\Desktop\OTL.exe
[2012/01/31 22:13:22 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\DLee\Desktop\mbam-setup-1.60.1.1000.exe
[2012/01/31 19:54:44 | 000,000,954 | ---- | M] () -- C:\Users\DLee\Desktop\regfix.reg
[2012/01/30 18:54:59 | 000,000,882 | RH-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120130-230049.backup
[2012/01/28 10:41:56 | 000,007,534 | ---- | M] () -- C:\Users\DLee\420427_317348844974675_131437750232453_900474_797310643_n.jpg
[2012/01/27 16:38:14 | 003,105,442 | ---- | M] () -- C:\Users\DLee\Desktop\Oily_Stuff_Under_Carb.flv
[2012/01/24 23:25:57 | 000,002,373 | ---- | M] () -- C:\Users\DLee\Desktop\Google Chrome.lnk
[2012/01/18 22:35:23 | 000,190,180 | ---- | M] () -- C:\Users\DLee\Desktop\Dynojet Normal.pdf
[2012/01/18 18:47:28 | 000,170,760 | ---- | M] () -- C:\Users\DLee\Desktop\Dynojet 883 Racer.pdf
[2012/01/15 12:13:44 | 000,440,213 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120119-175357.backup
[2012/01/14 18:54:47 | 000,029,153 | ---- | M] () -- C:\Users\DLee\Desktop\ruler_foot-1.pdf
[2012/01/11 22:38:08 | 052,451,901 | ---- | M] () -- C:\Users\DLee\Desktop\Lynyrd_Skynyrd_-_Simple_Man_-_super_easy_beginner_acoustic_g.flv
[2012/01/11 19:32:11 | 000,091,336 | ---- | M] () -- C:\Users\DLee\Desktop\SR-i900 Remote Web-500x500.jpg
[2012/01/09 22:04:09 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/09 00:49:17 | 000,440,086 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120115-121344.backup
[2012/01/09 00:47:45 | 000,007,634 | ---- | M] () -- C:\Users\DLee\AppData\Local\resmon.resmoncfg
[2012/01/09 00:35:35 | 000,440,086 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120109-004917.backup
[2012/01/08 10:17:17 | 002,375,667 | ---- | M] () -- C:\Users\DLee\Desktop\Lynyrd_Skynyrd_-_Simple_Man.flv
[2012/01/07 18:49:04 | 003,534,906 | ---- | M] () -- C:\Users\DLee\Desktop\wnr834bv2_2_1_13_na_only.chk
[2012/01/06 22:46:06 | 000,043,229 | ---- | M] () -- C:\Users\DLee\Desktop\384826_10100443104666527_3625256_55133678_1505682643_n.jpg

========== Files Created - No Company Name ==========

[2012/02/05 12:15:29 | 005,036,553 | ---- | C] () -- C:\Users\DLee\Desktop\Suzuki_m50_m800_Boulevard_BURNCHASSIS_DIY_Homemade_motorcycl.flv
[2012/02/04 11:57:55 | 000,000,512 | ---- | C] () -- C:\Users\DLee\Desktop\MBR.dat
[2012/02/02 19:09:38 | 000,044,231 | ---- | C] () -- C:\Users\DLee\396296_10150615620547429_533717428_10881579_1823029198_n.jpg
[2012/02/01 23:10:12 | 012,424,321 | ---- | C] () -- C:\Users\DLee\Desktop\Motorcycle_Lair_How_to_Change_a_Fork_Seal_Leak_Part_2_of_2.flv
[2012/02/01 22:51:12 | 009,395,590 | ---- | C] () -- C:\Users\DLee\Desktop\39mm_Front_Fork_Assembly.flv
[2012/02/01 22:46:41 | 049,461,583 | ---- | C] () -- C:\Users\DLee\Desktop\Motorcycle_Lair_How_to_Fix_a_Fork_Seal_Leak_Part_1_of_2.flv
[2012/01/31 22:53:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/31 22:53:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/31 22:53:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/31 22:53:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/31 22:53:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/31 22:12:26 | 001,872,472 | ---- | C] () -- C:\Users\DLee\Desktop\SmackfrizFax.exe
[2012/01/31 21:59:29 | 000,000,691 | ---- | C] () -- C:\Users\DLee\AppData\Roaming\GetValue.vbs
[2012/01/31 21:59:29 | 000,000,035 | ---- | C] () -- C:\Users\DLee\AppData\Roaming\SetValue.bat
[2012/01/31 19:54:52 | 000,000,954 | ---- | C] () -- C:\Users\DLee\Desktop\regfix.reg
[2012/01/30 20:06:51 | 000,000,456 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/28 10:41:56 | 000,007,534 | ---- | C] () -- C:\Users\DLee\420427_317348844974675_131437750232453_900474_797310643_n.jpg
[2012/01/27 16:38:08 | 003,105,442 | ---- | C] () -- C:\Users\DLee\Desktop\Oily_Stuff_Under_Carb.flv
[2012/01/18 22:35:23 | 000,190,180 | ---- | C] () -- C:\Users\DLee\Desktop\Dynojet Normal.pdf
[2012/01/18 18:47:28 | 000,170,760 | ---- | C] () -- C:\Users\DLee\Desktop\Dynojet 883 Racer.pdf
[2012/01/14 18:54:47 | 000,029,153 | ---- | C] () -- C:\Users\DLee\Desktop\ruler_foot-1.pdf
[2012/01/11 22:31:21 | 052,451,901 | ---- | C] () -- C:\Users\DLee\Desktop\Lynyrd_Skynyrd_-_Simple_Man_-_super_easy_beginner_acoustic_g.flv
[2012/01/11 19:32:10 | 000,091,336 | ---- | C] () -- C:\Users\DLee\Desktop\SR-i900 Remote Web-500x500.jpg
[2012/01/08 10:17:17 | 002,375,667 | ---- | C] () -- C:\Users\DLee\Desktop\Lynyrd_Skynyrd_-_Simple_Man.flv
[2012/01/07 18:46:00 | 003,534,906 | ---- | C] () -- C:\Users\DLee\Desktop\wnr834bv2_2_1_13_na_only.chk
[2012/01/06 22:44:29 | 000,043,229 | ---- | C] () -- C:\Users\DLee\Desktop\384826_10100443104666527_3625256_55133678_1505682643_n.jpg
[2011/11/09 18:47:41 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2011/09/14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/07 21:32:25 | 000,165,536 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/08/24 19:19:10 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/08/20 20:19:16 | 000,000,008 | RHS- | C] () -- C:\Windows\SysWow64\D81DEDD44C.sys
[2011/08/20 20:18:02 | 000,000,088 | RHS- | C] () -- C:\Windows\SysWow64\317C373DAA.sys
[2011/08/20 20:11:02 | 000,002,932 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011/07/07 20:55:50 | 000,001,456 | ---- | C] () -- C:\Users\DLee\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/06/27 22:23:38 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
[2011/06/02 11:34:26 | 000,008,257 | ---- | C] () -- C:\Users\DLee\AppData\Roaming\AC1A.C40
[2011/05/01 12:17:39 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys
[2011/05/01 12:17:39 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin
[2011/04/13 12:08:06 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/04/13 12:08:06 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/04/10 22:57:56 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/02 14:52:57 | 000,030,720 | ---- | C] () -- C:\Users\DLee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/02 14:45:31 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/03/24 23:46:22 | 000,000,255 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/03/24 23:46:22 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/03/24 23:45:26 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/03/24 23:45:26 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/03/24 23:44:50 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/03/24 23:44:50 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/03/24 23:44:50 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/03/20 16:40:31 | 000,003,608 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/03/20 16:40:31 | 000,000,008 | RHS- | C] () -- C:\ProgramData\0571F720CC.sys
[2011/03/20 00:48:37 | 000,120,268 | ---- | C] () -- C:\Windows\File Renamer - Basic Uninstaller.exe
[2011/03/19 22:41:55 | 000,007,634 | ---- | C] () -- C:\Users\DLee\AppData\Local\resmon.resmoncfg
[2011/03/19 22:38:22 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/03/19 20:29:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/19 20:23:46 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/03/19 20:23:46 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/03/19 20:18:08 | 000,039,233 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/03/19 20:16:17 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/03/19 20:16:13 | 000,032,217 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/05 18:48:34 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 04:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/03/29 22:32:40 | 000,032,768 | R--- | C] () -- C:\Windows\DAODx.exe
[2008/12/01 17:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2007/11/26 20:56:28 | 000,151,415 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2007/06/05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\SysWow64\PSIService.exe

========== LOP Check ==========

[2011/03/21 04:27:59 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Ableton
[2011/03/21 00:58:33 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\acccore
[2012/02/02 21:12:15 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Azureus
[2011/04/11 22:10:33 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Braid
[2011/03/31 01:49:31 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\DAEMON Tools Lite
[2011/03/25 02:30:31 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Guitar Pro 6
[2011/03/20 00:01:03 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\IObit
[2011/05/31 22:16:42 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\IrfanView
[2011/03/22 00:00:50 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Leadertech
[2011/10/22 18:05:57 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Magic Set Editor
[2012/01/15 12:05:17 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Notepad++
[2011/09/07 21:46:01 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Opera
[2011/11/09 18:47:41 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\PACE Anti-Piracy
[2011/05/01 03:00:04 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\SoundSpectrum
[2011/04/12 23:43:33 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/05/15 04:16:12 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\vghd
[2011/09/17 22:03:09 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Wizards of the Coast
[2012/01/30 23:25:13 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you post the log where spybot shows the infection please
  • 0

#12
Daniel Christmas Lee

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts
Please see attached.

Attached File  Spybot - Search & Destroy scan report.pdf   14.88KB   396 downloads

Thanks!
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm that is not showing in any of my scans - so lets remove it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    ipconfig /flushdns /c
    C:\Windows\svchost.exe

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#14
Daniel Christmas Lee

Daniel Christmas Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 208 posts
Here are the logs:

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\DLee\Desktop\cmd.bat deleted successfully.
C:\Users\DLee\Desktop\cmd.txt deleted successfully.
C:\Windows\svchost.exe moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DLee
->Temp folder emptied: 15716 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 133362183 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 3335 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 162 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 127.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 02062012_200952

Files\Folders moved on Reboot...
C:\Users\DLee\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\04c6a255-5349-498c-aa91-8d3167921c0a.tmp moved successfully.
C:\Windows\temp\51164ebf-1544-4edf-90fd-678aed8fbea0.tmp moved successfully.
C:\Windows\temp\6cccc67a-a4c5-426d-aec4-65873d399777.tmp moved successfully.
C:\Windows\temp\7a232b36-20f6-433b-8899-ec0bd7a97f4a.tmp moved successfully.
C:\Windows\temp\8da9e960-85e6-46d0-a092-ca6cd7139467.tmp moved successfully.
C:\Windows\temp\9da3ce44-ed01-48da-a3bb-8a8d23b37687.tmp moved successfully.
C:\Windows\temp\a0b20f2b-6b61-4f3d-bc16-b63ea0fc0c60.tmp moved successfully.
C:\Windows\temp\b93af9e0-efe7-425a-89c2-b533e3c8eeef.tmp moved successfully.
C:\Windows\temp\bc5159db-b380-4fb0-9096-85e66865957d.tmp moved successfully.
C:\Windows\temp\f4f392cd-0224-49c8-961e-dd0d660cb9c8.tmp moved successfully.
C:\Windows\temp\fa25629b-9086-434d-ac5c-96f719937701.tmp moved successfully.

Registry entries deleted on Reboot...

OTL logfile created on: 2/6/2012 8:23:20 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\DLee\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

16.00 Gb Total Physical Memory | 14.01 Gb Available Physical Memory | 87.54% Memory free
31.99 Gb Paging File | 29.98 Gb Available in Paging File | 93.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.65 Gb Total Space | 205.71 Gb Free Space | 44.18% Space Free | Partition Type: NTFS
Drive E: | 59.63 Gb Total Space | 19.20 Gb Free Space | 32.20% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 28.35 Gb Free Space | 6.09% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 141.39 Gb Free Space | 30.36% Space Free | Partition Type: NTFS
Drive X: | 465.86 Gb Total Space | 167.82 Gb Free Space | 36.02% Space Free | Partition Type: NTFS

Computer Name: AEGIS | User Name: DLee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/31 22:32:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\DLee\Desktop\OTL.exe
PRC - [2011/06/07 23:44:08 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe
PRC - [2011/06/06 22:36:25 | 000,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgam.exe
PRC - [2011/01/13 08:42:54 | 001,799,168 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\Program Files (x86)\ASUS\WLAN Card Utilities\Center.exe
PRC - [2010/07/07 09:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010/06/23 22:19:50 | 000,109,056 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
PRC - [2010/03/27 11:41:20 | 001,137,280 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe
PRC - [2009/12/28 16:49:36 | 000,121,472 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
PRC - [2009/10/21 11:12:50 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/10/16 09:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009/05/21 14:09:04 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe
PRC - [2009/03/29 22:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe


========== Modules (No Company Name) ==========

MOD - [2010/06/01 09:38:40 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll
MOD - [2010/02/08 16:19:52 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll
MOD - [2009/03/29 22:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
MOD - [2005/10/24 15:02:46 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\AsMultiLang.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/08 12:42:32 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/09/08 09:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/11/20 05:25:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2009/07/17 05:31:34 | 004,948,992 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2009/07/13 17:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009/07/13 17:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2011/06/07 23:44:08 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2011/04/27 09:42:06 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/20 04:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/07/01 03:45:02 | 000,136,616 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2010/06/23 22:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/16 09:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/07/13 17:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 14:09:04 | 000,172,032 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe -- (ASWLCCSvc)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/08 10:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/08 08:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 17:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/24 05:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/06/07 23:44:14 | 000,427,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2011/06/06 22:37:18 | 000,133,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2011/06/06 22:37:18 | 000,033,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2011/06/06 22:37:18 | 000,014,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (AvgRkx64)
DRV:64bit: - [2011/06/06 14:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/04/30 03:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/04/30 03:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/03/28 02:55:50 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/03/28 02:53:22 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 15:50:14 | 000,018,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 05:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 05:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 03:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/20 09:49:06 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/12 16:42:28 | 001,104,672 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010/01/27 17:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/11 03:28:34 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/12/22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/28 09:59:08 | 000,045,752 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCASp50.sys -- (PCASp50)
DRV:64bit: - [2009/10/26 22:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/10/26 22:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/15 19:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 12:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 17:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2007/04/23 18:12:44 | 000,739,760 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BisonCam.sys -- (Cam5603D)
DRV:64bit: - [2006/09/02 23:53:54 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2010/07/09 11:19:04 | 000,021,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys -- (cpuz134)
DRV - [2009/10/28 09:59:08 | 000,045,752 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 B8 4B 00 BB F3 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\DLee\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DLee\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DLee\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: X:\Adobe\CS5 Master Suite\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/03/20 02:02:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG8\Firefox [2011/06/07 23:46:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/31 22:58:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/30 14:33:15 | 000,000,000 | ---D | M]

[2012/02/04 17:32:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Extensions
[2012/02/06 18:37:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions
[2011/09/07 20:54:57 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2011/03/19 23:21:07 | 000,000,000 | ---D | M] (Define Word) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{1395baf2-3aa6-4d0f-83d6-1d9b66a9420d}
[2011/09/08 20:16:15 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2011/03/19 23:21:07 | 000,000,000 | ---D | M] (Print/Print Preview) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}
[2011/03/19 23:21:07 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/09/07 20:54:53 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/09/07 20:54:52 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011/03/19 23:23:49 | 000,000,000 | ---D | M] (oldbar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2011/03/19 23:25:27 | 000,000,000 | ---D | M] (FavLoc) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{472f4ef0-a825-11da-a746-0800200c9a66}
[2011/03/19 23:21:04 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/09/10 13:39:06 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2011/03/19 23:21:04 | 000,000,000 | ---D | M] ("ProCon Latte") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}
[2011/03/19 23:21:04 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011/09/07 20:54:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/27 04:06:30 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/09/07 20:54:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/19 23:21:02 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/05/16 21:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/03/19 23:21:01 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/09/07 20:54:51 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/03/19 23:21:00 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2011/10/27 17:11:56 | 000,000,000 | ---D | M] (Craigslist Image Prefetcher) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/03/19 23:21:11 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/03/19 23:21:10 | 000,000,000 | ---D | M] ("KGen") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/04/24 17:01:18 | 000,000,000 | ---D | M] (Show Picture) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/08/24 21:33:18 | 000,000,000 | ---D | M] (Save Images) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/04/18 02:00:33 | 000,000,000 | ---D | M] (Multi Links) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/05/16 21:59:57 | 000,000,000 | ---D | M] ("SEO For Firefox") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/03/19 23:21:09 | 000,000,000 | ---D | M] (SeoQuake Plugin - Del.icio.us) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/03/19 23:21:09 | 000,000,000 | ---D | M] (SeoQuake Plugin - Seolinx) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/09/07 20:54:54 | 000,000,000 | ---D | M] (Simple Timer) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/03/19 23:21:09 | 000,000,000 | ---D | M] ("Status-bar Scientific Calculator") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2011/05/16 21:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2011/03/27 04:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions
[2011/03/19 23:20:26 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2011/03/19 23:20:26 | 000,000,000 | ---D | M] (Define Word) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{1395baf2-3aa6-4d0f-83d6-1d9b66a9420d}
[2011/03/19 23:20:26 | 000,000,000 | ---D | M] (Print/Print Preview) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}
[2011/03/19 23:20:26 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/03/19 16:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/19 23:20:26 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/03/19 23:20:25 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011/03/19 23:20:22 | 000,000,000 | ---D | M] (Data Analytics) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{377364a4-d91a-47ea-87de-c3d7eaf221cd}
[2011/03/19 23:20:22 | 000,000,000 | ---D | M] (oldbar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2011/03/19 23:20:22 | 000,000,000 | ---D | M] (FavLoc) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{472f4ef0-a825-11da-a746-0800200c9a66}
[2011/03/19 23:20:21 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/03/19 23:20:21 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2011/03/19 23:20:19 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011/03/19 23:20:19 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011/03/19 23:20:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/27 04:06:30 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/03/19 23:20:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2011/03/19 23:20:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/19 23:20:16 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/03/19 23:20:14 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/03/19 23:20:14 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/03/19 23:20:14 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2011/03/19 23:20:30 | 000,000,000 | ---D | M] (Show Picture) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:29 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:28 | 000,000,000 | ---D | M] ("Highlights") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:28 | 000,000,000 | ---D | M] ("SEO For Firefox") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:28 | 000,000,000 | ---D | M] (SeoQuake Plugin - Del.icio.us) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:28 | 000,000,000 | ---D | M] (SeoQuake Plugin - Seolinx) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:28 | 000,000,000 | ---D | M] ("Simple Timer") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:27 | 000,000,000 | ---D | M] (Site Information Tool) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/19 23:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\staged-xpis
[2011/03/19 23:20:26 | 000,000,000 | ---D | M] ("Status-bar Scientific Calculator") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/27 04:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\fnhvl5tp.default\extensions
[2011/03/27 04:06:30 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\fnhvl5tp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/02/05 23:14:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/19 23:18:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/04/12 23:27:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/13 12:41:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2007/12/13 09:55:00 | 000,437,760 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npagent.dll
[2010/03/27 17:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2005/12/05 21:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npmozax.dll
[2008/06/30 21:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npOGAPlugin.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Driver Agent Plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npagent.dll
CHR - plugin: Adobe Contribute CS5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
CHR - plugin: DivX\u00AE Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Office Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npOGAPlugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\DLee\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\DLee\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\DLee\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\DLee\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/06 20:09:53 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - X:\Adobe\CS5 Master Suite\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - X:\Adobe\CS5 Master Suite\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Control Center] C:\Program Files (x86)\ASUS\WLAN Card Utilities\CenterAgent.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75EF2997-7330-4525-AF98-B85397041F3F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/02/06 19:56:36 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\DLee\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/04 17:32:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/04 17:22:30 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\DLee\Desktop\aswMBR.exe
[2012/02/03 18:17:18 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/02/03 18:05:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/03 17:00:28 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/01/31 22:53:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/31 22:53:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/31 22:53:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/31 22:53:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/31 22:53:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/31 22:36:58 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\DLee\Desktop\HiJackThis.exe
[2012/01/31 22:36:28 | 004,395,075 | R--- | C] (Swearware) -- C:\Users\DLee\Desktop\DLeeFix.exe
[2012/01/31 22:32:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\DLee\Desktop\OTL.exe
[2012/01/31 22:20:02 | 000,000,000 | ---D | C] -- C:\Users\DLee\AppData\Roaming\Malwarebytes
[2012/01/31 22:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/31 22:13:10 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\DLee\Desktop\mbam-setup-1.60.1.1000.exe
[2012/01/31 22:06:48 | 000,000,000 | ---D | C] -- C:\Users\DLee\Desktop\SmitfraudFix
[2012/01/26 21:51:37 | 000,000,000 | ---D | C] -- C:\Users\DLee\AppData\Roaming\Adobe Mini Bridge CS5
[2012/01/26 21:23:40 | 000,000,000 | ---D | C] -- C:\Users\DLee\Jobs 2012
[2012/01/15 23:15:08 | 000,000,000 | ---D | C] -- C:\Users\DLee\Marine Officer Docs
[2012/01/12 20:07:19 | 000,000,000 | ---D | C] -- C:\Users\DLee\Desktop\SAW 1-7 (2004 - 2010) DvdRips XviD Xult

========== Files - Modified Within 30 Days ==========

[2012/02/06 20:27:55 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/06 20:27:55 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/06 20:20:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/06 20:20:33 | 4293,533,694 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/06 20:19:36 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012/02/06 20:09:53 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/02/06 19:56:36 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\DLee\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/06 19:56:18 | 000,035,478 | ---- | M] () -- C:\Users\DLee\Desktop\mbam-download.php
[2012/02/06 19:30:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3964745361-1973383320-2877571132-1000UA.job
[2012/02/06 18:37:45 | 089,734,411 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2012/02/06 00:01:30 | 000,015,235 | ---- | M] () -- C:\Users\DLee\Desktop\Spybot - Search & Destroy scan report.pdf
[2012/02/05 23:09:59 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3964745361-1973383320-2877571132-1000Core.job
[2012/02/05 12:21:49 | 000,030,720 | ---- | M] () -- C:\Users\DLee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/05 12:15:29 | 005,036,553 | ---- | M] () -- C:\Users\DLee\Desktop\Suzuki_m50_m800_Boulevard_BURNCHASSIS_DIY_Homemade_motorcycl.flv
[2012/02/04 17:25:02 | 000,000,512 | ---- | M] () -- C:\Users\DLee\Desktop\MBR.dat
[2012/02/04 17:23:52 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\DLee\Desktop\aswMBR.exe
[2012/02/03 21:55:29 | 031,162,464 | ---- | M] () -- C:\Users\DLee\Desktop\Harley Davidson Service Manual Sportster 86-03.pdf
[2012/02/03 17:49:38 | 000,000,691 | ---- | M] () -- C:\Users\DLee\AppData\Roaming\GetValue.vbs
[2012/02/03 17:49:38 | 000,000,035 | ---- | M] () -- C:\Users\DLee\AppData\Roaming\SetValue.bat
[2012/02/03 17:44:16 | 000,000,456 | ---- | M] () -- C:\Windows\wininit.ini
[2012/02/02 23:15:53 | 000,440,303 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120203-171806.backup
[2012/02/02 23:08:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120202-231553.backup
[2012/02/02 19:09:38 | 000,044,231 | ---- | M] () -- C:\Users\DLee\396296_10150615620547429_533717428_10881579_1823029198_n.jpg
[2012/02/01 23:13:56 | 012,424,321 | ---- | M] () -- C:\Users\DLee\Desktop\Motorcycle_Lair_How_to_Change_a_Fork_Seal_Leak_Part_2_of_2.flv
[2012/02/01 22:54:05 | 009,395,590 | ---- | M] () -- C:\Users\DLee\Desktop\39mm_Front_Fork_Assembly.flv
[2012/02/01 22:52:51 | 049,461,583 | ---- | M] () -- C:\Users\DLee\Desktop\Motorcycle_Lair_How_to_Fix_a_Fork_Seal_Leak_Part_1_of_2.flv
[2012/02/01 21:36:29 | 000,002,932 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012/01/31 23:23:06 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120201-000008.backup
[2012/01/31 22:38:04 | 014,357,624 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\DLee\Desktop\SUPERAntiSpyware.exe
[2012/01/31 22:37:33 | 001,872,472 | ---- | M] () -- C:\Users\DLee\Desktop\SmackfrizFax.exe
[2012/01/31 22:36:58 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\DLee\Desktop\HiJackThis.exe
[2012/01/31 22:36:32 | 004,395,075 | R--- | M] (Swearware) -- C:\Users\DLee\Desktop\DLeeFix.exe
[2012/01/31 22:32:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\DLee\Desktop\OTL.exe
[2012/01/31 22:13:22 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\DLee\Desktop\mbam-setup-1.60.1.1000.exe
[2012/01/31 19:54:44 | 000,000,954 | ---- | M] () -- C:\Users\DLee\Desktop\regfix.reg
[2012/01/30 18:54:59 | 000,000,882 | RH-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120130-230049.backup
[2012/01/28 10:41:56 | 000,007,534 | ---- | M] () -- C:\Users\DLee\420427_317348844974675_131437750232453_900474_797310643_n.jpg
[2012/01/27 16:38:14 | 003,105,442 | ---- | M] () -- C:\Users\DLee\Desktop\Oily_Stuff_Under_Carb.flv
[2012/01/24 23:25:57 | 000,002,373 | ---- | M] () -- C:\Users\DLee\Desktop\Google Chrome.lnk
[2012/01/18 22:35:23 | 000,190,180 | ---- | M] () -- C:\Users\DLee\Desktop\Dynojet Normal.pdf
[2012/01/18 18:47:28 | 000,170,760 | ---- | M] () -- C:\Users\DLee\Desktop\Dynojet 883 Racer.pdf
[2012/01/15 12:13:44 | 000,440,213 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120119-175357.backup
[2012/01/14 18:54:47 | 000,029,153 | ---- | M] () -- C:\Users\DLee\Desktop\ruler_foot-1.pdf
[2012/01/11 22:38:08 | 052,451,901 | ---- | M] () -- C:\Users\DLee\Desktop\Lynyrd_Skynyrd_-_Simple_Man_-_super_easy_beginner_acoustic_g.flv
[2012/01/11 19:32:11 | 000,091,336 | ---- | M] () -- C:\Users\DLee\Desktop\SR-i900 Remote Web-500x500.jpg
[2012/01/09 22:04:09 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/09 00:49:17 | 000,440,086 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120115-121344.backup
[2012/01/09 00:47:45 | 000,007,634 | ---- | M] () -- C:\Users\DLee\AppData\Local\resmon.resmoncfg
[2012/01/09 00:35:35 | 000,440,086 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120109-004917.backup
[2012/01/08 10:17:17 | 002,375,667 | ---- | M] () -- C:\Users\DLee\Desktop\Lynyrd_Skynyrd_-_Simple_Man.flv

========== Files Created - No Company Name ==========

[2012/02/06 19:56:18 | 000,035,478 | ---- | C] () -- C:\Users\DLee\Desktop\mbam-download.php
[2012/02/06 00:01:30 | 000,015,235 | ---- | C] () -- C:\Users\DLee\Desktop\Spybot - Search & Destroy scan report.pdf
[2012/02/05 12:15:29 | 005,036,553 | ---- | C] () -- C:\Users\DLee\Desktop\Suzuki_m50_m800_Boulevard_BURNCHASSIS_DIY_Homemade_motorcycl.flv
[2012/02/04 11:57:55 | 000,000,512 | ---- | C] () -- C:\Users\DLee\Desktop\MBR.dat
[2012/02/02 19:09:38 | 000,044,231 | ---- | C] () -- C:\Users\DLee\396296_10150615620547429_533717428_10881579_1823029198_n.jpg
[2012/02/01 23:10:12 | 012,424,321 | ---- | C] () -- C:\Users\DLee\Desktop\Motorcycle_Lair_How_to_Change_a_Fork_Seal_Leak_Part_2_of_2.flv
[2012/02/01 22:51:12 | 009,395,590 | ---- | C] () -- C:\Users\DLee\Desktop\39mm_Front_Fork_Assembly.flv
[2012/02/01 22:46:41 | 049,461,583 | ---- | C] () -- C:\Users\DLee\Desktop\Motorcycle_Lair_How_to_Fix_a_Fork_Seal_Leak_Part_1_of_2.flv
[2012/01/31 22:53:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/31 22:53:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/31 22:53:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/31 22:53:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/31 22:53:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/31 22:12:26 | 001,872,472 | ---- | C] () -- C:\Users\DLee\Desktop\SmackfrizFax.exe
[2012/01/31 21:59:29 | 000,000,691 | ---- | C] () -- C:\Users\DLee\AppData\Roaming\GetValue.vbs
[2012/01/31 21:59:29 | 000,000,035 | ---- | C] () -- C:\Users\DLee\AppData\Roaming\SetValue.bat
[2012/01/31 19:54:52 | 000,000,954 | ---- | C] () -- C:\Users\DLee\Desktop\regfix.reg
[2012/01/30 20:06:51 | 000,000,456 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/28 10:41:56 | 000,007,534 | ---- | C] () -- C:\Users\DLee\420427_317348844974675_131437750232453_900474_797310643_n.jpg
[2012/01/27 16:38:08 | 003,105,442 | ---- | C] () -- C:\Users\DLee\Desktop\Oily_Stuff_Under_Carb.flv
[2012/01/18 22:35:23 | 000,190,180 | ---- | C] () -- C:\Users\DLee\Desktop\Dynojet Normal.pdf
[2012/01/18 18:47:28 | 000,170,760 | ---- | C] () -- C:\Users\DLee\Desktop\Dynojet 883 Racer.pdf
[2012/01/14 18:54:47 | 000,029,153 | ---- | C] () -- C:\Users\DLee\Desktop\ruler_foot-1.pdf
[2012/01/11 22:31:21 | 052,451,901 | ---- | C] () -- C:\Users\DLee\Desktop\Lynyrd_Skynyrd_-_Simple_Man_-_super_easy_beginner_acoustic_g.flv
[2012/01/11 19:32:10 | 000,091,336 | ---- | C] () -- C:\Users\DLee\Desktop\SR-i900 Remote Web-500x500.jpg
[2012/01/08 10:17:17 | 002,375,667 | ---- | C] () -- C:\Users\DLee\Desktop\Lynyrd_Skynyrd_-_Simple_Man.flv
[2011/11/09 18:47:41 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2011/09/14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/07 21:32:25 | 000,165,536 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/08/24 19:19:10 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/08/20 20:19:16 | 000,000,008 | RHS- | C] () -- C:\Windows\SysWow64\D81DEDD44C.sys
[2011/08/20 20:18:02 | 000,000,088 | RHS- | C] () -- C:\Windows\SysWow64\317C373DAA.sys
[2011/08/20 20:11:02 | 000,002,932 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011/07/07 20:55:50 | 000,001,456 | ---- | C] () -- C:\Users\DLee\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/06/27 22:23:38 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
[2011/06/02 11:34:26 | 000,008,257 | ---- | C] () -- C:\Users\DLee\AppData\Roaming\AC1A.C40
[2011/05/01 12:17:39 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys
[2011/05/01 12:17:39 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin
[2011/04/13 12:08:06 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/04/13 12:08:06 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/04/10 22:57:56 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/02 14:52:57 | 000,030,720 | ---- | C] () -- C:\Users\DLee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/02 14:45:31 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/03/24 23:46:22 | 000,000,255 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/03/24 23:46:22 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/03/24 23:45:26 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/03/24 23:45:26 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/03/24 23:44:50 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/03/24 23:44:50 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/03/24 23:44:50 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/03/20 16:40:31 | 000,003,608 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/03/20 16:40:31 | 000,000,008 | RHS- | C] () -- C:\ProgramData\0571F720CC.sys
[2011/03/20 00:48:37 | 000,120,268 | ---- | C] () -- C:\Windows\File Renamer - Basic Uninstaller.exe
[2011/03/19 22:41:55 | 000,007,634 | ---- | C] () -- C:\Users\DLee\AppData\Local\resmon.resmoncfg
[2011/03/19 22:38:22 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/03/19 20:29:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/19 20:23:46 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/03/19 20:23:46 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/03/19 20:18:08 | 000,039,233 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/03/19 20:16:17 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/03/19 20:16:13 | 000,032,217 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/05 18:48:34 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 04:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009/03/29 22:32:40 | 000,032,768 | R--- | C] () -- C:\Windows\DAODx.exe
[2008/12/01 17:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2007/11/26 20:56:28 | 000,151,415 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2007/06/05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\SysWow64\PSIService.exe

========== LOP Check ==========

[2011/03/21 04:27:59 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Ableton
[2011/03/21 00:58:33 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\acccore
[2012/02/02 21:12:15 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Azureus
[2011/04/11 22:10:33 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Braid
[2011/03/31 01:49:31 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\DAEMON Tools Lite
[2011/03/25 02:30:31 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Guitar Pro 6
[2011/03/20 00:01:03 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\IObit
[2011/05/31 22:16:42 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\IrfanView
[2011/03/22 00:00:50 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Leadertech
[2011/10/22 18:05:57 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Magic Set Editor
[2012/01/15 12:05:17 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Notepad++
[2011/09/07 21:46:01 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Opera
[2011/11/09 18:47:41 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\PACE Anti-Piracy
[2011/05/01 03:00:04 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\SoundSpectrum
[2011/04/12 23:43:33 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/05/15 04:16:12 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\vghd
[2011/09/17 22:03:09 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Wizards of the Coast
[2012/01/30 23:25:13 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.07.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
DLee :: AEGIS [administrator]

Protection: Disabled

2/6/2012 8:45:20 PM
mbam-log-2012-02-06 (20-45-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 183612
Time elapsed: 2 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\System32\config\systemprofile\AppData\Roaming\krnlhtml.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Unlocker\eBay_shortcuts_1016.exe (Adware.Clicker) -> Quarantined and deleted successfully.

(end)

2012/02/06 20:57:54 -0800 AEGIS DLee MESSAGE Executing scheduled update: Daily
2012/02/06 20:57:55 -0800 AEGIS DLee MESSAGE Database already up-to-date
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP