Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

ATTN: Godawgs, Can We Look at My Home Computer [Closed]

Started by Daniel Christmas Lee , Jul 24 2012 11:29 PM

This topic is locked

#1
Daniel Christmas Lee

Posted 24 July 2012 - 11:29 PM

Member

Member
208 posts

As per Godawgs instructions I have posted a new thread regarding my Home Computer problems.

Hello Godawgs, where are you!?

To briefly describe the situation, I have since fixed my failure to use Windows Update. What was happening was that the "search for new updates" would hang. What I did was delete all the folders in Software Distribution, then manually started the Windows Update service via the Services menu.

However!

You know that "status icon" lower right of the screen, windows taskbar area? The icon for an Ethernet Internet connection? Well it shows an "X" but I'm connected to the internet, and also when I right click on it, and "open network and sharing center" it says I am connected... and the internet works fine ... just yeah that little icon shows as if I am not connected.

See attachment/screenshot.

As for the main problem... my Firefox at home will crash at least 2 two times a day. Everything is updated. I flushed my plugins. Haven't recreated the problem in safe mode. But yeah, that's what's going on...

Thanks Godawgs for answering my PM! Looking forward to hearing from you!

Cheers!

Attached Thumbnails

#2
godawgs

Posted 25 July 2012 - 10:16 AM

Teacher

Retired Staff
8,228 posts

Hi Daniel,

Are those your only problems or do you want to make sure nothing else is there?

You know that "status icon" lower right of the screen, windows taskbar area? The icon for an Ethernet Internet connection? Well it shows an "X" but I'm connected to the internet, and also when I right click on it, and "open network and sharing center" it says I am connected... and the internet works fine ... just yeah that little icon shows as if I am not connected.

The little icon shows that the wire (eathernet cable) is not connected to the eathernet adapter. That indicates that you are connected to the internet with a wireless adapter.
Open the Network and Sharing Center again.
In the left column, click Manage Network Connections, a Network Connections page will open.
There will probably be two network connections listed... a Local Area Connection and a Wireless Network Connection.

If you are connected to the internet wirelessly, the Local Area Connection will have a X under it and it will say Network Cable Unplugged beside it.
The Wireless Network Connection will have the network name beside it.

If that is what you see, everything is as it should be.

As for the main problem... my Firefox at home will crash at least 2 two times a day. Everything is updated. I flushed my plugins. Haven't recreated the problem in safe mode. But yeah, that's what's going on...

Does that mean that you haven't tried running Firefox in safe mode, or you have run it in safe mode and cannot recreate the problem?
What version of Firefox are you running on this computer?

Please answer my questions above and we'll take it from there.

Edited by godawgs, 25 July 2012 - 10:22 AM.

#3
Daniel Christmas Lee

Posted 25 July 2012 - 10:21 AM

Member

Topic Starter
Member
208 posts

Godawgs, thank you for your response!

The problems I listed are my current problems with my home desktop, but I would like to know if there is something lurking beneath.

I forgot to mention that when I open Chrome, the homepage (Google) hangs, and does not load until I press the Home button.

As for the Ethernet status icon... the weird part is... I am not connected wirelessly. I am connected through Ethernet cable, and I have internet connection, just the icon shows that I don't.

As for FF in safe mode, I meant I havent run FF in safe mode... I cannot operate in safe mode efficiently so I put it aside, however, I will try running in safe mode this evening when I spend hours on Facebook

What next?

#4
godawgs

Posted 25 July 2012 - 10:52 AM

Teacher

Retired Staff
8,228 posts

As for the Ethernet status icon... the weird part is... I am not connected wirelessly. I am connected through Ethernet cable, and I have internet connection, just the icon shows that I don't.

How is the computer connected? Is the eathernet cable connected directly to a DSL modem, or a router, or a direct internet cable coming into the house?
Is this a laptop or desktop?

#5
Daniel Christmas Lee

Posted 25 July 2012 - 11:36 AM

Member

Topic Starter
Member
208 posts

Desktop. Ethernet cables is connect to my wireless router which is connected to a cable modem which is connected to a cable from the wall.

This icon issue happened after I "fixed" my Windows Update issue. I might have disabled a service that should be enabled? Deleted a file that I should not have?

This issue is minor and is just an eyesore... makes me think I am lost internet connection, haha.

The main issue is my FF crashing every day, and Chrome hanging up.

I appreciate your help Godawgs.

#6
Daniel Christmas Lee

Posted 25 July 2012 - 08:52 PM

Member

Topic Starter
Member
208 posts

Ok the whole Ethernet icon thing is fixed... by unplugging my ethernet cable... restarting my computer... then plugging it back in...

Edited by Daniel Christmas Lee, 25 July 2012 - 08:52 PM.

#7
godawgs

Posted 26 July 2012 - 03:34 AM

Teacher

Retired Staff
8,228 posts

Hi Daniel,

Ok the whole Ethernet icon thing is fixed... by unplugging my ethernet cable... restarting my computer... then plugging it back in...

Yep, that's where we would have started looking for the problem. Glad you got it sorted out.

Let me know what happened when you ran FF in safe Mode.

Let's get a set of logs to look at.

Step-1.

Posted Image

OTL
OTL is currently our primary tool for searching key areas of the registry and other system locations for the telltale signs of malware. It generates a comprehensive log, and offers an initial diagnosis.

Download OTL to the Desktop. It is important that it is download to the Desktop. (FireFox users should right click the download link and click "Save File As". On the window that comes up, make sure the download location is the Desktop and click the Save button.)

OTL Custom Scan

1. Please copy the text in the code box below and paste it in the box in OTL. To do that:
Highlight everything inside the code box, right click the mouse and click Copy.

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.*
consrv.dll
wshelper.dll
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
C:\Program Files\Common Files\ComObjects\*.* /s
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c

2. Open OTL on the desktop. To do that:

Double click on the OTL icon to run it. Make sure all other windows are closed.
You will see a console like the one below:
Check the box beside Scan All Users at the top of the console
Make sure the Output box at the top is set to Standard Output.
Check the boxes beside LOP Check and Purity Check.
Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
Click the button. Do not change any settings unless otherwise told to do so.
Let the scan run uninterrupted. The scan won't take long.
When the scan completes, it will open OTL.Txton the desktop. Extras.txt will be minimized. These files are also saved in the same location as OTL (it should be on your desktop).
Please copy the contents of these files and paste them into your reply. To do that:
On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Repeat for the Extras.txt file

Step-2.

Run aswMBR

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe file to run it. (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
If it asks you if you want to download the latest virus definitions, click Yes
Click the "Scan" button to start the scan
On completion of the scan click save log. Save it to your desktop and post in your next reply.

NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe and try it again.

Step-3.

Things For Your Next Post:
1. The OTL.txt log
2. The Extras.txt log
3. The aswMBR log

#8
Daniel Christmas Lee

Posted 26 July 2012 - 12:16 PM

Member

Topic Starter
Member
208 posts

My apologies in advance, but I am jumping from my work computer to my home computer and back to my work... I'm an Account Manager.

Anyway, the Eternet icon problem is back... it turns out that unplugging and plugging it back in fixes the problem... but after reboot... the problem recurs. Again a minor eyesore issue.

I will run the scan shortly and also use FF in safe mode... but it's hard because FF safe mode sucks

#9
godawgs

Posted 27 July 2012 - 01:59 PM

Teacher

Retired Staff
8,228 posts

Hi Daniel,

Anyway, the Eternet icon problem is back... it turns out that unplugging and plugging it back in fixes the problem... but after reboot... the problem recurs. Again a minor eyesore issue.

If you unplugged the cable and plugged it back in and the red X went away, but then came back, we should check farther. The unplugged message you are getting is almost always a hardware problem...

1.
First, physically look at the NIC (Network Interface Card):
You can see the nic if you look at the back of the computer. It is in one of the card slots and has two lights on it, one green, one some other color (varies by mfr, could be green/yellow/red/orange); the green one (on the left, since it's an onboard NIC) should be lit simply by virtue of the PC being on. The other-color one (on the right) should only light up and/or blink while the cable is plugged in and you have a physically confirmed link.

Let me know if both lights are on when the computer is on, the cable is plugged in and you are linked to the internet.

2.
Try a different Eathernet cable. It could be an intermittent problem with the cable you have.
I know this sounds weird, but try a different phone line from the DSL modem to the computer. I read a case where the connector on the end of the phone line was faulty and it did the same thing.

3.
Try plugging the Eathernet cable into a different port on the router. Sometime ports go bad.

4.
Open Device Manager and see if there is a problem (question mark, yellow exclamation mark or red X) on any of the Network Adapters.

I will run the scan shortly and also use FF in safe mode... but it's hard because FF safe mode sucks

I agree, but it is the only way to tell if an add-on is causing the problem. And if it is an add-on, removing it is the only thing that will cure the problem.

5.
Please get me the scans I asked for.

#10
Daniel Christmas Lee

Posted 28 July 2012 - 01:27 PM

Member

Topic Starter
Member
208 posts

Hey Godawgs!

So about the Ethernet cable thing, device manager is clear, and status lights are fine. For some reason by computer is choosing to show the "x" even when I'm connected to the internets.

I ran OTL with your custom scan once, and no Extras file was generated, so I ran OTL with custom scan again, and no Extras. The first time the OTL file didn't even save to desktop. But here is the log from my second attempt:

OTL logfile created on: 7/27/2012 7:51:49 PM - Run 6
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\DLee\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

16.00 Gb Total Physical Memory | 13.94 Gb Available Physical Memory | 87.13% Memory free
16.06 Gb Paging File | 13.87 Gb Available in Paging File | 86.35% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.65 Gb Total Space | 139.98 Gb Free Space | 30.06% Space Free | Partition Type: NTFS
Drive E: | 59.63 Gb Total Space | 53.64 Gb Free Space | 89.96% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 52.88 Gb Free Space | 11.35% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 133.34 Gb Free Space | 28.63% Space Free | Partition Type: NTFS
Drive U: | 931.51 Gb Total Space | 582.35 Gb Free Space | 62.52% Space Free | Partition Type: NTFS
Drive X: | 465.86 Gb Total Space | 97.75 Gb Free Space | 20.98% Space Free | Partition Type: NTFS

Computer Name: AEGIS | User Name: DLee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/27 12:29:41 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\DLee\Desktop\OTL.exe
PRC - [2010/07/07 10:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010/03/27 12:41:20 | 001,137,280 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe
PRC - [2009/12/28 17:49:36 | 000,121,472 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
PRC - [2009/03/29 23:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe

========== Modules (No Company Name) ==========

MOD - [2010/06/01 10:38:40 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll
MOD - [2010/02/08 17:19:52 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll
MOD - [2009/03/29 23:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
MOD - [2005/10/24 16:02:46 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\AsMultiLang.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/06/11 13:12:16 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/06/11 10:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/11/20 06:25:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2009/07/17 06:31:34 | 004,948,992 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2009/07/13 18:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009/07/13 18:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2012/07/27 12:06:54 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/23 17:02:08 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/08 00:44:08 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/11/20 05:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/07/01 04:45:02 | 000,136,616 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2010/06/23 23:19:50 | 000,109,056 | R--- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/16 10:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Disabled | Stopped] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/07/13 18:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 15:09:04 | 000,172,032 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe -- (ASWLCCSvc)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.0)
DRV:64bit: - [2012/06/11 11:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/06/11 09:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 05:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/12/10 16:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/06/08 00:44:14 | 000,427,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2011/06/06 23:37:18 | 000,133,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2011/06/06 23:37:18 | 000,033,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2011/06/06 23:37:18 | 000,014,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (AvgRkx64)
DRV:64bit: - [2011/04/30 04:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/04/30 04:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/03/28 03:55:50 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/03/28 03:53:22 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 06:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 06:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 04:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/20 10:49:06 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/04/27 09:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/27 09:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/12 17:42:28 | 001,104,672 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010/01/27 18:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/11 04:28:34 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/12/22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/28 10:59:08 | 000,045,752 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCASp50.sys -- (PCASp50)
DRV:64bit: - [2009/07/15 20:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 13:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 18:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2007/04/23 19:12:44 | 000,739,760 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BisonCam.sys -- (Cam5603D)
DRV:64bit: - [2006/09/03 00:53:54 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2010/07/09 12:19:04 | 000,021,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys -- (cpuz134)
DRV - [2009/10/28 10:59:08 | 000,045,752 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3964745361-1973383320-2877571132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3964745361-1973383320-2877571132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3964745361-1973383320-2877571132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 B8 4B 00 BB F3 CB 01 [binary data]
IE - HKU\S-1-5-21-3964745361-1973383320-2877571132-1000\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.8\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3964745361-1973383320-2877571132-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3964745361-1973383320-2877571132-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3964745361-1973383320-2877571132-1000\..\SearchScopes\{32939D42-4777-4D82-BEEB-F175C28C4760}: "URL" = http://us.yhs4.searc...p={searchTerms}
IE - HKU\S-1-5-21-3964745361-1973383320-2877571132-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\DLee\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\DLee\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\DLee\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DLee\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DLee\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG8\Firefox [2011/06/08 00:46:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/04/01 14:48:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/08 01:51:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/23 17:02:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/24 11:39:25 | 000,000,000 | ---D | M]

[2012/02/04 18:32:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Extensions
[2012/07/24 17:26:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions
[2012/02/16 00:51:45 | 000,000,000 | ---D | M] (Define Word) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{1395baf2-3aa6-4d0f-83d6-1d9b66a9420d}
[2012/02/11 20:12:18 | 000,000,000 | ---D | M] (Print/Print Preview) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}
[2011/03/20 00:21:07 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/03/20 00:23:49 | 000,000,000 | ---D | M] (oldbar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2011/09/10 14:39:06 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2012/05/03 22:44:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/27 05:06:30 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/02/11 20:12:17 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012/02/11 20:12:22 | 000,000,000 | ---D | M] (Show Picture) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2012/02/11 20:12:13 | 000,000,000 | ---D | M] (Multi Links) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\multilinks@plugin
[2011/03/27 05:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions
[2011/03/20 00:20:26 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2011/03/20 00:20:26 | 000,000,000 | ---D | M] (Define Word) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{1395baf2-3aa6-4d0f-83d6-1d9b66a9420d}
[2011/03/20 00:20:26 | 000,000,000 | ---D | M] (Print/Print Preview) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}
[2011/03/20 00:20:26 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/03/19 17:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/20 00:20:26 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/03/20 00:20:25 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011/03/20 00:20:22 | 000,000,000 | ---D | M] (Data Analytics) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{377364a4-d91a-47ea-87de-c3d7eaf221cd}
[2011/03/20 00:20:22 | 000,000,000 | ---D | M] (oldbar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2011/03/20 00:20:22 | 000,000,000 | ---D | M] (FavLoc) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{472f4ef0-a825-11da-a746-0800200c9a66}
[2011/03/20 00:20:21 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/03/20 00:20:21 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2011/03/20 00:20:19 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011/03/20 00:20:19 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011/03/20 00:20:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/27 05:06:30 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/03/20 00:20:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2011/03/20 00:20:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/20 00:20:16 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/03/20 00:20:14 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011/03/20 00:20:14 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/03/20 00:20:14 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2011/03/20 00:20:30 | 000,000,000 | ---D | M] (Show Picture) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/20 00:20:29 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/20 00:20:28 | 000,000,000 | ---D | M] ("Highlights") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/20 00:20:28 | 000,000,000 | ---D | M] ("SEO For Firefox") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/20 00:20:28 | 000,000,000 | ---D | M] (SeoQuake Plugin - Del.icio.us) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/20 00:20:28 | 000,000,000 | ---D | M] (SeoQuake Plugin - Seolinx) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/20 00:20:28 | 000,000,000 | ---D | M] ("Simple Timer") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2011/03/20 00:20:27 | 000,000,000 | ---D | M] (Site Information Tool) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\siteinfo@wmtips
[2011/03/20 00:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\staged-xpis
[2011/03/20 00:20:26 | 000,000,000 | ---D | M] ("Status-bar Scientific Calculator") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\ststusscicalc@sunny
[2011/03/27 05:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\fnhvl5tp.default\extensions
[2011/03/27 05:06:30 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\fnhvl5tp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/05/03 22:42:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/23 17:02:09 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/05/03 22:42:20 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/05/03 22:42:19 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5 (861) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Driver Agent Plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npagent.dll
CHR - plugin: Adobe Contribute CS5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
CHR - plugin: DivX\u00AE Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Office Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npOGAPlugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\DLee\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\DLee\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\DLee\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\DLee\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: YouTube Downloader: MP3 / HD Video Download = C:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkkeahicimadnjhdamcladhobabaafbg\13.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: YouTube Downloader: MP3 + Video = C:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofgcaekibnhngdlffnlaknlciggicekp\1.3.18.1_0\
CHR - Extension: Gmail = C:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/25 19:56:08 | 000,444,040 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15251 more lines...
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.8\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.8\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-3964745361-1973383320-2877571132-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3964745361-1973383320-2877571132-1000..\Run: [AdobeBridge] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3964745361-1973383320-2877571132-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3964745361-1973383320-2877571132-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3964745361-1973383320-2877571132-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75EF2997-7330-4525-AF98-B85397041F3F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED5ECA2B-53B0-4708-9817-009EEFC58A34}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3964745361-1973383320-2877571132-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/27 12:29:41 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\DLee\Desktop\OTL.exe
[2012/07/26 07:51:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/07/25 18:33:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
[2012/07/25 18:33:16 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/07/24 17:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/07/24 17:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/07/24 17:23:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/07/24 11:21:51 | 000,000,000 | ---D | C] -- C:\Users\DLee\Desktop\FUSB3_allOS_2.1.28.1_PV
[2012/07/24 11:21:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow x64
[2012/07/24 11:20:15 | 009,799,909 | ---- | C] (Igor Pavlov) -- C:\Users\DLee\Desktop\renesas_nec_usb3_firmware_3x_4x(www.station-drivers.com).exe
[2012/07/24 11:16:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/24 11:16:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/24 11:16:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/24 11:16:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/24 11:16:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/24 11:16:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/24 11:16:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/24 11:16:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/24 11:16:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/24 11:16:04 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/24 11:16:04 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/24 11:16:04 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/24 11:16:04 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/24 11:14:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/24 11:14:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/24 11:14:58 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/24 11:14:56 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/07/24 11:14:56 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/07/24 11:14:56 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/07/24 11:14:55 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/07/24 11:14:55 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/07/24 11:14:21 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/07/24 11:14:20 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/07/24 11:14:20 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/07/24 11:14:08 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/07/24 11:14:07 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/07/24 11:13:59 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/07/24 11:13:50 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/24 11:13:50 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/23 20:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/07/03 23:35:23 | 000,000,000 | ---D | C] -- C:\Users\DLee\AppData\Roaming\DivX
[2012/07/03 23:31:35 | 000,000,000 | ---D | C] -- C:\Users\DLee\Desktop\PDFs
[2012/07/03 23:30:51 | 000,000,000 | ---D | C] -- C:\Users\DLee\Desktop\Misc
[2012/07/03 23:30:23 | 000,000,000 | ---D | C] -- C:\Users\DLee\Desktop\Desktop Sound
[2012/07/03 23:29:49 | 000,000,000 | ---D | C] -- C:\Users\DLee\Desktop\Desktop Pictures
[2012/07/03 23:27:44 | 000,000,000 | ---D | C] -- C:\Users\DLee\Desktop\Desktop Videos
[2012/07/03 22:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/07/03 22:59:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/07/03 22:58:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/06/27 22:12:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/27 22:11:37 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/06/27 22:11:37 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

========== Files - Modified Within 30 Days ==========

[2012/07/27 19:50:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/27 19:50:23 | 4293,533,694 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/27 19:49:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3964745361-1973383320-2877571132-1000UA.job
[2012/07/27 19:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/27 17:02:09 | 000,048,640 | ---- | M] () -- C:\Users\DLee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/27 16:22:30 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/27 16:22:30 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/27 15:49:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3964745361-1973383320-2877571132-1000Core.job
[2012/07/27 12:29:41 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\DLee\Desktop\OTL.exe
[2012/07/27 12:06:53 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/27 12:06:53 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/26 17:23:01 | 000,001,456 | ---- | M] () -- C:\Users\DLee\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012/07/26 14:54:04 | 000,002,557 | ---- | M] () -- C:\Users\DLee\Application Data\Microsoft\Internet Explorer\Quick Launch\SnagIt 9.lnk
[2012/07/25 21:50:44 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
[2012/07/25 19:56:08 | 000,444,040 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/25 19:30:32 | 004,880,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/24 22:43:45 | 000,002,932 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012/07/24 11:20:25 | 009,799,909 | ---- | M] (Igor Pavlov) -- C:\Users\DLee\Desktop\renesas_nec_usb3_firmware_3x_4x(www.station-drivers.com).exe
[2012/07/24 11:17:54 | 008,387,972 | ---- | M] () -- C:\Users\DLee\Desktop\USB3.0_allOS_2.1.28.1_PV.exe
[2012/07/24 08:25:46 | 000,001,456 | ---- | M] () -- C:\Users\DLee\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/07/23 21:04:30 | 000,013,731 | ---- | M] () -- C:\Users\DLee\Application Data\Microsoft\Internet Explorer\Quick Launch\Scanner.exe - Shortcut.lnk
[2012/07/23 19:52:19 | 000,007,359 | ---- | M] () -- C:\Windows\wininit.ini
[2012/07/23 19:38:07 | 000,443,737 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120725-195608.backup
[2012/07/18 15:49:06 | 000,060,304 | ---- | M] () -- C:\Users\DLee\g2mdlhlpx.exe
[2012/07/15 17:12:54 | 000,012,703 | ---- | M] () -- C:\Users\DLee\BlackDragonButterflyKnife_540.jpg
[2012/07/13 13:52:28 | 000,443,681 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120723-193807.backup
[2012/07/11 15:50:27 | 000,002,373 | ---- | M] () -- C:\Users\DLee\Desktop\Google Chrome.lnk
[2012/07/04 01:17:24 | 012,470,508 | ---- | M] () -- C:\h264-1.pass
[2012/07/03 23:36:25 | 000,001,701 | ---- | M] () -- C:\Users\DLee\Desktop\AVSVideoConverter - Shortcut.lnk
[2012/07/03 23:12:20 | 000,443,081 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120713-135228.backup
[2012/07/03 23:12:09 | 000,443,081 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120703-231220.backup
[2012/06/27 22:11:12 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/06/27 22:11:12 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

========== Files Created - No Company Name ==========

[2012/07/26 15:33:42 | 000,001,456 | ---- | C] () -- C:\Users\DLee\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012/07/26 14:54:04 | 000,002,557 | ---- | C] () -- C:\Users\DLee\Application Data\Microsoft\Internet Explorer\Quick Launch\SnagIt 9.lnk
[2012/07/25 19:23:10 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2012/07/24 11:17:54 | 008,387,972 | ---- | C] () -- C:\Users\DLee\Desktop\USB3.0_allOS_2.1.28.1_PV.exe
[2012/07/23 21:04:30 | 000,013,731 | ---- | C] () -- C:\Users\DLee\Application Data\Microsoft\Internet Explorer\Quick Launch\Scanner.exe - Shortcut.lnk
[2012/07/18 15:49:06 | 000,060,304 | ---- | C] () -- C:\Users\DLee\g2mdlhlpx.exe
[2012/07/15 17:12:54 | 000,012,703 | ---- | C] () -- C:\Users\DLee\BlackDragonButterflyKnife_540.jpg
[2012/07/04 00:15:34 | 012,470,508 | ---- | C] () -- C:\h264-1.pass
[2012/07/03 23:36:28 | 000,001,701 | ---- | C] () -- C:\Users\DLee\Desktop\AVSVideoConverter - Shortcut.lnk
[2012/05/03 22:57:20 | 000,001,852 | ---- | C] () -- C:\Users\DLee\Firefox Recovery Key.html
[2012/04/30 22:21:59 | 000,225,698 | ---- | C] () -- C:\Users\DLee\522934_692759349564_201301381_33961965_1242445336_n (1).jpg
[2012/04/26 23:49:46 | 000,225,698 | ---- | C] () -- C:\Users\DLee\522934_692759349564_201301381_33961965_1242445336_n.jpg
[2012/04/23 23:42:09 | 000,142,140 | ---- | C] () -- C:\Users\DLee\J0KUE.jpg
[2012/04/22 20:48:27 | 000,727,258 | ---- | C] () -- C:\Users\DLee\hhlXr.jpg
[2012/04/22 20:35:49 | 000,402,624 | ---- | C] () -- C:\Users\DLee\23iVE.png
[2012/04/22 20:29:01 | 003,215,704 | ---- | C] () -- C:\Users\DLee\U83Nv.gif
[2012/04/22 19:43:50 | 000,775,117 | ---- | C] () -- C:\Users\DLee\SH6Si.jpg
[2012/03/29 20:19:28 | 002,035,369 | ---- | C] () -- C:\Users\DLee\RWbMh.gif
[2012/03/29 19:57:26 | 000,031,513 | ---- | C] () -- C:\Users\DLee\o3rMB.jpg
[2012/03/26 22:55:54 | 000,020,162 | ---- | C] () -- C:\Users\DLee\head_banner2.png
[2012/03/26 22:55:17 | 000,263,549 | ---- | C] () -- C:\Users\DLee\header_outreach.png
[2012/03/17 15:27:17 | 000,060,690 | ---- | C] () -- C:\Users\DLee\028Fi.jpg
[2012/03/17 15:22:35 | 000,026,615 | ---- | C] () -- C:\Users\DLee\OeXId.jpg
[2012/03/17 15:06:08 | 001,967,871 | ---- | C] () -- C:\Users\DLee\VoKn3.gif
[2012/03/17 01:26:53 | 000,196,960 | ---- | C] () -- C:\Users\DLee\Tu3vd.jpg
[2012/03/17 01:23:48 | 000,026,145 | ---- | C] () -- C:\Users\DLee\kG7qr.png
[2012/03/17 01:17:21 | 000,054,914 | ---- | C] () -- C:\Users\DLee\cZK8S.jpg
[2012/03/17 00:43:39 | 000,510,901 | ---- | C] () -- C:\Users\DLee\EyMXC.gif
[2012/03/14 23:12:22 | 000,038,878 | ---- | C] () -- C:\Users\DLee\313824_010_n.jpg
[2012/03/14 23:11:20 | 000,038,878 | ---- | C] () -- C:\Users\DLee\mail.google.com
[2012/03/08 21:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/08 21:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/04 19:57:05 | 000,073,958 | ---- | C] () -- C:\Users\DLee\419059_1507580045708_1120500823_30885928_849110466_n.jpg
[2012/03/03 21:48:58 | 000,000,332 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2012/02/27 00:52:20 | 021,349,073 | ---- | C] () -- C:\Users\DLee\1059512_h_o_y_o_ray_for_b_o_y_o_bies_perfect.flv
[2012/02/26 22:44:17 | 000,091,736 | ---- | C] () -- C:\Users\DLee\418945_194826803957023_100002891151572_274340_144036853_n.jpg
[2012/02/26 22:42:55 | 000,156,471 | ---- | C] () -- C:\Users\DLee\246079567109254825_hSTsd8iz_c.jpg
[2012/02/25 22:19:45 | 001,638,400 | ---- | C] () -- C:\Users\DLee\omfgdogs.mp3
[2012/02/25 22:17:39 | 000,542,471 | ---- | C] () -- C:\Users\DLee\omfgdogs.gif
[2012/02/21 01:27:38 | 000,055,784 | ---- | C] () -- C:\Users\DLee\427110_10100663564692867_3600443_56173304_1559872594_n.jpg
[2012/02/19 18:46:26 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
[2012/02/15 08:03:47 | 000,016,954 | ---- | C] () -- C:\Users\DLee\409376_378941472135312_205344452828349_1395421_1482267596_n.jpg
[2012/02/12 19:06:15 | 000,024,829 | ---- | C] () -- C:\Users\DLee\432330_10150554871468546_591728545_8891908_585744766_n.jpg
[2012/02/12 14:01:04 | 000,075,678 | ---- | C] () -- C:\Users\DLee\68700_10150292547240117_302201620116_15155542_884879_n.jpg
[2012/02/11 21:28:31 | 000,169,131 | ---- | C] () -- C:\Users\DLee\2-11-2012 8-28-31 PM.jpg
[2012/02/11 21:22:26 | 000,085,727 | ---- | C] () -- C:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.26_[2012.02.11_20.22.25].jpg
[2012/02/11 21:22:24 | 000,076,682 | ---- | C] () -- C:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.24_[2012.02.11_20.22.23].jpg
[2012/02/11 21:22:22 | 000,084,626 | ---- | C] () -- C:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.21_[2012.02.11_20.22.20].jpg
[2012/02/11 21:22:13 | 000,065,024 | ---- | C] () -- C:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.16_[2012.02.11_20.22.12].jpg
[2012/02/11 21:22:06 | 000,052,997 | ---- | C] () -- C:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.12_[2012.02.11_20.22.05].jpg
[2012/02/11 21:21:45 | 000,074,819 | ---- | C] () -- C:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.44_[2012.02.11_20.21.44].jpg
[2012/02/11 21:21:28 | 000,075,280 | ---- | C] () -- C:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.32_[2012.02.11_20.21.26].jpg
[2012/02/11 21:21:21 | 000,087,204 | ---- | C] () -- C:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.30_[2012.02.11_20.21.19].jpg
[2012/02/11 21:21:04 | 000,090,681 | ---- | C] () -- C:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.26_[2012.02.11_20.21.01].jpg
[2012/02/11 19:45:13 | 000,127,096 | ---- | C] () -- C:\Users\DLee\2587956_700b.jpg
[2012/02/11 01:21:13 | 000,070,948 | ---- | C] () -- C:\Users\DLee\Walther Standing.jpg
[2012/02/08 19:58:40 | 000,079,510 | ---- | C] () -- C:\Users\DLee\281578_2026807263257_1036317068_31959519_3094117_n.jpg
[2012/02/07 19:39:25 | 000,000,305 | ---- | C] () -- C:\Users\DLee\l.php
[2012/02/07 18:58:39 | 000,059,854 | ---- | C] () -- C:\Users\DLee\420964_665579498204_201301381_33851538_484325604_n.jpg
[2012/02/02 20:09:38 | 000,044,231 | ---- | C] () -- C:\Users\DLee\396296_10150615620547429_533717428_10881579_1823029198_n.jpg
[2012/01/31 23:53:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/31 23:53:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/31 23:53:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/31 23:53:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/31 23:53:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/31 22:59:29 | 000,000,691 | ---- | C] () -- C:\Users\DLee\AppData\Roaming\GetValue.vbs
[2012/01/31 22:59:29 | 000,000,035 | ---- | C] () -- C:\Users\DLee\AppData\Roaming\SetValue.bat
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/30 21:06:51 | 000,007,359 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/28 11:41:56 | 000,007,534 | ---- | C] () -- C:\Users\DLee\420427_317348844974675_131437750232453_900474_797310643_n.jpg
[2011/12/20 01:57:21 | 000,037,039 | ---- | C] () -- C:\Users\DLee\bikelift.htm
[2011/12/12 19:52:35 | 000,165,273 | ---- | C] () -- C:\Users\DLee\RUNholidayparty-8.jpg
[2011/12/12 19:52:12 | 000,500,108 | ---- | C] () -- C:\Users\DLee\RUNholidayparty-5.jpg
[2011/11/09 19:47:41 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/07 22:32:25 | 000,165,536 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/08/20 21:19:16 | 000,000,008 | RHS- | C] () -- C:\Windows\SysWow64\D81DEDD44C.sys
[2011/08/20 21:18:02 | 000,000,088 | RHS- | C] () -- C:\Windows\SysWow64\317C373DAA.sys
[2011/08/20 21:11:02 | 000,002,932 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011/07/07 21:55:50 | 000,001,456 | ---- | C] () -- C:\Users\DLee\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/06/27 23:23:38 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
[2011/06/13 03:43:17 | 000,000,163 | ---- | C] () -- C:\Users\DLee\flv.reg
[2011/06/10 00:48:39 | 002,387,623 | ---- | C] () -- C:\Users\DLee\protein_guide_v3.pdf
[2011/05/01 13:17:39 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys
[2011/05/01 13:17:39 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin
[2011/04/13 13:08:06 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/04/13 13:08:06 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/04/10 23:57:56 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/02 15:52:57 | 000,048,640 | ---- | C] () -- C:\Users\DLee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/02 15:45:31 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/03/25 00:46:22 | 000,000,255 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/03/25 00:46:22 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/03/25 00:45:26 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/03/25 00:45:26 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/03/25 00:44:50 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/03/25 00:44:50 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/03/25 00:44:50 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/03/24 23:30:52 | 003,713,534 | ---- | C] () -- C:\Users\DLee\guitarjamz_ultimate_guitar_manual.pdf
[2011/03/24 04:11:10 | 000,001,007 | ---- | C] () -- C:\Users\DLee\PC Benchmark 3-25-11.htm
[2011/03/21 20:51:27 | 000,000,899 | ---- | C] () -- C:\Users\DLee\George off.exe - Shortcut.lnk
[2011/03/21 05:44:15 | 000,000,799 | ---- | C] () -- C:\Users\DLee\ASIO4ALL v2 Instruction Manual.lnk
[2011/03/20 17:40:31 | 000,003,608 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/03/20 17:40:31 | 000,000,008 | RHS- | C] () -- C:\ProgramData\0571F720CC.sys
[2011/03/20 01:48:37 | 000,120,268 | ---- | C] () -- C:\Windows\File Renamer - Basic Uninstaller.exe
[2011/03/19 23:41:55 | 000,007,634 | ---- | C] () -- C:\Users\DLee\AppData\Local\resmon.resmoncfg
[2011/03/19 23:38:22 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/03/19 21:29:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/19 21:23:46 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/03/19 21:23:46 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/03/19 21:18:08 | 000,039,233 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/03/19 21:16:17 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/03/19 21:16:13 | 000,032,217 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== LOP Check ==========

[2011/03/21 05:27:59 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Ableton
[2011/03/21 01:58:33 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\acccore
[2012/02/02 22:12:15 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Azureus
[2011/04/11 23:10:33 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Braid
[2012/04/12 21:51:59 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\com.amazon.music.uploader
[2011/03/31 02:49:31 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\DAEMON Tools Lite
[2012/03/29 22:38:04 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Dropbox
[2012/03/21 20:47:11 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\ElephantDrive
[2011/03/25 03:30:31 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Guitar Pro 6
[2011/03/20 01:01:03 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\IObit
[2011/05/31 23:16:42 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\IrfanView
[2011/03/22 01:00:50 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Leadertech
[2011/10/22 19:05:57 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Magic Set Editor
[2012/06/27 17:23:34 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Morpheus Software
[2012/01/15 13:05:17 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Notepad++
[2011/09/07 22:46:01 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Opera
[2012/07/25 19:32:28 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\PACE Anti-Piracy
[2011/05/01 04:00:04 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\SoundSpectrum
[2011/04/13 00:43:33 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/07/27 15:58:29 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\uTorrent
[2011/05/15 05:16:12 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\vghd
[2011/09/17 23:03:09 | 000,000,000 | ---D | M] -- C:\Users\DLee\AppData\Roaming\Wizards of the Coast
[2012/06/23 18:23:02 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 14:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.ASFX >
[2012/01/03 06:10:54 | 000,003,312 | ---- | M] () MD5=635BB28624835AC3C03696B1C74E7B9A -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\Services\Services.asfx
[2012/01/03 06:10:54 | 000,003,252 | ---- | M] () MD5=B2F4D7E7D9563E1A6260039B2F26E61A -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\fr_FR\Services\Services.asfx

< MD5 for: SERVICES.CFG >
[2012/01/03 06:10:56 | 000,585,874 | ---- | M] () MD5=0E19E0BEA7B159153258688CF8ED7716 -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Services\Services.cfg
[2010/10/25 15:13:46 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.SBS >
[2011/03/01 09:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:45 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=2CEFF13ACE25A40BD8D97654944297CD -- C:\_OTL\MovedFiles\02062012_200952\C_Windows\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WSHELPER.DLL >
[2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 18:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/13 18:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 87
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
"EnableProxy" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{75EF2997-7330-4525-AF98-B85397041F3F}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{EC6DFCFE-5263-46C9-AE15-C790F77E866B}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{ED5ECA2B-53B0-4708-9817-009EEFC58A34}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 07 01 03 01 01 01 0A 01 05 01 06 01 00 01 09 01 08 01 04 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 10
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/23 17:02:01 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/23 17:02:01 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/23 17:02:01 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/07/23 17:02:09 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/07/23 17:02:09 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/23 17:02:09 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\DLee\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\DLee\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\DLee\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\DLee\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/04/13 13:17:10 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/04/13 13:17:10 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/04/13 13:17:10 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/02 02:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe""""" [2012/06/02 02:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Opera\Opera.exe" /ShowIconsCommand [2011/09/07 22:45:54 | 000,947,056 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Opera\Opera.exe" /HideIconsCommand [2011/09/07 22:45:54 | 000,947,056 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Opera\Opera.exe" /ReInstallBrowser [2011/09/07 22:45:54 | 000,947,056 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files (x86)\Opera\Opera.exe" [2011/09/07 22:45:54 | 000,947,056 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/07/23 17:02:01 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/07/23 17:02:01 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/07/23 17:02:01 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/07/23 17:02:09 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/07/23 17:02:09 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/07/23 17:02:09 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\DLEE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\DLEE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\DLEE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\DLEE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/04/13 13:17:06 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/04/13 13:17:06 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/04/13 13:17:06 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/02 02:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE""""" [2012/06/02 02:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" /SHOWICONSCOMMAND [2011/09/07 22:45:54 | 000,947,056 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" /HIDEICONSCOMMAND [2011/09/07 22:45:54 | 000,947,056 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" /REINSTALLBROWSER [2011/09/07 22:45:54 | 000,947,056 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" [2011/09/07 22:45:54 | 000,947,056 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /REINSTALL [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /HIDEICONS [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /SHOWICONS [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" [2011/07/05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.)

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >
[HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache\LAN]
"AutodiscoveryFlags" = -2147483648
"DetectedInterfaceIpCount" = 2
"LastDetectHighDateTime" = 0
"LastDetectLowDateTime" = 0
"LastDetectTime" = 01/01/1601, 00:00:00 UTC
"DetectedInterfaceIps" = fe80::1c36:e6f6:3967:b5e4%10;192.168.1.10;
"LastDetectUrl" =

< C:\Program Files\Common Files\ComObjects\*.* /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD1002FAEX-00Z3A0 ATA Device
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: C300-CTFDDAC064MAG ATA Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HDS721010CLA332 ATA Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: WDC WD50 00AAVS-00ZTB0 USB Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: WDC WD50 00AAKS-00YGA0 USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 466.00GB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 466.00GB
Starting Offset: 499990396928
Hidden sectors: 0

DeviceID: Disk #1, Partition #0
PartitionType: 16-bit FAT
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 60.00GB
Starting Offset: 0
Hidden sectors: 0

DeviceID: Disk #2, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 932.00GB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #3, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 466.00GB
Starting Offset: 32256
Hidden sectors: 0

DeviceID: Disk #4, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 466.00GB
Starting Offset: 32256
Hidden sectors: 0

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: AEGIS
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 F DVD-ROM 0 B No Media
Volume 2 H DVD-ROM 0 B No Media
Volume 3 C System Rese NTFS Partition 465 GB Healthy System
Volume 4 X Falcon NTFS Partition 465 GB Healthy Pagefile
Volume 5 E IRIS NTFS Partition 59 GB Healthy Pagefile
Volume 6 U Unique NTFS Partition 931 GB Healthy Pagefile
Volume 7 K Phantom K NTFS Partition 465 GB Healthy
Volume 8 G Phantom TII NTFS Partition 465 GB Healthy

========== Alternate Data Streams ==========

@Alternate Data Stream - 1270 bytes -> C:\Users\DLee\AppData\Local\Temp:wBe2A7x8Je6bxzPhuS
@Alternate Data Stream - 1225 bytes -> C:\ProgramData\Microsoft:ERZSStxkCfV7Yyk5ZTJYcx
@Alternate Data Stream - 1169 bytes -> C:\ProgramData\Microsoft:E1HQlF49b7FE0gm1oxnRymW

< End of report >

#11
godawgs

Posted 30 July 2012 - 10:34 AM

Teacher

Retired Staff
8,228 posts

Hi Daniel,

Thanks for the information.
1. You have both Microsoft Security Essentials and AVG anti virus programs on the computer. The MSSE program loads and runs when Windows starts up, but the AGV program is still there. If MSSE is the anti virus you want to keep we need address the AVG program....just let me know.
2. You user account control (UAC) is turned off. Did you do that? Do you want it to remain off?
3. Do you know what all of the image files are in the C:\Users folder and the C:\Users\DLee folder? I ask only because it is unusual for files to be in these folders...normally they are put in folders inside these folders.
I don't see a lot in the OTL log so far.....Let's get an Extras.txt log and I still want to see the aswMbr log.

Step-1.

Posted Image

OTL Scan

Please re-open OTL

Double click the on your desktop. Vista /7 users right click and click Run as Administrator. Make sure all other windows are closed .
You will see a console like the one below:
At the top of the console click the greyed out None button. This will change all of the other sections to None.<---Important
Make sure the Output box at the top is set to Standard Output.
In the Extra Registry section click the circle beside Use Safelist.<---Important
Click the button. Do not change any settings unless otherwise told to do so.
Let the scan run uninterrupted.
When the scan completes, it will open two notepad windows, OTL.Txt will be open on the desktop and Extras.Txt will be minimized. These are saved in the same location as OTL.
Please copy the contents of the Extras.txt file and paste it into your reply. To do that:
On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
Right-click inside the forum post window then click Paste. This will paste the contents of the .txt file in the in the post window.

Step-2.

Things For Your Next Post:
1. The Extras.txt log
2. The aswMBR log
3. Did you try a different eathernet cable, a different phone cable and plugging the computer into a different port on the router for the X problem?
4. Have you run FF in safe mode yet?
5. Please answer my questions above.

#12
Daniel Christmas Lee

Posted 30 July 2012 - 07:49 PM

Member

Topic Starter
Member
208 posts

Here is the aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-28 12:53:39
-----------------------------
12:53:39.705 OS Version: Windows x64 6.1.7601 Service Pack 1
12:53:39.705 Number of processors: 6 586 0xA00
12:53:39.705 ComputerName: AEGIS UserName: DLee
12:53:41.468 Initialize success
12:53:46.711 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:53:46.711 Disk 0 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 3
12:53:46.727 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-2
12:53:46.727 Disk 1 Vendor: C300-CTFDDAC064MAG 0006 Size: 61057MB BusType: 3
12:53:46.727 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-3
12:53:46.727 Disk 2 Vendor: Hitachi_HDS721010CLA332 JP4OA3EA Size: 953869MB BusType: 3
12:53:46.727 Disk 0 MBR read successfully
12:53:46.727 Disk 0 MBR scan
12:53:46.727 Disk 0 Windows 7 default MBR code
12:53:46.727 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476827 MB offset 2048
12:53:46.758 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 477039 MB offset 976543744
12:53:46.758 Disk 0 scanning C:\Windows\system32\drivers
12:53:53.466 Service scanning
12:54:04.854 Modules scanning
12:54:04.870 Disk 0 trace - called modules:
12:54:04.885 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
12:54:04.901 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800cb2f790]
12:54:04.901 3 CLASSPNP.SYS[fffff88001bc343f] -> nt!IofCallDriver -> [0xfffffa800d9db950]
12:54:04.916 5 ACPI.sys[fffff8800103a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800da9e680]
12:54:04.932 Scan finished successfully
13:31:55.469 Disk 0 MBR has been saved successfully to "C:\Users\DLee\Desktop\MBR.dat"
13:31:55.469 The log file has been saved successfully to "C:\Users\DLee\Desktop\aswMBR.txt"

I will get the OTL soon enough.

I have no tried another ethernet cable.

Yes please get ride of AVG.

Have no tried FF... just always leaves my mind...

What is UAC? Is that the thing that warns me whenever I try to install something?

#13
godawgs

Posted 31 July 2012 - 01:44 PM

Teacher

Retired Staff
8,228 posts

Hi Daniel

What is UAC? Is that the thing that warns me whenever I try to install something?

Yep. That and when you try to make any changes to the system that require administrator-level permission. These types of changes can affect the security of your computer or can affect settings for other people that use the computer. See this Microsoft page for directions on how to turn it on if you choose to.

Quick question: Do you have Go to Meeting installed on this machine?

Step-1.

Uninstall Program(s)

1. Please click the Start Orb, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

AVG or AVG 8

3. (Vista/7 users: right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files (x86)\AVG

2. Close Windows Explorer.

Run the AVG cleanup tool

Please download the AVG Remover Tool Here
Right click the stf_x64_2012_1796.exe file and click Run as Administrator to run it. Follow any on screen prompts you may get.

Step-2

Posted Image

OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the Protection tab
Remove the tick from "Start with Windows"
Reboot and start with number 1. below to run the OTL fix.
Posted Image

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.

:COMMANDS
[CREATERESTOREPOINT]

:OTL
IE - HKU\S-1-5-21-3964745361-1973383320-2877571132-1000\..\SearchScopes\{32939D42-4777-4D82-BEEB-F175C28C4760}: "URL" = http://us.yhs4.searc...p={searchTerms}
[2011/03/27 05:06:30 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/03/27 05:06:30 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/03/27 05:06:30 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\fnhvl5tp.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
O4 - HKU\S-1-5-21-3964745361-1973383320-2877571132-1000..\Run: [AdobeBridge] File not found
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
[2011/08/20 21:19:16 | 000,000,008 | RHS- | C] () -- C:\Windows\SysWow64\D81DEDD44C.sys
[2011/08/20 21:18:02 | 000,000,088 | RHS- | C] () -- C:\Windows\SysWow64\317C373DAA.sys
[2011/03/20 17:40:31 | 000,000,008 | RHS- | C] () -- C:\ProgramData\0571F720CC.sys
@Alternate Data Stream - 1270 bytes -> C:\Users\DLee\AppData\Local\Temp:wBe2A7x8Je6bxzPhuS
@Alternate Data Stream - 1225 bytes -> C:\ProgramData\Microsoft:ERZSStxkCfV7Yyk5ZTJYcx
@Alternate Data Stream - 1169 bytes -> C:\ProgramData\Microsoft:E1HQlF49b7FE0gm1oxnRymW

:FILES
ipconfic /flushdns /c

:COMMANDS
[EMPTYTEMP]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image

on your desktop.
3. Place the mouse pointer inside the Posted Image

textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image

button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image

button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).

Step-3.

Posted Image

OTL Scan

Please re-open OTL

Double click the on your desktop. Vista /7 users right click and click Run as Administrator. Make sure all other windows are closed .
You will see a console like the one below:
Make sure the Output box at the top is set to Standard Output.
Make sure the Scan All Users box at the top is checked.
Make sure the 64Bit Scans box at the top is checked.
In the Extra Registry section click the circle beside Use Safelist.<---Important
Click the button. Do not change any settings unless otherwise told to do so.
Let the scan run uninterrupted.
When the scan completes, it will open two notepad windows, OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy the contents of these files, one at a time, and paste them into your reply. To do that:
On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
Right-click inside the forum post window then click Paste. This will paste the contents of the .txt file in the in the post window.

Step-4.

Run Security Check

Download Security Check from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step-5.

Things For Your Next Post:
1. The OTL fixes log
2. The new OTL.txt log
3. The Extras.txt log
4. The Checkup.txt log
5. Tell me about any remaining system problems

#14
Daniel Christmas Lee

Posted 31 July 2012 - 01:52 PM

Member

Topic Starter
Member
208 posts

Hello Godawgs,

Thank you for the instructions, I have a very busy week, and I am jumping back and forth between my home computer and work computer. Right now I am on my work computer (and the whole uploading downloading problem Artellos is helping me with still exists).

I turned UAC off because I dont like it bugging me.

I also have GoToMeeting installed for work, yes.

I will run the other tasks, but I cannot guarantee it will be this week. I will be out of office away from computers tomorrow, and on the road Thurs.

Just letting you know I may not be in contact until next Monday.

Did you want me to run the OTL to get the extras or just jump straight to the fixes?