[Daniel Christmas Lee]

Hello Geeks to Go,

My computer has been acting funny and I think it is infected by something ...

My "Steam" client keeps failing to log on and my other online games also fail half the time. My browsers also display images are jumbled, glitch images... primarily Facebook chat fails to load.

Anyway, I'd appreciate it if someone had a look at my computer? Perhaps run one of those OTL scans and such.

Please let me know if you can help.

Thank you!

-
Daniel

[Advertisements]

Hello Daniel Christmas Lee,

I had to take the time to run down your first thread, report it to the Moderators so they can close it, then respond here. So a bit of extra work. Note to self - no more posting duplicate threads.

Yes, let's take a look.


The system is Windows 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

-----------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download RogueKiller from here to your desktop.

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.
Wen RogueKiller finises it's opening scan, press the Scan button..
A RKreport.txt will be created in the same location as the RogueKiller file.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

Please post the contents of the RKreport.txt.


A lot, but comprehensive, and will make sure we get a good view of everything.

[Jintan]

Hello Daniel Christmas Lee,

I had to take the time to run down your first thread, report it to the Moderators so they can close it, then respond here. So a bit of extra work. Note to self - no more posting duplicate threads.

Yes, let's take a look.


The system is Windows 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

-----------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download RogueKiller from here to your desktop.

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.
Wen RogueKiller finises it's opening scan, press the Scan button..
A RKreport.txt will be created in the same location as the RogueKiller file.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

Please post the contents of the RKreport.txt.


A lot, but comprehensive, and will make sure we get a good view of everything.

[JSntgRvr]

Bump

[Daniel Christmas Lee]

Hello Jintan,

Thank you for assisting me, I appreciate it. I don't think I posted a duplicate thread, but glad you crossed that off...

I know certain things are standard procedure, but just wanted to let you know this isn't my first time on this forum; whenever I have a problem I go here because you guys are great!

I'll get the scans and logs back to you ASAP.

[Daniel Christmas Lee]

OTL:

OTL logfile created on: 3/17/2013 6:16:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Users\DLee\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

16.00 Gb Total Physical Memory | 13.84 Gb Available Physical Memory | 86.50% Memory free
31.99 Gb Paging File | 29.73 Gb Available in Paging File | 92.93% Paging File free
Paging file location(s): g:\pagefile.sys 0 0k:\pagefile.sy [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59.62 Gb Total Space | 23.10 Gb Free Space | 38.75% Space Free | Partition Type: NTFS
Drive E: | 465.65 Gb Total Space | 153.46 Gb Free Space | 32.96% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 263.07 Gb Free Space | 56.48% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 206.61 Gb Free Space | 44.36% Space Free | Partition Type: NTFS
Drive U: | 931.51 Gb Total Space | 268.48 Gb Free Space | 28.82% Space Free | Partition Type: NTFS
Drive X: | 465.86 Gb Total Space | 306.06 Gb Free Space | 65.70% Space Free | Partition Type: NTFS

Computer Name: ARMOR | User Name: DLee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/17 18:11:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Users\DLee\Desktop\OTL.exe
PRC - [2013/03/16 16:37:32 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013/03/07 07:30:42 | 000,917,400 | ---- | M] (Mozilla Corporation) -- E:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/23 15:58:52 | 000,120,728 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2012/10/23 15:58:40 | 000,694,168 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2010/07/07 10:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- E:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010/06/24 14:19:50 | 000,109,056 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
PRC - [2010/03/25 11:02:12 | 000,888,960 | ---- | M] (ASUSTeK Computer Inc.) -- E:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe
PRC - [2009/05/21 16:09:04 | 000,172,032 | ---- | M] () -- E:\Program Files (x86)\ASUS\ASWLCCSVC.exe
PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/16 16:37:31 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013/03/07 07:30:45 | 003,069,848 | ---- | M] () -- E:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/23 15:58:40 | 000,694,168 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
MOD - [2010/06/01 10:38:40 | 000,253,952 | ---- | M] () -- E:\Program Files\ASUS\TurboV EVO\pngio.dll
MOD - [2010/02/08 17:19:52 | 000,053,248 | ---- | M] () -- E:\Program Files\ASUS\TurboV EVO\HookKey32.dll
MOD - [2009/09/30 11:33:08 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/12/19 16:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/12/19 12:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:41:10 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\iprip.dll -- (iprip)
SRV - [2013/03/07 07:30:44 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/25 08:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/11/09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- E:\Program Files (x86)\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/23 15:58:52 | 000,120,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010/06/24 14:19:50 | 000,109,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 16:09:04 | 000,172,032 | ---- | M] () [Auto | Running] -- E:\Program Files (x86)\ASUS\ASWLCCSVC.exe -- (ASWLCCSvc)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/11 21:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013/02/07 13:42:52 | 002,201,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2013/01/29 19:15:04 | 000,075,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/01/29 19:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/12/19 13:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 12:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/06 04:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/09/26 00:54:21 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/11 12:56:34 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2012/06/08 17:09:12 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2012/06/08 17:08:54 | 000,008,832 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.0)
DRV:64bit: - [2012/03/30 07:49:08 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/25 15:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2011/11/08 14:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/04/27 09:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/27 09:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/10/28 11:59:08 | 000,045,752 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCASp50.sys -- (PCASp50)
DRV:64bit: - [2009/07/16 11:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2009/07/10 15:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb)
DRV:64bit: - [2009/06/10 13:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/29 19:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2007/04/23 19:12:44 | 000,739,760 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BisonCam.sys -- (Cam5603D)
DRV:64bit: - [2006/09/03 00:53:54 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- E:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2009/10/28 11:59:08 | 000,045,752 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-80866519-203923749-430787433-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-80866519-203923749-430787433-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-80866519-203923749-430787433-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 B8 4B 00 BB F3 CB 01 [binary data]
IE - HKU\S-1-5-21-80866519-203923749-430787433-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-80866519-203923749-430787433-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-80866519-203923749-430787433-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-80866519-203923749-430787433-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "&hsimp=yhs-affiliate_a_ff&hspart=greentree&type=642886"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\PROGRA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: E:\Users\DLee\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\DLee\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\DLee\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Users\DLee\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Users\DLee\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/01/19 17:09:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: E:\Program Files (x86)\Mozilla Firefox\components [2013/03/11 12:08:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: E:\Program Files (x86)\Mozilla Firefox\plugins

[2012/09/21 18:11:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Extensions
[2012/09/21 18:18:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions
[2012/09/21 18:15:09 | 000,000,000 | ---D | M] (Define Word) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{1395baf2-3aa6-4d0f-83d6-1d9b66a9420d}
[2012/09/21 18:15:09 | 000,000,000 | ---D | M] (Print/Print Preview) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}
[2012/09/21 18:18:08 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2012/09/21 18:15:10 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2012/09/21 18:15:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/21 18:15:10 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012/09/21 18:15:09 | 000,000,000 | ---D | M] (Show Picture) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2012/09/21 18:15:09 | 000,000,000 | ---D | M] (Multi Links) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\multilinks@plugin
[2012/09/21 18:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions
[2012/09/21 18:15:18 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2012/09/21 18:15:18 | 000,000,000 | ---D | M] (Define Word) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{1395baf2-3aa6-4d0f-83d6-1d9b66a9420d}
[2012/09/21 18:15:18 | 000,000,000 | ---D | M] (Print/Print Preview) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}
[2012/09/21 18:15:18 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/03/19 17:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/09/21 18:15:19 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2012/09/21 18:15:19 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012/09/21 18:15:19 | 000,000,000 | ---D | M] (Data Analytics) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{377364a4-d91a-47ea-87de-c3d7eaf221cd}
[2012/09/21 18:15:20 | 000,000,000 | ---D | M] (oldbar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2012/09/21 18:15:21 | 000,000,000 | ---D | M] (FavLoc) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{472f4ef0-a825-11da-a746-0800200c9a66}
[2012/09/21 18:15:21 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2012/09/21 18:15:21 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2012/09/21 18:15:21 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2012/09/21 18:15:21 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2012/09/21 18:15:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/21 18:15:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2012/09/21 18:15:22 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012/09/21 18:15:23 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012/09/21 18:15:24 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2012/09/21 18:15:24 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2012/09/21 18:15:24 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2012/09/21 18:15:17 | 000,000,000 | ---D | M] (Show Picture) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2012/09/21 18:15:17 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2012/09/21 18:15:17 | 000,000,000 | ---D | M] ("Highlights") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2012/09/21 18:15:18 | 000,000,000 | ---D | M] ("SEO For Firefox") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2012/09/21 18:15:18 | 000,000,000 | ---D | M] (SeoQuake Plugin - Del.icio.us) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2012/09/21 18:15:18 | 000,000,000 | ---D | M] (SeoQuake Plugin - Seolinx) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2012/09/21 18:15:18 | 000,000,000 | ---D | M] ("Simple Timer") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2012/09/21 18:15:18 | 000,000,000 | ---D | M] (Site Information Tool) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\siteinfo@wmtips
[2012/09/21 18:15:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\staged-xpis
[2012/09/21 18:15:18 | 000,000,000 | ---D | M] ("Status-bar Scientific Calculator") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\ststusscicalc@sunny
[2012/08/04 15:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\fnhvl5tp.default\extensions
[2012/07/05 19:12:45 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2012/06/25 19:27:30 | 000,082,787 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2012/05/03 22:50:55 | 000,025,907 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2012/06/14 22:24:25 | 000,139,765 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2012/05/03 22:44:28 | 000,042,919 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2012/09/18 18:27:21 | 000,506,361 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2012/09/21 18:18:08 | 000,079,135 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
[2012/07/24 17:26:40 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/07/23 17:30:53 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2009/03/18 14:40:42 | 000,019,153 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\staged-xpis\{20a82645-c095-46ed-80e3-08825760534b}\MicrosoftDotNetFrameworkAssistant.xpi
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Users\DLee\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/03/16 16:40:30 | 000,446,198 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 15323 more lines...
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-80866519-203923749-430787433-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [QFan Help] E:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe (ASUSTeK Computer Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-80866519-203923749-430787433-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-80866519-203923749-430787433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-80866519-203923749-430787433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3333508-2896-495F-9566-4737F2F7AC7B}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB5E2334-3E59-4F8D-8696-877AB6F123E7}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{07ca8828-3f49-11e2-9ee4-bcaec54ce1d6}\Shell - "" = AutoRun
O33 - MountPoints2\{07ca8828-3f49-11e2-9ee4-bcaec54ce1d6}\Shell\AutoRun\command - "" = H:\MotoCastSetup.exe -a
O33 - MountPoints2\{41189d8f-0438-11e2-98c9-f7d387e36a36}\Shell - "" = AutoRun
O33 - MountPoints2\{41189d8f-0438-11e2-98c9-f7d387e36a36}\Shell\AutoRun\command - "" = I:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-80866519-203923749-430787433-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/16 16:37:32 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/16 16:37:32 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/16 16:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/03/16 16:26:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/03/13 10:54:50 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/13 10:54:50 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/13 10:54:49 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/13 10:54:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/13 10:54:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/13 10:54:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/13 10:54:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/13 10:54:47 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/13 10:54:46 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/13 10:54:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/13 10:54:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/13 10:54:46 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/13 10:54:45 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/13 10:54:45 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/13 10:54:44 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/13 10:34:30 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023x.sys
[2013/03/13 10:34:30 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/03/11 11:52:41 | 000,000,000 | ---D | C] -- C:\Scratch
[2013/03/11 11:52:23 | 000,000,000 | ---D | C] -- E:\Users\DLee\Profiles
[2013/03/08 06:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2013/03/08 02:33:21 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/03/08 02:33:20 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/03/08 02:33:20 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/03/08 02:33:20 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/03/08 02:33:18 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/03/08 02:33:18 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/03/08 02:33:17 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/03/08 02:33:17 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/03/08 02:33:17 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/03/08 02:33:17 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/03/08 02:33:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/03/08 02:33:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/03/08 02:33:17 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/03/08 02:33:17 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/03/08 02:33:16 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/03/08 02:33:16 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/03/08 02:33:16 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/03/08 02:33:16 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/03/08 02:33:16 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/03/08 02:33:16 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/03/08 02:33:16 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/03/08 02:33:16 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/03/08 02:33:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/03/08 02:33:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/03/08 02:33:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/03/08 02:33:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/03/08 02:33:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/03/08 02:33:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/03/08 02:33:15 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/03/08 02:33:15 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/03/08 02:33:15 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/03/08 02:33:15 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/03/08 02:33:15 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/03/08 02:33:15 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/03/08 02:33:15 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/03/08 02:33:15 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/03/08 02:33:15 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/03/08 02:33:14 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/03/08 02:33:14 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/03/08 02:33:14 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/03/08 02:33:14 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/03/08 01:58:53 | 000,000,000 | ---D | C] -- C:\Users\DLee\Desktop\League of Legends
[2013/03/04 18:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/03/04 18:23:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/03/04 18:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/03/04 02:42:33 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2013/03/03 23:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013/03/03 23:16:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013/03/03 23:16:19 | 000,000,000 | ---D | C] -- E:\Users\DLee\.swt
[2013/03/01 23:16:33 | 001,085,344 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013/03/01 19:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dumps
[2013/02/28 19:37:00 | 000,000,000 | ---D | C] -- E:\Users\DLee\TAX 2012
[2013/02/27 15:02:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/02/27 15:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/02/20 22:24:16 | 000,000,000 | ---D | C] -- C:\XYZ
[2013/02/20 18:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2013/02/20 18:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2013/02/20 00:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\xml_param
[2013/02/20 00:31:38 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys
[2013/02/20 00:30:47 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys
[2013/02/20 00:29:47 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys
[2013/02/20 00:28:48 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys
[2013/02/20 00:28:18 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys
[2013/02/20 00:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aimersoft
[2013/02/20 00:28:14 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\Windows\SysWow64\iconv.dll
[2013/02/20 00:22:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2013/02/20 00:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2013/02/20 00:21:48 | 010,833,920 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\libmfxsw32.dll
[2013/02/20 00:21:47 | 010,915,840 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\libmfxhw32.dll
[2013/02/20 00:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2013/02/20 00:21:35 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013/02/20 00:21:35 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2013/02/20 00:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU

========== Files - Modified Within 30 Days ==========

[2013/03/17 17:32:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-80866519-203923749-430787433-1000UA.job
[2013/03/17 16:26:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-80866519-203923749-430787433-1000UA.job
[2013/03/17 15:06:31 | 000,013,760 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/17 15:06:31 | 000,013,760 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/17 15:06:19 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/17 15:06:19 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/17 15:06:19 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/17 14:59:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/16 22:26:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-80866519-203923749-430787433-1000Core.job
[2013/03/16 18:32:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-80866519-203923749-430787433-1000Core.job
[2013/03/16 16:40:30 | 000,446,198 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/03/16 16:37:32 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/16 16:37:32 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/11 12:08:29 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/03/10 15:46:14 | 000,772,990 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/09 14:40:52 | 000,000,544 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/03/08 06:20:05 | 000,000,649 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013/03/08 02:00:40 | 000,446,198 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130316-164030.backup
[2013/03/06 13:30:46 | 004,378,194 | ---- | M] () -- E:\Users\DLee\TAX 2012.zip
[2013/03/04 14:08:19 | 000,446,198 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130308-010040.backup
[2013/03/01 23:37:40 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013/03/01 23:37:40 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013/02/18 00:53:43 | 000,445,941 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130304-130819.backup
[2013/02/15 22:27:54 | 000,002,568 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys

========== Files Created - No Company Name ==========

[2013/03/08 06:20:05 | 000,000,649 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013/03/06 13:30:46 | 004,378,194 | ---- | C] () -- E:\Users\DLee\TAX 2012.zip
[2013/03/01 23:11:35 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/03/01 23:11:35 | 000,000,817 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/02/20 00:28:14 | 000,675,840 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.ax
[2013/02/20 00:28:14 | 000,496,640 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2013/02/20 00:28:12 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
[2012/11/29 02:52:41 | 000,424,353 | ---- | C] () -- E:\Users\DLee\fPhWx.png
[2012/11/12 10:15:54 | 000,280,749 | ---- | C] () -- E:\Users\DLee\Old_poster_by_Waldemar_Kazak.jpg
[2012/10/24 19:58:19 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/10/24 19:58:19 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012/10/24 19:58:04 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012/10/21 17:02:31 | 000,000,088 | -HS- | C] () -- C:\Windows\SysWow64\B95B2ED45B.sys
[2012/10/21 01:25:06 | 000,002,568 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012/10/09 00:03:21 | 000,016,578 | ---- | C] () -- E:\Users\DLee\525939_10102065825111747_1243328490_n.jpg
[2012/10/07 20:17:55 | 000,387,877 | ---- | C] () -- E:\Users\DLee\9b437880-f324-012f-85f0-123138041608.jpg
[2012/10/07 20:07:58 | 000,155,766 | ---- | C] () -- E:\Users\DLee\21d2f330-f323-012f-4465-1231381a1446.jpg
[2012/09/26 21:10:45 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/09/25 23:39:29 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012/09/25 23:39:29 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012/09/25 00:38:50 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2012/09/23 01:51:20 | 000,000,706 | ---- | C] () -- E:\Users\DLee\LiveCam.lnk
[2012/09/23 01:47:44 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
[2012/09/23 01:35:07 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2012/09/23 01:32:02 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012/09/23 01:32:02 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/09/22 11:59:15 | 000,000,082 | ---- | C] () -- E:\Users\DLee\cc_20120922_115907.reg
[2012/09/22 11:53:45 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/21 15:15:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/09/21 15:08:03 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/08/23 20:43:30 | 000,053,710 | ---- | C] () -- E:\Users\DLee\521928_699716595901_1000917956_n.jpg
[2012/07/27 18:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/27 18:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/07/18 15:49:06 | 000,060,304 | ---- | C] () -- E:\Users\DLee\g2mdlhlpx.exe
[2012/07/15 17:12:54 | 000,012,703 | ---- | C] () -- E:\Users\DLee\BlackDragonButterflyKnife_540.jpg
[2012/05/03 22:57:20 | 000,001,852 | ---- | C] () -- E:\Users\DLee\Firefox Recovery Key.html
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/30 22:21:59 | 000,225,698 | ---- | C] () -- E:\Users\DLee\522934_692759349564_201301381_33961965_1242445336_n (1).jpg
[2012/04/26 23:49:46 | 000,225,698 | ---- | C] () -- E:\Users\DLee\522934_692759349564_201301381_33961965_1242445336_n.jpg
[2012/04/23 23:42:09 | 000,142,140 | ---- | C] () -- E:\Users\DLee\J0KUE.jpg
[2012/04/22 20:48:27 | 000,727,258 | ---- | C] () -- E:\Users\DLee\hhlXr.jpg
[2012/04/22 20:35:49 | 000,402,624 | ---- | C] () -- E:\Users\DLee\23iVE.png
[2012/04/22 20:29:01 | 003,215,704 | ---- | C] () -- E:\Users\DLee\U83Nv.gif
[2012/04/22 19:43:50 | 000,775,117 | ---- | C] () -- E:\Users\DLee\SH6Si.jpg
[2012/03/29 20:19:28 | 002,035,369 | ---- | C] () -- E:\Users\DLee\RWbMh.gif
[2012/03/29 19:57:26 | 000,031,513 | ---- | C] () -- E:\Users\DLee\o3rMB.jpg
[2012/03/26 22:55:54 | 000,020,162 | ---- | C] () -- E:\Users\DLee\head_banner2.png
[2012/03/26 22:55:17 | 000,263,549 | ---- | C] () -- E:\Users\DLee\header_outreach.png
[2012/03/17 15:27:17 | 000,060,690 | ---- | C] () -- E:\Users\DLee\028Fi.jpg
[2012/03/17 15:22:35 | 000,026,615 | ---- | C] () -- E:\Users\DLee\OeXId.jpg
[2012/03/17 15:06:08 | 001,967,871 | ---- | C] () -- E:\Users\DLee\VoKn3.gif
[2012/03/17 01:26:53 | 000,196,960 | ---- | C] () -- E:\Users\DLee\Tu3vd.jpg
[2012/03/17 01:23:48 | 000,026,145 | ---- | C] () -- E:\Users\DLee\kG7qr.png
[2012/03/17 01:17:21 | 000,054,914 | ---- | C] () -- E:\Users\DLee\cZK8S.jpg
[2012/03/17 00:43:39 | 000,510,901 | ---- | C] () -- E:\Users\DLee\EyMXC.gif
[2012/03/14 23:12:22 | 000,038,878 | ---- | C] () -- E:\Users\DLee\313824_010_n.jpg
[2012/03/14 23:11:20 | 000,038,878 | ---- | C] () -- E:\Users\DLee\mail.google.com
[2012/03/04 19:57:05 | 000,073,958 | ---- | C] () -- E:\Users\DLee\419059_1507580045708_1120500823_30885928_849110466_n.jpg
[2012/02/26 22:44:17 | 000,091,736 | ---- | C] () -- E:\Users\DLee\418945_194826803957023_100002891151572_274340_144036853_n.jpg
[2012/02/26 22:42:55 | 000,156,471 | ---- | C] () -- E:\Users\DLee\246079567109254825_hSTsd8iz_c.jpg
[2012/02/25 22:19:45 | 001,638,400 | ---- | C] () -- E:\Users\DLee\omfgdogs.mp3
[2012/02/25 22:17:39 | 000,542,471 | ---- | C] () -- E:\Users\DLee\omfgdogs.gif
[2012/02/21 01:27:38 | 000,055,784 | ---- | C] () -- E:\Users\DLee\427110_10100663564692867_3600443_56173304_1559872594_n.jpg
[2012/02/15 08:03:47 | 000,016,954 | ---- | C] () -- E:\Users\DLee\409376_378941472135312_205344452828349_1395421_1482267596_n.jpg
[2012/02/12 19:06:15 | 000,024,829 | ---- | C] () -- E:\Users\DLee\432330_10150554871468546_591728545_8891908_585744766_n.jpg
[2012/02/12 14:01:04 | 000,075,678 | ---- | C] () -- E:\Users\DLee\68700_10150292547240117_302201620116_15155542_884879_n.jpg
[2012/02/11 21:28:31 | 000,169,131 | ---- | C] () -- E:\Users\DLee\2-11-2012 8-28-31 PM.jpg
[2012/02/11 21:22:26 | 000,085,727 | ---- | C] () -- E:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.26_[2012.02.11_20.22.25].jpg
[2012/02/11 21:22:24 | 000,076,682 | ---- | C] () -- E:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.24_[2012.02.11_20.22.23].jpg
[2012/02/11 21:22:22 | 000,084,626 | ---- | C] () -- E:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.21_[2012.02.11_20.22.20].jpg
[2012/02/11 21:22:13 | 000,065,024 | ---- | C] () -- E:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.16_[2012.02.11_20.22.12].jpg
[2012/02/11 21:22:06 | 000,052,997 | ---- | C] () -- E:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.12_[2012.02.11_20.22.05].jpg
[2012/02/11 21:21:45 | 000,074,819 | ---- | C] () -- E:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.44_[2012.02.11_20.21.44].jpg
[2012/02/11 21:21:28 | 000,075,280 | ---- | C] () -- E:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.32_[2012.02.11_20.21.26].jpg
[2012/02/11 21:21:21 | 000,087,204 | ---- | C] () -- E:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.30_[2012.02.11_20.21.19].jpg
[2012/02/11 21:21:04 | 000,090,681 | ---- | C] () -- E:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.26_[2012.02.11_20.21.01].jpg
[2012/02/11 19:45:13 | 000,127,096 | ---- | C] () -- E:\Users\DLee\2587956_700b.jpg
[2012/02/11 01:21:13 | 000,070,948 | ---- | C] () -- E:\Users\DLee\Walther Standing.jpg
[2012/02/08 19:58:40 | 000,079,510 | ---- | C] () -- E:\Users\DLee\281578_2026807263257_1036317068_31959519_3094117_n.jpg
[2012/02/07 19:39:25 | 000,000,305 | ---- | C] () -- E:\Users\DLee\l.php
[2012/02/07 18:58:39 | 000,059,854 | ---- | C] () -- E:\Users\DLee\420964_665579498204_201301381_33851538_484325604_n.jpg
[2012/02/02 20:09:38 | 000,044,231 | ---- | C] () -- E:\Users\DLee\396296_10150615620547429_533717428_10881579_1823029198_n.jpg
[2012/01/28 11:41:56 | 000,007,534 | ---- | C] () -- E:\Users\DLee\420427_317348844974675_131437750232453_900474_797310643_n.jpg
[2011/12/20 01:57:21 | 000,037,039 | ---- | C] () -- E:\Users\DLee\bikelift.htm
[2011/12/12 19:52:35 | 000,165,273 | ---- | C] () -- E:\Users\DLee\RUNholidayparty-8.jpg
[2011/12/12 19:52:12 | 000,500,108 | ---- | C] () -- E:\Users\DLee\RUNholidayparty-5.jpg
[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/06/13 03:43:17 | 000,000,163 | ---- | C] () -- E:\Users\DLee\flv.reg
[2011/06/10 00:48:39 | 002,387,623 | ---- | C] () -- E:\Users\DLee\protein_guide_v3.pdf
[2011/03/24 23:30:52 | 003,713,534 | ---- | C] () -- E:\Users\DLee\guitarjamz_ultimate_guitar_manual.pdf
[2011/03/24 04:11:10 | 000,001,007 | ---- | C] () -- E:\Users\DLee\PC Benchmark 3-25-11.htm
[2011/03/21 20:51:27 | 000,000,899 | ---- | C] () -- E:\Users\DLee\George off.exe - Shortcut.lnk
[2011/03/21 05:44:15 | 000,000,799 | ---- | C] () -- E:\Users\DLee\ASIO4ALL v2 Instruction Manual.lnk

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 1343 bytes -> C:\ProgramData\Microsoft:0W3Y9k6estow6ZALHWQL
@Alternate Data Stream - 1193 bytes -> C:\ProgramData\Microsoft:WircfwojjIUmYtMlSVdd
@Alternate Data Stream - 1187 bytes -> C:\Program Files\Common Files\Microsoft Shared:Jz77p2Ukdsg0XTfpG6QUTcgjxkYEv
@Alternate Data Stream - 1148 bytes -> C:\ProgramData\Microsoft:ERZSStxkCfV7Yyk5ZTJYcx

< End of report >

EXTRAS:

OTL Extras logfile created on: 3/17/2013 6:16:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Users\DLee\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

16.00 Gb Total Physical Memory | 13.84 Gb Available Physical Memory | 86.50% Memory free
31.99 Gb Paging File | 29.73 Gb Available in Paging File | 92.93% Paging File free
Paging file location(s): g:\pagefile.sys 0 0k:\pagefile.sy [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59.62 Gb Total Space | 23.10 Gb Free Space | 38.75% Space Free | Partition Type: NTFS
Drive E: | 465.65 Gb Total Space | 153.46 Gb Free Space | 32.96% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 263.07 Gb Free Space | 56.48% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 206.61 Gb Free Space | 44.36% Space Free | Partition Type: NTFS
Drive U: | 931.51 Gb Total Space | 268.48 Gb Free Space | 28.82% Space Free | Partition Type: NTFS
Drive X: | 465.86 Gb Total Space | 306.06 Gb Free Space | 65.70% Space Free | Partition Type: NTFS

Computer Name: ARMOR | User Name: DLee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-80866519-203923749-430787433-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- E:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
.pif [@ = piffile] -- Reg Error: Key error. File not found
.txt [@ = txtfile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Program Files\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "E:\Program Files\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- E:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Program Files\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "E:\Program Files\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- E:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C5D1786-1123-425A-BD9D-797AC33AFFD6}" = lport=139 | protocol=6 | dir=in | app=system |
"{0F907FEE-3CE9-4F4F-8A13-4BA98DF17343}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{1CFC328C-D0F2-4AC5-B605-038363D2D8CA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{27E3DAAF-1827-4E61-B29E-718486A2605D}" = lport=137 | protocol=17 | dir=in | app=system |
"{565C1DD7-B6D6-4FF7-A892-BB1006C6D9DA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{66AFB05F-2AC2-4EFF-9718-AE941F334A83}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{78FDC5C0-CCA9-481F-90C2-C10B1524BCCC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{84C6E59A-544B-423D-A156-A194520DB455}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B122C0DB-3B91-47FC-A05C-CBC1E16956B1}" = rport=138 | protocol=17 | dir=out | app=system |
"{BC6BC3D1-56A0-4F3C-931E-E273D175C6CD}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{BE82880A-5802-46F4-9DC1-E49253E4641A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{C4CD8799-6A6E-4D63-B08F-CA667A92890C}" = lport=445 | protocol=6 | dir=in | app=system |
"{C4DA08CB-7BAF-449D-A312-33AAE2D6ADCA}" = lport=138 | protocol=17 | dir=in | app=system |
"{C96B67AB-6BB3-4021-89D7-553F89289508}" = rport=137 | protocol=17 | dir=out | app=system |
"{D4AA0075-4463-423A-9FB2-B6A2EEC5F36D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E043ECE3-E62B-47B1-B1CD-D72C58CE2B6C}" = rport=445 | protocol=6 | dir=out | app=system |
"{F9FAEABC-0F94-4A27-B068-3BE8A24A98A1}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01721E9E-BE9C-413A-B9EF-417602BB4B1D}" = protocol=6 | dir=in | app=u:\steam\steamapps\common\aaaaaaaaaaaaaaaaaaaaaaaaa!!!\main.exe |
"{0FCA5325-B05F-45F0-BFE1-1F3BB46E4041}" = protocol=17 | dir=in | app=u:\steam\steam.exe |
"{1465ED48-2175-4875-8C15-A20A06A47B21}" = protocol=17 | dir=in | app=u:\steam\steam.exe |
"{2008E2EA-9CD7-4E89-A8AF-C70D679724BE}" = protocol=17 | dir=in | app=u:\steam\steamapps\common\braid\braid.exe |
"{22103424-5A56-4896-B6B2-14BF29CEA092}" = protocol=58 | dir=in | [email protected],-28545 |
"{2449C501-0647-4AAE-99E7-19561E318B08}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{278DCFC2-8659-416B-9C81-21FBC108CFEC}" = dir=in | app=e:\users\dlee\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{27CA329B-CAD3-4AA1-BAFD-EBC9F5339708}" = protocol=17 | dir=in | app=e:\users\dlee\appdata\local\vghd\bin\virtuagirl_downloader.exe |
"{2F74DE67-B67D-47BC-A936-BEB63BD79893}" = protocol=17 | dir=in | app=u:\steam\bin\x64launcher.exe |
"{3370BAD7-161A-426C-A504-B81D56677B76}" = protocol=6 | dir=in | app=e:\users\dlee\appdata\local\vghd\bin\virtuagirl_downloader.exe |
"{431C4791-A36C-4568-B996-6EEFE9D521B8}" = dir=in | app=e:\program files (x86)\phone\skype.exe |
"{530DD29B-6412-4C2F-B440-57B15C2E049E}" = dir=out | app=e:\program files (x86)\corel paintshop pro x5\corel paintshop pro.exe |
"{5BBD984E-D6E9-422B-AA38-B1438C64F38D}" = dir=in | app=%systemdrive%\riot games\league of legends\lol.launcher.admin.exe |
"{69EF61AA-7855-4238-B8FB-CCEE3149461A}" = protocol=58 | dir=out | [email protected],-28546 |
"{6CD91677-D8C4-4CD9-8110-4AA23579FF53}" = protocol=6 | dir=in | app=e:\program files (x86)\utorrent\utorrent.exe |
"{6D21D3F3-409E-4CE2-B5D0-E3512BC726B6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6ED88F6E-8D47-48DB-8241-31CB86238607}" = protocol=6 | dir=in | app=u:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{6F2872E9-9198-41BB-90C5-C627AEFF15A3}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7190751D-2503-4D01-A14D-78462760B619}" = dir=out | app=%systemdrive%\riot games\league of legends\lol.launcher.exe |
"{786B0321-3F7D-4500-8885-4F9B206170A1}" = protocol=6 | dir=in | app=u:\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{8A744D6A-F5F0-49A0-877C-B8C1ABB1CABB}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8E807E21-4CF4-4523-8A17-6D6DF0325B98}" = protocol=17 | dir=in | app=u:\steam\steamapps\common\dwarfs - f2p\dwarfs.exe |
"{91EBDBF5-0647-475B-A575-19157472C683}" = protocol=17 | dir=in | app=u:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{A6392A3D-0553-41FA-A89B-D9D240F5CFF7}" = protocol=1 | dir=out | [email protected],-28544 |
"{A8D89509-DEC5-45A8-AE4F-9143BBD218C4}" = protocol=17 | dir=in | app=e:\users\dlee\appdata\local\vghd\bin\virtuagirl_downloader.exe |
"{B8292E6B-B83B-4C6B-88A1-D3FB10F36317}" = protocol=6 | dir=in | app=u:\steam\steamapps\common\dwarfs - f2p\dwarfs.exe |
"{B9F00B78-F607-456F-A790-3B0ED89ADEB6}" = protocol=6 | dir=in | app=u:\steam\bin\steamservice.exe |
"{BAF8FC2A-D991-445C-A173-6FA69E45AFE8}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BC0BE8B2-6EFC-48BE-BE81-6170E268F416}" = protocol=17 | dir=in | app=u:\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{BC5314CE-F8CC-4CC5-BAD8-42519DD6FE8B}" = dir=out | app=%systemdrive%\riot games\league of legends\lol.launcher.admin.exe |
"{C5072DBB-C85F-48BE-B61F-20F8F637FB03}" = protocol=6 | dir=in | app=u:\steam\bin\x64launcher.exe |
"{C99893B7-422A-455E-86B6-53046888F8D2}" = protocol=17 | dir=in | app=u:\steam\steamapps\common\aaaaaaaaaaaaaaaaaaaaaaaaa!!!\main.exe |
"{CC9B5CC7-D1B1-477B-82B9-E2857141BBA8}" = protocol=1 | dir=in | [email protected],-28543 |
"{D7908FB9-B12A-4F21-9C16-94DFB2DF6A42}" = dir=in | app=%systemdrive%\riot games\league of legends\lol.launcher.exe |
"{D7FAAD23-F07B-446F-8F2C-63A199433B57}" = protocol=6 | dir=in | app=u:\steam\steam.exe |
"{E3284D55-4D9A-44D9-AE0F-B46ED51CAF1D}" = protocol=17 | dir=in | app=u:\steam\bin\steamservice.exe |
"{EC3CCE49-9A12-4DCB-A928-3D39F62B55F2}" = protocol=17 | dir=in | app=u:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{F4614FC0-D795-4EF8-9A05-33CD1597E29D}" = protocol=6 | dir=in | app=u:\steam\steam.exe |
"{F8A9D6E4-E82A-452A-9ADB-EF5826ACBC53}" = protocol=6 | dir=in | app=u:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{FBCB7C04-F7C9-45F1-BE0A-8332A68C5273}" = protocol=6 | dir=in | app=e:\users\dlee\appdata\local\vghd\bin\virtuagirl_downloader.exe |
"{FE3B13DC-198B-4C87-A306-A348153F3DB1}" = protocol=6 | dir=in | app=u:\steam\steamapps\common\braid\braid.exe |
"{FEF3C226-7228-4F6A-8F04-1C2C415EA7EB}" = protocol=17 | dir=in | app=e:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{16CB17B1-0B1C-4E76-97C1-00E6C3433CE7}E:\program files (x86)\sonos\sonos.exe" = protocol=6 | dir=in | app=e:\program files (x86)\sonos\sonos.exe |
"TCP Query User{6892D4AF-FC16-46E7-911C-7219DE6A525E}E:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=e:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{7F6DBF6F-02FD-458F-BFCC-8CDFBCC30082}U:\steam\steamapps\necker_cube\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=u:\steam\steamapps\necker_cube\team fortress 2\hl2.exe |
"TCP Query User{90C23558-5BB9-48AF-9D42-89E8C5E01137}U:\steam\steamapps\common\counter-strike global offensive\csgo.exe" = protocol=6 | dir=in | app=u:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"TCP Query User{EB5F5D52-8237-4E6A-B744-8FAA850861DF}E:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe" = protocol=6 | dir=in | app=e:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe |
"TCP Query User{F24E5364-D790-4950-ADB1-8BD18FAE0B7C}E:\users\dlee\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=e:\users\dlee\appdata\local\akamai\netsession_win.exe |
"TCP Query User{FE79B7EF-D3F9-43D9-9034-743E51205214}C:\program files (x86)\sonos\sonos.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sonos\sonos.exe |
"UDP Query User{0BB202F0-8428-4F36-B9BD-11AE270C997C}C:\program files (x86)\sonos\sonos.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sonos\sonos.exe |
"UDP Query User{5280964A-580E-4DCB-9A1E-DF583AD0DA10}E:\program files (x86)\sonos\sonos.exe" = protocol=17 | dir=in | app=e:\program files (x86)\sonos\sonos.exe |
"UDP Query User{658C9BD9-01EC-475E-917B-54E9698A22F2}E:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe" = protocol=17 | dir=in | app=e:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe |
"UDP Query User{8B64AC00-26B5-4538-BFAE-3BABBCA5A9F0}U:\steam\steamapps\necker_cube\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=u:\steam\steamapps\necker_cube\team fortress 2\hl2.exe |
"UDP Query User{91BD340E-5B26-4A5C-B78B-94D98E07474C}U:\steam\steamapps\common\counter-strike global offensive\csgo.exe" = protocol=17 | dir=in | app=u:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"UDP Query User{D05AAFC4-4AD5-4875-B94F-3B49F2DF2C0B}E:\users\dlee\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=e:\users\dlee\appdata\local\akamai\netsession_win.exe |
"UDP Query User{F74A4662-12B3-494E-B4AB-B2BF5BCD99D2}E:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=e:\program files (x86)\java\jre7\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{24F93B56-61F5-415F-85B9-AA444DA34AFC}" = Microsoft Mouse and Keyboard Center
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = MPC-HC 1.6.5.6366 (64-bit)
"{3145731D-C578-70ED-899F-7A670D2A6662}" = AMD Fuel
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E7CCB76-687B-4C53-9A5E-08780AF3A551}" = Motorola Mobile Drivers Installation 5.9.0
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{8A61B820-598D-05B2-5F8D-7388E15AE2DB}" = AMD Drag and Drop Transcoding
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.SingleImage_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.SingleImage_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.SingleImage_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.SingleImage_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.SingleImage_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.SingleImage" = Microsoft Office Home and Student 2010

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = ASUS USB2.0 Webcam
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}" = Sonos Controller
"{7E48AFD3-F28A-4E54-99A8-9F3A4A27DBC4}" = Brother MFL-Pro Suite MFC-440CN
"{81DE15C9-5390-4533-81DF-2DC936C1A40C}" = Motorola Device Software Update
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8F722FA9-B994-4C9B-B292-FD32D6206EDF}" = ASUS WLAN Card Utilities/Driver
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98823CC0-51DA-565C-FF90-DCC72D47BD24}" = Amazon Music Importer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = Realtek PC Camera
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aimersoft DRM Media Converter_is1" = Aimersoft DRM Media Converter(Build 1.4.7.2)
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.amazon.music.uploader" = Amazon Music Importer
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Magic Set Editor 2_is1" = Magic Set Editor 2.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Steam App 440" = Team Fortress 2
"Steam App 730" = Counter-Strike: Global Offensive
"Winamp" = Winamp

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-80866519-203923749-430787433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"VirtuaGirl_is1" = VirtuaGirl version 1.1.0.38
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/15/2013 5:26:55 AM | Computer Name = ARMOR | Source = Application Error | ID = 1000
Description = Faulting application name: Steam.exe, version: 1.68.63.36, time stamp:
0x512fe996 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process id:
0xbd8 Faulting application start time: 0x01ce215f3ae8a781 Faulting application path:
U:\Steam\Steam.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id:
7a0fad2d-8d52-11e2-89b4-bcaec54ce1d6

Error - 3/15/2013 5:27:08 AM | Computer Name = ARMOR | Source = Application Error | ID = 1000
Description = Faulting application name: Steam.exe, version: 1.68.63.36, time stamp:
0x512fe996 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process id:
0xbf4 Faulting application start time: 0x01ce215f420f29b2 Faulting application path:
U:\Steam\Steam.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id:
819c8a8a-8d52-11e2-89b4-bcaec54ce1d6

Error - 3/15/2013 6:08:50 PM | Computer Name = ARMOR | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 3/15/2013 6:10:06 PM | Computer Name = ARMOR | Source = Application Error | ID = 1000
Description = Faulting application name: LolClient.exe, version: 2.0.2.12610, time
stamp: 0x4c00573a Faulting module name: Adobe AIR.dll, version: 3.6.0.5920, time
stamp: 0x510610d1 Exception code: 0xc0000005 Fault offset: 0x00489d8d Faulting process
id: 0xf64 Faulting application start time: 0x01ce21c9446b394a Faulting application
path: X:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.249\deploy\LolClient.exe
Faulting
module path: X:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.249\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Report Id: 1764297e-8dbd-11e2-89ab-bcaec54ce1d6

Error - 3/15/2013 7:59:16 PM | Computer Name = ARMOR | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 3/15/2013 10:27:02 PM | Computer Name = ARMOR | Source = MouseKeyboardCenter | ID = 0
Description = Unknown Node:#text -->

Error - 3/16/2013 1:41:28 AM | Computer Name = ARMOR | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "e:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "e:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 3/16/2013 5:51:26 AM | Computer Name = ARMOR | Source = Application Error | ID = 1000
Description = Faulting application name: MotoHelperService.exe, version: 2.3.2.0,
time stamp: 0x5087212b Faulting module name: MotoHelperService.exe, version: 2.3.2.0,
time stamp: 0x5087212b Exception code: 0xc0000005 Fault offset: 0x0000d5ab Faulting
process id: 0x7e0 Faulting application start time: 0x01ce21f0037556fb Faulting application
path: C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
Faulting
module path: C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
Report
Id: 110750cb-8e1f-11e2-bc1d-bcaec54ce1d6

Error - 3/16/2013 6:14:27 PM | Computer Name = ARMOR | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 3/17/2013 12:06:44 AM | Computer Name = ARMOR | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "e:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "e:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 3/17/2013 4:42:55 AM | Computer Name = ARMOR | Source = MouseKeyboardCenter | ID = 0
Description = Unknown Node:#text -->

[ System Events ]
Error - 3/16/2013 6:00:25 PM | Computer Name = ARMOR | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 3/16/2013 6:00:33 PM | Computer Name = ARMOR | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 3/16/2013 6:11:35 PM | Computer Name = ARMOR | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.145.1834.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.


Error - 3/16/2013 6:11:35 PM | Computer Name = ARMOR | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.145.1834.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.


Error - 3/16/2013 7:28:49 PM | Computer Name = ARMOR | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 3/16/2013 7:28:59 PM | Computer Name = ARMOR | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 3/16/2013 7:51:51 PM | Computer Name = ARMOR | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 3/16/2013 7:52:01 PM | Computer Name = ARMOR | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 3/17/2013 5:59:15 PM | Computer Name = ARMOR | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 3/17/2013 5:59:23 PM | Computer Name = ARMOR | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.


< End of report >


GMER:

GMER 2.1.19155 - http://www.gmer.net
Rootkit scan 2013-03-17 18:35:50
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-6 C300-CTFDDAC064MAG rev.0006 59.63GB
Running: jnfmbjci.exe; Driver: E:\Users\DLee\AppData\Local\Temp\kxtdrpog.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760c1465 2 bytes [0C, 76]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760c14bb 2 bytes [0C, 76]
.text ... * 2
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760c1465 2 bytes [0C, 76]
.text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760c14bb 2 bytes [0C, 76]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1556:3560] 000007fef6eb3e0c
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1556:3564] 000007fef6eb3e0c
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1556:3568] 000007fef387c0d0

---- EOF - GMER 2.1 ----

RKreport:

RogueKiller V8.5.3 [Mar 16 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : DLee [Admin rights]
Mode : Scan -- Date : 03/17/2013 18:37:11
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> E:\windows\system32\config\SOFTWARE
-> E:\windows\system32\config\SYSTEM
-> E:\Users\Default\NTUSER.DAT
-> E:\Users\Default User\NTUSER.DAT
-> E:\Documents and Settings\Default\NTUSER.DAT
-> E:\Documents and Settings\Default User\NTUSER.DAT
-> E:\Documents and Settings\DLee\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: C300-CTFDDAC064MAG ATA Device +++++
--- User ---
[MBR] 0538b52fe0fa6ad02d8a39c0d4b5fdd8
[BSP] 5a63b846f26abbc02803449dbb75807a : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 61055 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Hitachi HDS721010CLA332 ATA Device +++++
--- User ---
[MBR] 85c9989d546a2e6f7e4c7d11a99663c5
[BSP] 819e259d1934326d0e865c6437c18f04 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD1002FAEX-00Z3A0 ATA Device +++++
--- User ---
[MBR] 890ab48bebe6705a4b27c9b8f077eb92
[BSP] 24befe68d9c7b0da0646d3f0df7ff191 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476827 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 976543744 | Size: 477039 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: WDC WD50 00AAVS-00ZTB0 USB Device +++++
--- User ---
[MBR] 89ff4efb974822c745921a2e350ef449
[BSP] 5035fe045e3a05e02977b94ffdb16be3 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: WDC WD50 00AAKS-00YGA0 USB Device +++++
--- User ---
[MBR] 5439e79ee42753b2640549e64cc4aa87
[BSP] 6f1f033653b10089e0667d560159efb0 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_03172013_02d1837.txt >>
RKreport[1]_S_03172013_02d1837.txt

Attached Files

•  OTL 03-17-2013.Txt   129.29KB   107 downloads
•  Extras 03-17-2013.Txt   71.76KB   149 downloads
•  GMER 03-17-2013.txt   1.97KB   139 downloads
•  RKreport1_S_03172013_02d1837.txt   4.49KB   123 downloads

[Jintan]

Post when ready.

[Daniel Christmas Lee]

Did you get the reports?

[Jintan]

Hmm, didn't see your post when I last posted. Some glitch I suspect. No malware showing here, but some adware browser changes made, and some very curious error logs that suggest more is involved.

The logs show a hosts file hack that is used to illegally run Adobe software, and an install of Adobe Creative Suite 6 Master Collection (sells for $1,000+ usd). As we don't support the use of stolen software, I would ask you to uninstall Adobe Creative before we can more forward here. Reboot after, then just post back when it is done and we'll forge ahead.

[Daniel Christmas Lee]

Hello Jintan,

I have deleted the pirated Adobe Creative Suite CS6. I was also thinking that it might be helpful to note that I run a lot of programs from my E: drive and not my C: drive, but my C: drive which is an SSD contains Windows... I also have 2 external USB drives as well as an X: partition off the E: and an additional U: drive.

I also went ahead and ran another OTL with Scan All Users selected. (Extras did not appear after this scan.)

I also ran RogueKiller. I didn't run GMER because I am pretty sure the same results would appear.

Please let me know how we will move forward. Thank you!


OTL V2:

OTL logfile created on: 3/17/2013 8:08:22 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Users\DLee\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

16.00 Gb Total Physical Memory | 14.26 Gb Available Physical Memory | 89.14% Memory free
31.99 Gb Paging File | 30.29 Gb Available in Paging File | 94.67% Paging File free
Paging file location(s): g:\pagefile.sys 0 0k:\pagefile.sy [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59.62 Gb Total Space | 25.92 Gb Free Space | 43.47% Space Free | Partition Type: NTFS
Drive E: | 465.65 Gb Total Space | 155.28 Gb Free Space | 33.35% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 263.07 Gb Free Space | 56.48% Space Free | Partition Type: NTFS
Drive U: | 931.51 Gb Total Space | 268.48 Gb Free Space | 28.82% Space Free | Partition Type: NTFS
Drive X: | 465.86 Gb Total Space | 306.06 Gb Free Space | 65.70% Space Free | Partition Type: NTFS

Computer Name: ARMOR | User Name: DLee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/17 18:11:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Users\DLee\Desktop\OTL.exe
PRC - [2012/11/09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) -- E:\Program Files (x86)\Updater\Updater.exe
PRC - [2012/10/23 15:58:52 | 000,120,728 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2012/10/23 15:58:40 | 000,694,168 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2010/07/07 10:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- E:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010/06/24 14:19:50 | 000,109,056 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
PRC - [2010/03/25 11:02:12 | 000,888,960 | ---- | M] (ASUSTeK Computer Inc.) -- E:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe
PRC - [2009/12/28 17:49:36 | 000,121,472 | ---- | M] (ASUSTeK Computer Inc.) -- E:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
PRC - [2009/05/21 16:09:04 | 000,172,032 | ---- | M] () -- E:\Program Files (x86)\ASUS\ASWLCCSVC.exe
PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/23 15:58:40 | 000,694,168 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
MOD - [2010/06/01 10:38:40 | 000,253,952 | ---- | M] () -- E:\Program Files\ASUS\TurboV EVO\pngio.dll
MOD - [2010/02/08 17:19:52 | 000,053,248 | ---- | M] () -- E:\Program Files\ASUS\TurboV EVO\HookKey32.dll
MOD - [2009/09/30 11:33:08 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2005/10/24 16:02:46 | 000,050,688 | ---- | M] () -- E:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\AsMultiLang.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/12/19 16:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/12/19 12:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:41:10 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\iprip.dll -- (iprip)
SRV - [2013/03/07 07:30:44 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/25 08:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/11/09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Running] -- E:\Program Files (x86)\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/23 15:58:52 | 000,120,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010/06/24 14:19:50 | 000,109,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 16:09:04 | 000,172,032 | ---- | M] () [Auto | Running] -- E:\Program Files (x86)\ASUS\ASWLCCSVC.exe -- (ASWLCCSvc)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/11 21:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013/02/07 13:42:52 | 002,201,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2013/01/29 19:15:04 | 000,075,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/01/29 19:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/12/19 13:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 12:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/06 04:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/09/26 00:54:21 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/11 12:56:34 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2012/06/08 17:09:12 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2012/06/08 17:08:54 | 000,008,832 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.0)
DRV:64bit: - [2012/03/30 07:49:08 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/25 15:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2011/11/08 14:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/04/27 09:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/27 09:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/10/28 11:59:08 | 000,045,752 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCASp50.sys -- (PCASp50)
DRV:64bit: - [2009/07/16 11:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2009/07/10 15:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb)
DRV:64bit: - [2009/06/10 13:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/29 19:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2007/04/23 19:12:44 | 000,739,760 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BisonCam.sys -- (Cam5603D)
DRV:64bit: - [2006/09/03 00:53:54 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2012/04/09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- E:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2009/10/28 11:59:08 | 000,045,752 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-80866519-203923749-430787433-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-80866519-203923749-430787433-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-80866519-203923749-430787433-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 B8 4B 00 BB F3 CB 01 [binary data]
IE - HKU\S-1-5-21-80866519-203923749-430787433-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-80866519-203923749-430787433-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-80866519-203923749-430787433-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-80866519-203923749-430787433-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=642886&p="
FF - prefs.js..browser.search.param.yahoo-fr: "&hsimp=yhs-affiliate_a_ff&hspart=greentree&type=642886"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\PROGRA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: E:\Users\DLee\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\DLee\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\DLee\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Users\DLee\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Users\DLee\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: E:\Program Files (x86)\Mozilla Firefox\components [2013/03/11 12:08:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: E:\Program Files (x86)\Mozilla Firefox\plugins

[2012/09/21 18:11:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Extensions
[2012/09/21 18:18:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions
[2012/09/21 18:15:09 | 000,000,000 | ---D | M] (Define Word) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{1395baf2-3aa6-4d0f-83d6-1d9b66a9420d}
[2012/09/21 18:15:09 | 000,000,000 | ---D | M] (Print/Print Preview) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}
[2012/09/21 18:18:08 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2012/09/21 18:15:10 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2012/09/21 18:15:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/21 18:15:10 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012/09/21 18:15:09 | 000,000,000 | ---D | M] (Show Picture) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2012/09/21 18:15:09 | 000,000,000 | ---D | M] (Multi Links) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\multilinks@plugin
[2012/09/21 18:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions
[2012/09/21 18:15:18 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2012/09/21 18:15:18 | 000,000,000 | ---D | M] (Define Word) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{1395baf2-3aa6-4d0f-83d6-1d9b66a9420d}
[2012/09/21 18:15:18 | 000,000,000 | ---D | M] (Print/Print Preview) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{19EB90DC-A456-458b-8AAC-616D91AAFCE1}
[2012/09/21 18:15:18 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/03/19 17:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/09/21 18:15:19 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2012/09/21 18:15:19 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012/09/21 18:15:19 | 000,000,000 | ---D | M] (Data Analytics) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{377364a4-d91a-47ea-87de-c3d7eaf221cd}
[2012/09/21 18:15:20 | 000,000,000 | ---D | M] (oldbar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}
[2012/09/21 18:15:21 | 000,000,000 | ---D | M] (FavLoc) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{472f4ef0-a825-11da-a746-0800200c9a66}
[2012/09/21 18:15:21 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2012/09/21 18:15:21 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2012/09/21 18:15:21 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2012/09/21 18:15:21 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2012/09/21 18:15:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/21 18:15:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2012/09/21 18:15:22 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012/09/21 18:15:23 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012/09/21 18:15:24 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2012/09/21 18:15:24 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2012/09/21 18:15:24 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2012/09/21 18:15:17 | 000,000,000 | ---D | M] (Show Picture) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2012/09/21 18:15:17 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2012/09/21 18:15:17 | 000,000,000 | ---D | M] ("Highlights") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2012/09/21 18:15:18 | 000,000,000 | ---D | M] ("SEO For Firefox") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2012/09/21 18:15:18 | 000,000,000 | ---D | M] (SeoQuake Plugin - Del.icio.us) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2012/09/21 18:15:18 | 000,000,000 | ---D | M] (SeoQuake Plugin - Seolinx) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2012/09/21 18:15:18 | 000,000,000 | ---D | M] ("Simple Timer") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\[email protected]
[2012/09/21 18:15:18 | 000,000,000 | ---D | M] (Site Information Tool) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\siteinfo@wmtips
[2012/09/21 18:15:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\staged-xpis
[2012/09/21 18:15:18 | 000,000,000 | ---D | M] ("Status-bar Scientific Calculator") -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\ststusscicalc@sunny
[2012/08/04 15:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\fnhvl5tp.default\extensions
[2012/07/05 19:12:45 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2012/06/25 19:27:30 | 000,082,787 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2012/05/03 22:50:55 | 000,025,907 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2012/06/14 22:24:25 | 000,139,765 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2012/05/03 22:44:28 | 000,042,919 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\[email protected]
[2012/09/18 18:27:21 | 000,506,361 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2012/09/21 18:18:08 | 000,079,135 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
[2012/07/24 17:26:40 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/07/23 17:30:53 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2009/03/18 14:40:42 | 000,019,153 | ---- | M] () (No name found) -- C:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\staged-xpis\{20a82645-c095-46ed-80e3-08825760534b}\MicrosoftDotNetFrameworkAssistant.xpi
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\DLee\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Users\DLee\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/03/16 16:40:30 | 000,446,198 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 15323 more lines...
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-80866519-203923749-430787433-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-80866519-203923749-430787433-1000\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [QFan Help] E:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe (ASUSTeK Computer Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-80866519-203923749-430787433-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-80866519-203923749-430787433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-80866519-203923749-430787433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3333508-2896-495F-9566-4737F2F7AC7B}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB5E2334-3E59-4F8D-8696-877AB6F123E7}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{07ca8828-3f49-11e2-9ee4-bcaec54ce1d6}\Shell - "" = AutoRun
O33 - MountPoints2\{07ca8828-3f49-11e2-9ee4-bcaec54ce1d6}\Shell\AutoRun\command - "" = H:\MotoCastSetup.exe -a
O33 - MountPoints2\{41189d8f-0438-11e2-98c9-f7d387e36a36}\Shell - "" = AutoRun
O33 - MountPoints2\{41189d8f-0438-11e2-98c9-f7d387e36a36}\Shell\AutoRun\command - "" = I:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-80866519-203923749-430787433-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/17 20:04:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/03/16 16:37:32 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/16 16:37:32 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/16 16:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/03/13 10:54:50 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/13 10:54:50 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/13 10:54:49 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/13 10:54:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/13 10:54:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/13 10:54:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/13 10:54:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/13 10:54:47 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/13 10:54:46 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/13 10:54:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/13 10:54:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/13 10:54:46 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/13 10:54:45 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/13 10:54:45 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/13 10:54:44 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/13 10:34:30 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023x.sys
[2013/03/13 10:34:30 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/03/11 11:52:41 | 000,000,000 | ---D | C] -- C:\Scratch
[2013/03/11 11:52:23 | 000,000,000 | ---D | C] -- E:\Users\DLee\Profiles
[2013/03/08 06:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2013/03/08 02:33:21 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/03/08 02:33:20 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/03/08 02:33:20 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/03/08 02:33:20 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/03/08 02:33:18 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/03/08 02:33:18 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/03/08 02:33:17 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/03/08 02:33:17 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/03/08 02:33:17 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/03/08 02:33:17 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/03/08 02:33:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/03/08 02:33:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/03/08 02:33:17 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/03/08 02:33:17 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/03/08 02:33:16 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/03/08 02:33:16 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/03/08 02:33:16 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/03/08 02:33:16 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/03/08 02:33:16 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/03/08 02:33:16 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/03/08 02:33:16 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/03/08 02:33:16 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/03/08 02:33:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/03/08 02:33:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/03/08 02:33:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/03/08 02:33:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/03/08 02:33:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/03/08 02:33:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/03/08 02:33:15 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/03/08 02:33:15 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/03/08 02:33:15 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/03/08 02:33:15 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/03/08 02:33:15 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/03/08 02:33:15 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/03/08 02:33:15 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/03/08 02:33:15 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/03/08 02:33:15 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/03/08 02:33:14 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/03/08 02:33:14 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/03/08 02:33:14 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/03/08 02:33:14 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/03/08 01:58:53 | 000,000,000 | ---D | C] -- C:\Users\DLee\Desktop\League of Legends
[2013/03/04 18:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/03/04 18:23:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/03/04 18:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/03/04 02:42:33 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2013/03/03 23:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013/03/03 23:16:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013/03/03 23:16:19 | 000,000,000 | ---D | C] -- E:\Users\DLee\.swt
[2013/03/01 23:16:33 | 001,085,344 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013/03/01 19:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dumps
[2013/02/28 19:37:00 | 000,000,000 | ---D | C] -- E:\Users\DLee\TAX 2012
[2013/02/27 15:02:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/02/27 15:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/02/20 22:24:16 | 000,000,000 | ---D | C] -- C:\XYZ
[2013/02/20 18:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2013/02/20 18:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2013/02/20 00:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\xml_param
[2013/02/20 00:31:38 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys
[2013/02/20 00:30:47 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys
[2013/02/20 00:29:47 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys
[2013/02/20 00:28:48 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys
[2013/02/20 00:28:18 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys
[2013/02/20 00:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aimersoft
[2013/02/20 00:28:14 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\Windows\SysWow64\iconv.dll
[2013/02/20 00:22:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2013/02/20 00:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2013/02/20 00:21:48 | 010,833,920 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\libmfxsw32.dll
[2013/02/20 00:21:47 | 010,915,840 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\libmfxhw32.dll
[2013/02/20 00:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2013/02/20 00:21:35 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013/02/20 00:21:35 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2013/02/20 00:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU

========== Files - Modified Within 30 Days ==========

[2013/03/17 20:07:20 | 004,956,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/03/17 20:07:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/17 19:32:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-80866519-203923749-430787433-1000UA.job
[2013/03/17 19:26:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-80866519-203923749-430787433-1000UA.job
[2013/03/17 18:32:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-80866519-203923749-430787433-1000Core.job
[2013/03/17 15:06:31 | 000,013,760 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/17 15:06:31 | 000,013,760 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/17 15:06:19 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/17 15:06:19 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/17 15:06:19 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/16 22:26:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-80866519-203923749-430787433-1000Core.job
[2013/03/16 16:40:30 | 000,446,198 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/03/16 16:37:32 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/16 16:37:32 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/11 12:08:29 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/03/10 15:46:14 | 000,772,990 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/09 14:40:52 | 000,000,544 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/03/08 06:20:05 | 000,000,649 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013/03/08 02:00:40 | 000,446,198 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130316-164030.backup
[2013/03/06 13:30:46 | 004,378,194 | ---- | M] () -- E:\Users\DLee\TAX 2012.zip
[2013/03/04 14:08:19 | 000,446,198 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130308-010040.backup
[2013/03/01 23:37:40 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013/03/01 23:37:40 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013/02/18 00:53:43 | 000,445,941 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130304-130819.backup
[2013/02/15 22:27:54 | 000,002,568 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys

========== Files Created - No Company Name ==========

[2013/03/08 06:20:05 | 000,000,649 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2013/03/06 13:30:46 | 004,378,194 | ---- | C] () -- E:\Users\DLee\TAX 2012.zip
[2013/03/01 23:11:35 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/03/01 23:11:35 | 000,000,817 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/02/20 00:28:14 | 000,675,840 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.ax
[2013/02/20 00:28:14 | 000,496,640 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2013/02/20 00:28:12 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
[2012/11/29 02:52:41 | 000,424,353 | ---- | C] () -- E:\Users\DLee\fPhWx.png
[2012/11/12 10:15:54 | 000,280,749 | ---- | C] () -- E:\Users\DLee\Old_poster_by_Waldemar_Kazak.jpg
[2012/10/24 19:58:19 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/10/24 19:58:19 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012/10/24 19:58:04 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2012/10/21 17:02:31 | 000,000,088 | -HS- | C] () -- C:\Windows\SysWow64\B95B2ED45B.sys
[2012/10/21 01:25:06 | 000,002,568 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012/10/09 00:03:21 | 000,016,578 | ---- | C] () -- E:\Users\DLee\525939_10102065825111747_1243328490_n.jpg
[2012/10/07 20:17:55 | 000,387,877 | ---- | C] () -- E:\Users\DLee\9b437880-f324-012f-85f0-123138041608.jpg
[2012/10/07 20:07:58 | 000,155,766 | ---- | C] () -- E:\Users\DLee\21d2f330-f323-012f-4465-1231381a1446.jpg
[2012/09/26 21:10:45 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/09/25 23:39:29 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012/09/25 23:39:29 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012/09/25 00:38:50 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2012/09/23 01:51:20 | 000,000,706 | ---- | C] () -- E:\Users\DLee\LiveCam.lnk
[2012/09/23 01:47:44 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
[2012/09/23 01:35:07 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2012/09/23 01:32:02 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012/09/23 01:32:02 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/09/22 11:59:15 | 000,000,082 | ---- | C] () -- E:\Users\DLee\cc_20120922_115907.reg
[2012/09/22 11:53:45 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/21 15:15:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/09/21 15:08:03 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/08/23 20:43:30 | 000,053,710 | ---- | C] () -- E:\Users\DLee\521928_699716595901_1000917956_n.jpg
[2012/07/27 18:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/27 18:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/07/18 15:49:06 | 000,060,304 | ---- | C] () -- E:\Users\DLee\g2mdlhlpx.exe
[2012/07/15 17:12:54 | 000,012,703 | ---- | C] () -- E:\Users\DLee\BlackDragonButterflyKnife_540.jpg
[2012/05/03 22:57:20 | 000,001,852 | ---- | C] () -- E:\Users\DLee\Firefox Recovery Key.html
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/30 22:21:59 | 000,225,698 | ---- | C] () -- E:\Users\DLee\522934_692759349564_201301381_33961965_1242445336_n (1).jpg
[2012/04/26 23:49:46 | 000,225,698 | ---- | C] () -- E:\Users\DLee\522934_692759349564_201301381_33961965_1242445336_n.jpg
[2012/04/23 23:42:09 | 000,142,140 | ---- | C] () -- E:\Users\DLee\J0KUE.jpg
[2012/04/22 20:48:27 | 000,727,258 | ---- | C] () -- E:\Users\DLee\hhlXr.jpg
[2012/04/22 20:35:49 | 000,402,624 | ---- | C] () -- E:\Users\DLee\23iVE.png
[2012/04/22 20:29:01 | 003,215,704 | ---- | C] () -- E:\Users\DLee\U83Nv.gif
[2012/04/22 19:43:50 | 000,775,117 | ---- | C] () -- E:\Users\DLee\SH6Si.jpg
[2012/03/29 20:19:28 | 002,035,369 | ---- | C] () -- E:\Users\DLee\RWbMh.gif
[2012/03/29 19:57:26 | 000,031,513 | ---- | C] () -- E:\Users\DLee\o3rMB.jpg
[2012/03/26 22:55:54 | 000,020,162 | ---- | C] () -- E:\Users\DLee\head_banner2.png
[2012/03/26 22:55:17 | 000,263,549 | ---- | C] () -- E:\Users\DLee\header_outreach.png
[2012/03/17 15:27:17 | 000,060,690 | ---- | C] () -- E:\Users\DLee\028Fi.jpg
[2012/03/17 15:22:35 | 000,026,615 | ---- | C] () -- E:\Users\DLee\OeXId.jpg
[2012/03/17 15:06:08 | 001,967,871 | ---- | C] () -- E:\Users\DLee\VoKn3.gif
[2012/03/17 01:26:53 | 000,196,960 | ---- | C] () -- E:\Users\DLee\Tu3vd.jpg
[2012/03/17 01:23:48 | 000,026,145 | ---- | C] () -- E:\Users\DLee\kG7qr.png
[2012/03/17 01:17:21 | 000,054,914 | ---- | C] () -- E:\Users\DLee\cZK8S.jpg
[2012/03/17 00:43:39 | 000,510,901 | ---- | C] () -- E:\Users\DLee\EyMXC.gif
[2012/03/14 23:12:22 | 000,038,878 | ---- | C] () -- E:\Users\DLee\313824_010_n.jpg
[2012/03/14 23:11:20 | 000,038,878 | ---- | C] () -- E:\Users\DLee\mail.google.com
[2012/03/04 19:57:05 | 000,073,958 | ---- | C] () -- E:\Users\DLee\419059_1507580045708_1120500823_30885928_849110466_n.jpg
[2012/02/26 22:44:17 | 000,091,736 | ---- | C] () -- E:\Users\DLee\418945_194826803957023_100002891151572_274340_144036853_n.jpg
[2012/02/26 22:42:55 | 000,156,471 | ---- | C] () -- E:\Users\DLee\246079567109254825_hSTsd8iz_c.jpg
[2012/02/25 22:19:45 | 001,638,400 | ---- | C] () -- E:\Users\DLee\omfgdogs.mp3
[2012/02/25 22:17:39 | 000,542,471 | ---- | C] () -- E:\Users\DLee\omfgdogs.gif
[2012/02/21 01:27:38 | 000,055,784 | ---- | C] () -- E:\Users\DLee\427110_10100663564692867_3600443_56173304_1559872594_n.jpg
[2012/02/15 08:03:47 | 000,016,954 | ---- | C] () -- E:\Users\DLee\409376_378941472135312_205344452828349_1395421_1482267596_n.jpg
[2012/02/12 19:06:15 | 000,024,829 | ---- | C] () -- E:\Users\DLee\432330_10150554871468546_591728545_8891908_585744766_n.jpg
[2012/02/12 14:01:04 | 000,075,678 | ---- | C] () -- E:\Users\DLee\68700_10150292547240117_302201620116_15155542_884879_n.jpg
[2012/02/11 21:28:31 | 000,169,131 | ---- | C] () -- E:\Users\DLee\2-11-2012 8-28-31 PM.jpg
[2012/02/11 21:22:26 | 000,085,727 | ---- | C] () -- E:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.26_[2012.02.11_20.22.25].jpg
[2012/02/11 21:22:24 | 000,076,682 | ---- | C] () -- E:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.24_[2012.02.11_20.22.23].jpg
[2012/02/11 21:22:22 | 000,084,626 | ---- | C] () -- E:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.21_[2012.02.11_20.22.20].jpg
[2012/02/11 21:22:13 | 000,065,024 | ---- | C] () -- E:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.16_[2012.02.11_20.22.12].jpg
[2012/02/11 21:22:06 | 000,052,997 | ---- | C] () -- E:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.12_[2012.02.11_20.22.05].jpg
[2012/02/11 21:21:45 | 000,074,819 | ---- | C] () -- E:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.44_[2012.02.11_20.21.44].jpg
[2012/02/11 21:21:28 | 000,075,280 | ---- | C] () -- E:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.32_[2012.02.11_20.21.26].jpg
[2012/02/11 21:21:21 | 000,087,204 | ---- | C] () -- E:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.30_[2012.02.11_20.21.19].jpg
[2012/02/11 21:21:04 | 000,090,681 | ---- | C] () -- E:\Users\DLee\VID_20120211_201837.3gp_snapshot_00.26_[2012.02.11_20.21.01].jpg
[2012/02/11 19:45:13 | 000,127,096 | ---- | C] () -- E:\Users\DLee\2587956_700b.jpg
[2012/02/11 01:21:13 | 000,070,948 | ---- | C] () -- E:\Users\DLee\Walther Standing.jpg
[2012/02/08 19:58:40 | 000,079,510 | ---- | C] () -- E:\Users\DLee\281578_2026807263257_1036317068_31959519_3094117_n.jpg
[2012/02/07 19:39:25 | 000,000,305 | ---- | C] () -- E:\Users\DLee\l.php
[2012/02/07 18:58:39 | 000,059,854 | ---- | C] () -- E:\Users\DLee\420964_665579498204_201301381_33851538_484325604_n.jpg
[2012/02/02 20:09:38 | 000,044,231 | ---- | C] () -- E:\Users\DLee\396296_10150615620547429_533717428_10881579_1823029198_n.jpg
[2012/01/28 11:41:56 | 000,007,534 | ---- | C] () -- E:\Users\DLee\420427_317348844974675_131437750232453_900474_797310643_n.jpg
[2011/12/20 01:57:21 | 000,037,039 | ---- | C] () -- E:\Users\DLee\bikelift.htm
[2011/12/12 19:52:35 | 000,165,273 | ---- | C] () -- E:\Users\DLee\RUNholidayparty-8.jpg
[2011/12/12 19:52:12 | 000,500,108 | ---- | C] () -- E:\Users\DLee\RUNholidayparty-5.jpg
[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/06/13 03:43:17 | 000,000,163 | ---- | C] () -- E:\Users\DLee\flv.reg
[2011/06/10 00:48:39 | 002,387,623 | ---- | C] () -- E:\Users\DLee\protein_guide_v3.pdf
[2011/03/24 23:30:52 | 003,713,534 | ---- | C] () -- E:\Users\DLee\guitarjamz_ultimate_guitar_manual.pdf
[2011/03/24 04:11:10 | 000,001,007 | ---- | C] () -- E:\Users\DLee\PC Benchmark 3-25-11.htm
[2011/03/21 20:51:27 | 000,000,899 | ---- | C] () -- E:\Users\DLee\George off.exe - Shortcut.lnk
[2011/03/21 05:44:15 | 000,000,799 | ---- | C] () -- E:\Users\DLee\ASIO4ALL v2 Instruction Manual.lnk

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 1343 bytes -> C:\ProgramData\Microsoft:0W3Y9k6estow6ZALHWQL
@Alternate Data Stream - 1193 bytes -> C:\ProgramData\Microsoft:WircfwojjIUmYtMlSVdd
@Alternate Data Stream - 1187 bytes -> C:\Program Files\Common Files\Microsoft Shared:Jz77p2Ukdsg0XTfpG6QUTcgjxkYEv
@Alternate Data Stream - 1148 bytes -> C:\ProgramData\Microsoft:ERZSStxkCfV7Yyk5ZTJYcx

< End of report >


RKreport V2:

RogueKiller V8.5.3 [Mar 16 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : DLee [Admin rights]
Mode : Scan -- Date : 03/17/2013 20:15:51
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> E:\windows\system32\config\SOFTWARE
-> E:\windows\system32\config\SYSTEM
-> E:\Users\Default\NTUSER.DAT
-> E:\Users\Default User\NTUSER.DAT
-> E:\Documents and Settings\Default\NTUSER.DAT
-> E:\Documents and Settings\Default User\NTUSER.DAT
-> E:\Documents and Settings\DLee\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: C300-CTFDDAC064MAG ATA Device +++++
--- User ---
[MBR] 0538b52fe0fa6ad02d8a39c0d4b5fdd8
[BSP] 5a63b846f26abbc02803449dbb75807a : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 61055 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Hitachi HDS721010CLA332 ATA Device +++++
--- User ---
[MBR] 85c9989d546a2e6f7e4c7d11a99663c5
[BSP] 819e259d1934326d0e865c6437c18f04 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WDC WD1002FAEX-00Z3A0 ATA Device +++++
--- User ---
[MBR] 890ab48bebe6705a4b27c9b8f077eb92
[BSP] 24befe68d9c7b0da0646d3f0df7ff191 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476827 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 976543744 | Size: 477039 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: WDC WD50 00AAVS-00ZTB0 USB Device +++++
--- User ---
[MBR] 89ff4efb974822c745921a2e350ef449
[BSP] 5035fe045e3a05e02977b94ffdb16be3 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: WDC WD50 00AAKS-00YGA0 USB Device +++++
--- User ---
[MBR] 5439e79ee42753b2640549e64cc4aa87
[BSP] 6f1f033653b10089e0667d560159efb0 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_S_03172013_02d2015.txt >>
RKreport[1]_S_03172013_02d1837.txt ; RKreport[2]_S_03172013_02d2015.txt

[Daniel Christmas Lee]

I ran OTL a third time enabling the Extras Safelist:

OTL Extras logfile created on: 3/17/2013 8:32:04 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Users\DLee\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

16.00 Gb Total Physical Memory | 13.64 Gb Available Physical Memory | 85.27% Memory free
31.99 Gb Paging File | 29.66 Gb Available in Paging File | 92.70% Paging File free
Paging file location(s): g:\pagefile.sys 0 0k:\pagefile.sy [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59.62 Gb Total Space | 25.90 Gb Free Space | 43.43% Space Free | Partition Type: NTFS
Drive E: | 465.65 Gb Total Space | 155.28 Gb Free Space | 33.35% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 263.07 Gb Free Space | 56.48% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 206.61 Gb Free Space | 44.36% Space Free | Partition Type: NTFS
Drive U: | 931.51 Gb Total Space | 268.48 Gb Free Space | 28.82% Space Free | Partition Type: NTFS
Drive X: | 465.86 Gb Total Space | 306.06 Gb Free Space | 65.70% Space Free | Partition Type: NTFS

Computer Name: ARMOR | User Name: DLee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-80866519-203923749-430787433-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- E:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
.pif [@ = piffile] -- Reg Error: Key error. File not found
.txt [@ = txtfile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Program Files\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "E:\Program Files\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Program Files\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "E:\Program Files\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C5D1786-1123-425A-BD9D-797AC33AFFD6}" = lport=139 | protocol=6 | dir=in | app=system |
"{0F907FEE-3CE9-4F4F-8A13-4BA98DF17343}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{1CFC328C-D0F2-4AC5-B605-038363D2D8CA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{27E3DAAF-1827-4E61-B29E-718486A2605D}" = lport=137 | protocol=17 | dir=in | app=system |
"{565C1DD7-B6D6-4FF7-A892-BB1006C6D9DA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{66AFB05F-2AC2-4EFF-9718-AE941F334A83}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{78FDC5C0-CCA9-481F-90C2-C10B1524BCCC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{84C6E59A-544B-423D-A156-A194520DB455}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B122C0DB-3B91-47FC-A05C-CBC1E16956B1}" = rport=138 | protocol=17 | dir=out | app=system |
"{BC6BC3D1-56A0-4F3C-931E-E273D175C6CD}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{BE82880A-5802-46F4-9DC1-E49253E4641A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{C4CD8799-6A6E-4D63-B08F-CA667A92890C}" = lport=445 | protocol=6 | dir=in | app=system |
"{C4DA08CB-7BAF-449D-A312-33AAE2D6ADCA}" = lport=138 | protocol=17 | dir=in | app=system |
"{C96B67AB-6BB3-4021-89D7-553F89289508}" = rport=137 | protocol=17 | dir=out | app=system |
"{D4AA0075-4463-423A-9FB2-B6A2EEC5F36D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E043ECE3-E62B-47B1-B1CD-D72C58CE2B6C}" = rport=445 | protocol=6 | dir=out | app=system |
"{F9FAEABC-0F94-4A27-B068-3BE8A24A98A1}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01721E9E-BE9C-413A-B9EF-417602BB4B1D}" = protocol=6 | dir=in | app=u:\steam\steamapps\common\aaaaaaaaaaaaaaaaaaaaaaaaa!!!\main.exe |
"{0FCA5325-B05F-45F0-BFE1-1F3BB46E4041}" = protocol=17 | dir=in | app=u:\steam\steam.exe |
"{1465ED48-2175-4875-8C15-A20A06A47B21}" = protocol=17 | dir=in | app=u:\steam\steam.exe |
"{2008E2EA-9CD7-4E89-A8AF-C70D679724BE}" = protocol=17 | dir=in | app=u:\steam\steamapps\common\braid\braid.exe |
"{22103424-5A56-4896-B6B2-14BF29CEA092}" = protocol=58 | dir=in | [email protected],-28545 |
"{2449C501-0647-4AAE-99E7-19561E318B08}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{278DCFC2-8659-416B-9C81-21FBC108CFEC}" = dir=in | app=e:\users\dlee\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{27CA329B-CAD3-4AA1-BAFD-EBC9F5339708}" = protocol=17 | dir=in | app=e:\users\dlee\appdata\local\vghd\bin\virtuagirl_downloader.exe |
"{2F74DE67-B67D-47BC-A936-BEB63BD79893}" = protocol=17 | dir=in | app=u:\steam\bin\x64launcher.exe |
"{3370BAD7-161A-426C-A504-B81D56677B76}" = protocol=6 | dir=in | app=e:\users\dlee\appdata\local\vghd\bin\virtuagirl_downloader.exe |
"{431C4791-A36C-4568-B996-6EEFE9D521B8}" = dir=in | app=e:\program files (x86)\phone\skype.exe |
"{530DD29B-6412-4C2F-B440-57B15C2E049E}" = dir=out | app=e:\program files (x86)\corel paintshop pro x5\corel paintshop pro.exe |
"{5BBD984E-D6E9-422B-AA38-B1438C64F38D}" = dir=in | app=%systemdrive%\riot games\league of legends\lol.launcher.admin.exe |
"{69EF61AA-7855-4238-B8FB-CCEE3149461A}" = protocol=58 | dir=out | [email protected],-28546 |
"{6CD91677-D8C4-4CD9-8110-4AA23579FF53}" = protocol=6 | dir=in | app=e:\program files (x86)\utorrent\utorrent.exe |
"{6D21D3F3-409E-4CE2-B5D0-E3512BC726B6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6ED88F6E-8D47-48DB-8241-31CB86238607}" = protocol=6 | dir=in | app=u:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{6F2872E9-9198-41BB-90C5-C627AEFF15A3}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7190751D-2503-4D01-A14D-78462760B619}" = dir=out | app=%systemdrive%\riot games\league of legends\lol.launcher.exe |
"{786B0321-3F7D-4500-8885-4F9B206170A1}" = protocol=6 | dir=in | app=u:\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{8A744D6A-F5F0-49A0-877C-B8C1ABB1CABB}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8E807E21-4CF4-4523-8A17-6D6DF0325B98}" = protocol=17 | dir=in | app=u:\steam\steamapps\common\dwarfs - f2p\dwarfs.exe |
"{91EBDBF5-0647-475B-A575-19157472C683}" = protocol=17 | dir=in | app=u:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{A6392A3D-0553-41FA-A89B-D9D240F5CFF7}" = protocol=1 | dir=out | [email protected],-28544 |
"{A8D89509-DEC5-45A8-AE4F-9143BBD218C4}" = protocol=17 | dir=in | app=e:\users\dlee\appdata\local\vghd\bin\virtuagirl_downloader.exe |
"{B8292E6B-B83B-4C6B-88A1-D3FB10F36317}" = protocol=6 | dir=in | app=u:\steam\steamapps\common\dwarfs - f2p\dwarfs.exe |
"{B9F00B78-F607-456F-A790-3B0ED89ADEB6}" = protocol=6 | dir=in | app=u:\steam\bin\steamservice.exe |
"{BAF8FC2A-D991-445C-A173-6FA69E45AFE8}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BC0BE8B2-6EFC-48BE-BE81-6170E268F416}" = protocol=17 | dir=in | app=u:\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{BC5314CE-F8CC-4CC5-BAD8-42519DD6FE8B}" = dir=out | app=%systemdrive%\riot games\league of legends\lol.launcher.admin.exe |
"{C5072DBB-C85F-48BE-B61F-20F8F637FB03}" = protocol=6 | dir=in | app=u:\steam\bin\x64launcher.exe |
"{C99893B7-422A-455E-86B6-53046888F8D2}" = protocol=17 | dir=in | app=u:\steam\steamapps\common\aaaaaaaaaaaaaaaaaaaaaaaaa!!!\main.exe |
"{CC9B5CC7-D1B1-477B-82B9-E2857141BBA8}" = protocol=1 | dir=in | [email protected],-28543 |
"{D7908FB9-B12A-4F21-9C16-94DFB2DF6A42}" = dir=in | app=%systemdrive%\riot games\league of legends\lol.launcher.exe |
"{D7FAAD23-F07B-446F-8F2C-63A199433B57}" = protocol=6 | dir=in | app=u:\steam\steam.exe |
"{E3284D55-4D9A-44D9-AE0F-B46ED51CAF1D}" = protocol=17 | dir=in | app=u:\steam\bin\steamservice.exe |
"{EC3CCE49-9A12-4DCB-A928-3D39F62B55F2}" = protocol=17 | dir=in | app=u:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{F4614FC0-D795-4EF8-9A05-33CD1597E29D}" = protocol=6 | dir=in | app=u:\steam\steam.exe |
"{F8A9D6E4-E82A-452A-9ADB-EF5826ACBC53}" = protocol=6 | dir=in | app=u:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{FBCB7C04-F7C9-45F1-BE0A-8332A68C5273}" = protocol=6 | dir=in | app=e:\users\dlee\appdata\local\vghd\bin\virtuagirl_downloader.exe |
"{FE3B13DC-198B-4C87-A306-A348153F3DB1}" = protocol=6 | dir=in | app=u:\steam\steamapps\common\braid\braid.exe |
"{FEF3C226-7228-4F6A-8F04-1C2C415EA7EB}" = protocol=17 | dir=in | app=e:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{16CB17B1-0B1C-4E76-97C1-00E6C3433CE7}E:\program files (x86)\sonos\sonos.exe" = protocol=6 | dir=in | app=e:\program files (x86)\sonos\sonos.exe |
"TCP Query User{6892D4AF-FC16-46E7-911C-7219DE6A525E}E:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=e:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{7F6DBF6F-02FD-458F-BFCC-8CDFBCC30082}U:\steam\steamapps\necker_cube\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=u:\steam\steamapps\necker_cube\team fortress 2\hl2.exe |
"TCP Query User{90C23558-5BB9-48AF-9D42-89E8C5E01137}U:\steam\steamapps\common\counter-strike global offensive\csgo.exe" = protocol=6 | dir=in | app=u:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"TCP Query User{EB5F5D52-8237-4E6A-B744-8FAA850861DF}E:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe" = protocol=6 | dir=in | app=e:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe |
"TCP Query User{F24E5364-D790-4950-ADB1-8BD18FAE0B7C}E:\users\dlee\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=e:\users\dlee\appdata\local\akamai\netsession_win.exe |
"TCP Query User{FE79B7EF-D3F9-43D9-9034-743E51205214}C:\program files (x86)\sonos\sonos.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sonos\sonos.exe |
"UDP Query User{0BB202F0-8428-4F36-B9BD-11AE270C997C}C:\program files (x86)\sonos\sonos.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sonos\sonos.exe |
"UDP Query User{5280964A-580E-4DCB-9A1E-DF583AD0DA10}E:\program files (x86)\sonos\sonos.exe" = protocol=17 | dir=in | app=e:\program files (x86)\sonos\sonos.exe |
"UDP Query User{658C9BD9-01EC-475E-917B-54E9698A22F2}E:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe" = protocol=17 | dir=in | app=e:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe |
"UDP Query User{8B64AC00-26B5-4538-BFAE-3BABBCA5A9F0}U:\steam\steamapps\necker_cube\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=u:\steam\steamapps\necker_cube\team fortress 2\hl2.exe |
"UDP Query User{91BD340E-5B26-4A5C-B78B-94D98E07474C}U:\steam\steamapps\common\counter-strike global offensive\csgo.exe" = protocol=17 | dir=in | app=u:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"UDP Query User{D05AAFC4-4AD5-4875-B94F-3B49F2DF2C0B}E:\users\dlee\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=e:\users\dlee\appdata\local\akamai\netsession_win.exe |
"UDP Query User{F74A4662-12B3-494E-B4AB-B2BF5BCD99D2}E:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=e:\program files (x86)\java\jre7\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{24F93B56-61F5-415F-85B9-AA444DA34AFC}" = Microsoft Mouse and Keyboard Center
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = MPC-HC 1.6.5.6366 (64-bit)
"{3145731D-C578-70ED-899F-7A670D2A6662}" = AMD Fuel
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E7CCB76-687B-4C53-9A5E-08780AF3A551}" = Motorola Mobile Drivers Installation 5.9.0
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{8A61B820-598D-05B2-5F8D-7388E15AE2DB}" = AMD Drag and Drop Transcoding
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.SingleImage_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.SingleImage_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.SingleImage_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.SingleImage_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.SingleImage_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.SingleImage" = Microsoft Office Home and Student 2010

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = ASUS USB2.0 Webcam
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}" = Sonos Controller
"{7E48AFD3-F28A-4E54-99A8-9F3A4A27DBC4}" = Brother MFL-Pro Suite MFC-440CN
"{81DE15C9-5390-4533-81DF-2DC936C1A40C}" = Motorola Device Software Update
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8F722FA9-B994-4C9B-B292-FD32D6206EDF}" = ASUS WLAN Card Utilities/Driver
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98823CC0-51DA-565C-FF90-DCC72D47BD24}" = Amazon Music Importer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = Realtek PC Camera
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aimersoft DRM Media Converter_is1" = Aimersoft DRM Media Converter(Build 1.4.7.2)
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.amazon.music.uploader" = Amazon Music Importer
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Magic Set Editor 2_is1" = Magic Set Editor 2.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Steam App 440" = Team Fortress 2
"Steam App 730" = Counter-Strike: Global Offensive
"Winamp" = Winamp

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-80866519-203923749-430787433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"VirtuaGirl_is1" = VirtuaGirl version 1.1.0.38
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/15/2013 6:10:06 PM | Computer Name = ARMOR | Source = Application Error | ID = 1000
Description = Faulting application name: LolClient.exe, version: 2.0.2.12610, time
stamp: 0x4c00573a Faulting module name: Adobe AIR.dll, version: 3.6.0.5920, time
stamp: 0x510610d1 Exception code: 0xc0000005 Fault offset: 0x00489d8d Faulting process
id: 0xf64 Faulting application start time: 0x01ce21c9446b394a Faulting application
path: X:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.249\deploy\LolClient.exe
Faulting
module path: X:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.249\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Report Id: 1764297e-8dbd-11e2-89ab-bcaec54ce1d6

Error - 3/15/2013 7:59:16 PM | Computer Name = ARMOR | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 3/15/2013 10:27:02 PM | Computer Name = ARMOR | Source = MouseKeyboardCenter | ID = 0
Description = Unknown Node:#text -->

Error - 3/16/2013 1:41:28 AM | Computer Name = ARMOR | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "e:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "e:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 3/16/2013 5:51:26 AM | Computer Name = ARMOR | Source = Application Error | ID = 1000
Description = Faulting application name: MotoHelperService.exe, version: 2.3.2.0,
time stamp: 0x5087212b Faulting module name: MotoHelperService.exe, version: 2.3.2.0,
time stamp: 0x5087212b Exception code: 0xc0000005 Fault offset: 0x0000d5ab Faulting
process id: 0x7e0 Faulting application start time: 0x01ce21f0037556fb Faulting application
path: C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
Faulting
module path: C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
Report
Id: 110750cb-8e1f-11e2-bc1d-bcaec54ce1d6

Error - 3/16/2013 6:14:27 PM | Computer Name = ARMOR | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 3/17/2013 12:06:44 AM | Computer Name = ARMOR | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "e:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "e:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 3/17/2013 4:42:55 AM | Computer Name = ARMOR | Source = MouseKeyboardCenter | ID = 0
Description = Unknown Node:#text -->

Error - 3/17/2013 6:21:28 PM | Computer Name = ARMOR | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 3/17/2013 9:31:15 PM | Computer Name = ARMOR | Source = Application Error | ID = 1000
Description = Faulting application name: jnfmbjci.exe, version: 2.1.19155.0, time
stamp: 0x51349f87 Faulting module name: jnfmbjci.exe, version: 2.1.19155.0, time
stamp: 0x51349f87 Exception code: 0xc0000005 Fault offset: 0x0008c86e Faulting process
id: 0xb90 Faulting application start time: 0x01ce23773b74b468 Faulting application
path: E:\Users\DLee\Desktop\jnfmbjci.exe Faulting module path: E:\Users\DLee\Desktop\jnfmbjci.exe
Report
Id: 85e65c21-8f6b-11e2-bc94-bcaec54ce1d6

Error - 3/17/2013 11:05:55 PM | Computer Name = ARMOR | Source = Application Error | ID = 1000
Description = Faulting application name: LolClient.exe, version: 2.0.2.12610, time
stamp: 0x4c00573a Faulting module name: Adobe AIR.dll, version: 3.6.0.5920, time
stamp: 0x510610d1 Exception code: 0xc0000005 Fault offset: 0x001cf816 Faulting process
id: 0xa1c Faulting application start time: 0x01ce2379f05d8920 Faulting application
path: X:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.249\deploy\LolClient.exe
Faulting
module path: X:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.249\deploy\Adobe
AIR\Versions\1.0\Adobe AIR.dll Report Id: bf70697d-8f78-11e2-bc94-bcaec54ce1d6

[ System Events ]
Error - 3/16/2013 6:11:35 PM | Computer Name = ARMOR | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.145.1834.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.


Error - 3/16/2013 6:11:35 PM | Computer Name = ARMOR | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.145.1834.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.


Error - 3/16/2013 7:28:49 PM | Computer Name = ARMOR | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 3/16/2013 7:28:59 PM | Computer Name = ARMOR | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 3/16/2013 7:51:51 PM | Computer Name = ARMOR | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 3/16/2013 7:52:01 PM | Computer Name = ARMOR | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 3/17/2013 5:59:15 PM | Computer Name = ARMOR | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 3/17/2013 5:59:23 PM | Computer Name = ARMOR | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 3/17/2013 11:07:10 PM | Computer Name = ARMOR | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 3/17/2013 11:07:18 PM | Computer Name = ARMOR | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.


< End of report >

[Jintan]

Please download AdwCleaner by Xplode onto your desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Search.
• A logfile will automatically open after the scan has finished.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[R1].txt as well.

[Daniel Christmas Lee]

Thank you for responding Jintan.

I ran Adwcleaner and here is the log:

# AdwCleaner v2.115 - Logfile created 03/18/2013 at 17:32:45
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : DLee - ARMOR
# Boot Mode : Normal
# Running from : E:\Users\DLee\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : E:\Users\DLee\AppData\Local\PackageAware
Folder Found : E:\Users\DLee\AppData\Local\vghd
Folder Found : E:\Users\DLee\AppData\LocalLow\Search Settings
Folder Found : E:\Users\DLee\AppData\LocalLow\Vuze_Remote
Folder Found : E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
Folder Found : E:\Users\DLee\AppData\Roaming\vghd

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Software\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Search Settings

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\prefs.js

[OK] File is clean.

File : E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\prefs.js

Found : user_pref("gm-notifier.ui.counter.showInbox", true);
Found : user_pref("sessionsaver.static.default.session1", "session1 1363 765 69 56 111111 0 2 z1 |22[...]

File : E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\fnhvl5tp.default\prefs.js

[OK] File is clean.

File : E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tsvpoq0v.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : E:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1942 octets] - [18/03/2013 17:32:45]

########## EOF - E:\AdwCleaner[R1].txt - [2002 octets] ##########

[Jintan]

Looks more like adware/search hijacker remnants than something that would effect your browser.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• You will be prompted to restart your computer. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Open AdwCleaner, and click the Uninstall button to have it remove itself.

----------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications

Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log please. That scan will include the other drives as well.

[Daniel Christmas Lee]

Hello Jintan,

The ESET scan found no threats, attached is a screenshot of the finished scan.

Here is the AdwCleaner log:

# AdwCleaner v2.115 - Logfile created 03/18/2013 at 18:54:11
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : DLee - ARMOR
# Boot Mode : Normal
# Running from : E:\Users\DLee\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : E:\Users\DLee\AppData\Local\PackageAware
Folder Deleted : E:\Users\DLee\AppData\Local\vghd
Folder Deleted : E:\Users\DLee\AppData\LocalLow\Search Settings
Folder Deleted : E:\Users\DLee\AppData\LocalLow\Vuze_Remote
Folder Deleted : E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
Folder Deleted : E:\Users\DLee\AppData\Roaming\vghd

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Search Settings

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\b0pajpvg.Daniel\prefs.js

[OK] File is clean.

File : E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\bpz41sfe.Work\prefs.js

Deleted : user_pref("gm-notifier.ui.counter.showInbox", true);
Deleted : user_pref("sessionsaver.static.default.session1", "session1 1363 765 69 56 111111 0 2 z1 |22[...]

File : E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\fnhvl5tp.default\prefs.js

[OK] File is clean.

File : E:\Users\DLee\AppData\Roaming\Mozilla\Firefox\Profiles\tsvpoq0v.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : E:\Users\DLee\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2071 octets] - [18/03/2013 17:32:45]
AdwCleaner[R2].txt - [2131 octets] - [18/03/2013 18:54:05]
AdwCleaner[S1].txt - [2088 octets] - [18/03/2013 18:54:11]

########## EOF - E:\AdwCleaner[S1].txt - [2148 octets] ##########

[Jintan]

Time for an update then. Post back on what problems still remain please.