Inactive [A] Still yet more Win64/Sirefef.AE

Status
Not open for further replies.
L

LobowolfXXX

Posts: 28   +0
I'm getting pop-up warnings from Eset for the above, and a few other related threats. Sometimes it's telling me the threats are being quaranties; sometimes it says they can't be cleaned. The PatchedB.Gen is another one that comes up a lot. Despite the warnings, though, Eset scanned clean. MBAB found and removed one threat, but I'm still getting the popups. GMER did not give me a log, but here are the other ones:


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.24.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Dan :: LAWMONSTER [administrator]

6/24/2012 11:23:58 AM
mbam-log-2012-06-24 (11-23-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214022
Time elapsed: 3 minute(s), 24 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\Installer\{2530ad49-bb07-94ba-ed79-1caa08e8bbf1}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
(end)

************
Here's the attach log from DDS:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/27/2010 10:26:15 PM
System Uptime: 6/24/2012 11:33:41 AM (1 hours ago)
.
Motherboard: TOSHIBA | | Qosmio X505
Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz | CPU 1 | 1317/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 376.339 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASDIFSV
Device ID: ROOT\LEGACY_SASDIFSV\0000
Manufacturer:
Name: SASDIFSV
PNP Device ID: ROOT\LEGACY_SASDIFSV\0000
Service: SASDIFSV
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASKUTIL
Device ID: ROOT\LEGACY_SASKUTIL\0000
Manufacturer:
Name: SASKUTIL
PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
Service: SASKUTIL
.
==== System Restore Points ===================
.
RP783: 6/15/2012 11:12:02 AM - Windows Update
RP784: 6/15/2012 8:08:53 PM - Windows Update
RP785: 6/16/2012 1:25:50 AM - Windows Update
RP786: 6/16/2012 11:45:01 AM - Windows Update
RP787: 6/16/2012 11:56:01 PM - Windows Update
RP788: 6/17/2012 1:20:17 PM - Windows Update
RP789: 6/17/2012 2:21:38 PM - Windows Update
RP790: 6/17/2012 11:02:09 PM - Windows Update
RP791: 6/19/2012 12:48:24 AM - Windows Update
RP792: 6/19/2012 12:06:27 PM - Windows Update
RP793: 6/20/2012 1:38:15 PM - Windows Update
RP794: 6/20/2012 3:29:07 PM - Windows Update
RP795: 6/21/2012 6:02:55 PM - Windows Update
RP796: 6/21/2012 10:00:16 PM - Windows Update
RP797: 6/22/2012 12:45:16 PM - Windows Update
RP798: 6/23/2012 11:37:38 AM - Windows Update
RP799: 6/23/2012 4:45:35 PM - Windows Update
RP800: 6/24/2012 10:24:44 AM - Windows Update
RP801: 6/24/2012 10:32:07 AM - Installed Java(TM) 6 Update 33
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Media Live Encoder 3.2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.3
Amazon Links
Amazon MP3 Downloader 1.0.10
AnswerWorks 5.0 English Runtime
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Bejeweled 2 Deluxe
Bing Bar
BlitzIn 2.7
Bowl Bound College Football
Bridge Base Online
Bridge Buff 19
Brother HL-2140
ChatAssistant ver 3.1 build 1736
Chess Assistant 10
Chuzzle Deluxe
Color LaserJet 1600
Compatibility Pack for the 2007 Office system
Corel WinDVD
D3DX10
Dan Gordon's NFL Handicapping Companion
DominateGame 20050929 (dominate)
Download Updater (AOL LLC)
Dropbox
eMedia Piano and Keyboard Method
Escape Rosecliff Island
FATE - The Traitor Soul
FileZilla Client 3.5.0
FoxTab Media Player
Free File Viewer 2010
FreeTorrentDownloader
GameXN GO
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Guild Wars
Guitar Leads Series Master Volume
HDMI Control Manager
iCopyBot for Windows 7.2.1
Insaniquarium Deluxe 1.1
Intel(R) Control Center
Intel(R) Rapid Storage Technology
Ipswitch WS_FTP 12
Java Auto Updater
Java(TM) 6 Update 33
Jewel Quest 3
Junk Mail filter update
Label@Once 1.0
LeXpert 3.2
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Microsoft Corporation
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Business 2010 - English
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NOOK for PC
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
O2Micro Flash Memory Card Windows Driver
Objection Series 3.3
Outline 4D
Penguins!
Play65
PokerStars
Polar Bowler
Power Tab Editor 1.7
Print Server Driver
Quickbooks Financial Center
Quicken 2010
QuickTime
Realtek WLAN Driver
Scrivener Update
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Launcher
Skype Toolbars
Skype™ 5.3
South Point Poker
System Requirements Lab
TeamViewer 6
Title Bout Championship Boxing 2.5
TOSHIBA Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Trader Workstation
Trojan Killer 2.0
U.S. Legal Forms, Inc. Pleading Macro
Uninstall AOL Emergency Connect Utility 1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Viewpoint Media Player
Virtual Families
Virtual Villagers - The Secret City
WildTangent Games
WildTangent ORB Game Console
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 15.5
WordBiz version 1.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
6/24/2012 11:38:03 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
6/24/2012 11:34:23 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
6/24/2012 11:34:06 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
6/24/2012 11:34:05 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
6/24/2012 11:34:05 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
6/24/2012 11:34:05 AM, Error: Service Control Manager [7003] - The epfwwfpr service depends the following service: BFE. This service might not be installed.
6/24/2012 10:31:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Works 9 (KB2680317).
6/23/2012 3:57:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
6/23/2012 3:57:46 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
I'll put the other DDS log in a subsequent post.
 
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_33
Run by Dan at 11:59:44 on 2012-06-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4084.2652 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\windows\runservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
C:\windows\system32\DRIVERS\o2flash.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\vVX3000.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\ProgramData\GameXN\GameXNGO.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
C:\Program Files (x86)\Common Files\aol\1277704962\ee\aolsoftware.exe
C:\Program Files (x86)\Brownie\BrStsW64.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Brownie\brpjp04a.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
Q:\140062.enu\Office14\WINWORD.EXE
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\windows\splwow64.exe
C:\Program Files (x86)\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
C:\Program Files (x86)\AOL 9.5\waol.exe
C:\Program Files (x86)\AOL 9.5\shellmon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup
uRun: [b6jcgvAHL] C:\ProgramData\oy8XOlg2sbfSWB\Y5xkSVzVWD4sthWP\L55sp76B5np740\tkKLFoADIKs6k\SUjBQoPeYelf\bPw84MTuWvN35R\rNGZaBBdw.exe
uRun: [AOL Fast Start] "C:\Program Files (x86)\AOL 9.5\AOL.EXE" -b
mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1277704962\ee\AOLSoftware.exe
mRun: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [PrintServer Diagnostic] C:\Program Files (x86)\Print Server2\PTP\PSDiagnostic.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Dan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3FF33566-E6AB-451B-A61B-73160599AA5F} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{89AEED7C-6744-47E5-9429-8FBC86D5A94B} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{89AEED7C-6744-47E5-9429-8FBC86D5A94B}\34F42474F4C46423 : DhcpNameServer = 71.9.127.107 68.190.192.35 68.116.46.115 192.168.1.1 71.9.127.107 68.190.192.35 68.116.46.115
TCP: Interfaces\{89AEED7C-6744-47E5-9429-8FBC86D5A94B}\441667964637F6E6 : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
BHO-X64: AOL Toolbar Loader - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [HostManager] C:\Program Files (x86)\Common Files\AOL\1277704962\ee\AOLSoftware.exe
mRun-x64: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [PrintServer Diagnostic] C:\Program Files (x86)\Print Server2\PTP\PSDiagnostic.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\llnx2h19.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aolTB50CL-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-aolTB50CL-ab-en-us&query=
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - plugin: Q:\140062.enu\Office14\NPAUTHZ.DLL
FF - plugin: Q:\140062.enu\Office14\NPSPWRAP.DLL
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 eamonm;eamonm;C:\windows\system32\DRIVERS\eamonm.sys --> C:\windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-3-24 810120]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-4 13336]
R2 LicCtrlService;LicCtrl Service;C:\Windows\Runservice.exe [2011-11-17 2560]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-6-4 115056]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2010-6-4 126392]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-17 11032]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-13 994360]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-13 399416]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-6-6 2337144]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-9-28 251760]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]
R3 O2MDGRDR;O2MDGRDR;C:\windows\system32\DRIVERS\o2mdgx64.sys --> C:\windows\system32\DRIVERS\o2mdgx64.sys [?]
R3 O2SDGRDR;O2SDGRDR;C:\windows\system32\DRIVERS\o2sdgx64.sys --> C:\windows\system32\DRIVERS\o2sdgx64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 PSI;PSI;C:\windows\system32\DRIVERS\psi_mf.sys --> C:\windows\system32\DRIVERS\psi_mf.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-6-4 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 epfwwfpr;epfwwfpr;C:\windows\system32\DRIVERS\epfwwfpr.sys --> C:\windows\system32\DRIVERS\epfwwfpr.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-27 135664]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-27 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-6 113120]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-24 17:26:11 -------- d-----w- C:\Users\Dan\AppData\Local\{F79465AE-734E-455C-8B3B-801112C059C1}
2012-06-24 17:25:53 -------- d-----w- C:\Users\Dan\AppData\Local\{29B7DFE9-5C92-431B-A3EB-F5621F6BF397}
2012-06-23 23:01:04 -------- d-----w- C:\Program Files\CCleaner
2012-06-23 22:41:23 -------- d-----w- C:\ProgramData\HitmanPro
2012-06-23 18:35:10 -------- d-----w- C:\Users\Dan\AppData\Local\{5B60CA59-52AF-46E4-8E9E-205F0ECD97F2}
2012-06-23 18:34:53 -------- d-----w- C:\Users\Dan\AppData\Local\{B8E1E2AB-2880-491C-92A4-450657118565}
2012-06-23 04:23:24 -------- d-sh--w- C:\ProgramData\oy8XOlg2sbfSWB
2012-06-23 04:23:05 29097015 ----a-w- C:\ProgramData\uJ422WwP.exe
2012-06-23 03:31:36 -------- d-----w- C:\Users\Dan\AppData\Local\{47EB55E3-B76E-4A73-BA92-2B3DF38B530D}
2012-06-23 03:31:24 -------- d-----w- C:\Users\Dan\AppData\Local\{D6B6EAAA-4B65-4B6E-A05D-0A90D7EF4983}
2012-06-22 15:30:30 -------- d-----w- C:\Users\Dan\AppData\Local\{462A3DEA-58D6-4AAD-AB1A-DA3E42210BF7}
2012-06-22 15:30:14 -------- d-----w- C:\Users\Dan\AppData\Local\{1BF58B33-662B-4CEC-97BA-4AD71BE29833}
2012-06-21 18:05:06 -------- d-----w- C:\Users\Dan\AppData\Local\{58766833-6E73-46BD-9C88-692D274EC3B4}
2012-06-21 18:04:48 -------- d-----w- C:\Users\Dan\AppData\Local\{8467169C-71EA-478E-847B-6939DE23BF30}
2012-06-20 20:36:25 -------- d-----w- C:\Users\Dan\AppData\Local\{3F805B19-C8A5-4947-B622-A3E5060C7F6B}
2012-06-20 20:36:11 -------- d-----w- C:\Users\Dan\AppData\Local\{BC92BB70-B2FF-4304-9BEC-C7E8709C92F3}
2012-06-19 17:11:41 -------- d-----w- C:\Users\Dan\AppData\Local\{89736433-B6FE-4F20-9C49-B62CF3B27638}
2012-06-19 17:11:20 -------- d-----w- C:\Users\Dan\AppData\Local\{40B5B994-7C26-430A-875A-0A9BB6F773EB}
2012-06-19 02:54:52 -------- d-----w- C:\Users\Dan\AppData\Local\{DFC9DD8D-34C5-4812-AA81-42AC6ACE1FDC}
2012-06-19 02:54:37 -------- d-----w- C:\Users\Dan\AppData\Local\{263406F1-F975-494F-8BBB-6F78A94B101B}
2012-06-17 20:25:56 -------- d-----w- C:\Users\Dan\AppData\Local\{D2E3C0E5-9A2D-4BAC-AA23-300EF61B374A}
2012-06-17 05:48:04 -------- d-----w- C:\Users\Dan\AppData\Local\{A1AACBB3-0723-4E7F-9B72-49CBCADDABD9}
2012-06-16 17:47:39 -------- d-----w- C:\Users\Dan\AppData\Local\{8282D691-3842-4EFE-9614-C69D714C13F1}
2012-06-16 05:47:11 -------- d-----w- C:\Users\Dan\AppData\Local\{68F4BAA2-74D6-4117-A900-EA5196DD0BEC}
2012-06-15 16:20:34 -------- d-----w- C:\Users\Dan\AppData\Local\{C650D261-256C-4E1B-A0BB-020A1F7BE532}
2012-06-15 04:20:06 -------- d-----w- C:\Users\Dan\AppData\Local\{78E68589-4CE1-4DD2-A874-8BBE76D367DE}
2012-06-14 16:19:18 -------- d-----w- C:\Users\Dan\AppData\Local\{21DD5BDE-8387-460F-846B-C339AAA6A3C0}
2012-06-14 16:19:03 -------- d-----w- C:\Users\Dan\AppData\Local\{77914D45-87F9-4D2D-BA29-A23E012450C1}
2012-06-13 23:20:05 -------- d-----w- C:\Users\Dan\AppData\Local\{E5B2E040-E0D8-40EA-81DB-30A6911D3D94}
2012-06-13 23:19:49 -------- d-----w- C:\Users\Dan\AppData\Local\{5FD13A09-CFCD-4764-AA34-A329A7788806}
2012-06-13 03:57:53 209920 ----a-w- C:\windows\System32\profsvc.dll
2012-06-12 22:57:48 -------- d-----w- C:\Users\Dan\AppData\Local\{FDC6DEB4-966C-493F-9B38-FBE986EF9EB3}
2012-06-12 22:57:37 -------- d-----w- C:\Users\Dan\AppData\Local\{A12A2DA5-3760-4E03-B915-4F161C19B80F}
2012-06-12 03:59:46 -------- d-----w- C:\Users\Dan\AppData\Local\{41189B82-BC2F-45DC-8266-8880BFFB08FD}
2012-06-12 03:59:26 -------- d-----w- C:\Users\Dan\AppData\Local\{111BFB54-846E-4130-836C-90869241A26B}
2012-06-11 15:58:41 -------- d-----w- C:\Users\Dan\AppData\Local\{E641F3C7-8293-4D2B-B8FF-9E30883C2655}
2012-06-11 15:58:28 -------- d-----w- C:\Users\Dan\AppData\Local\{56E267E5-387D-46CE-8A42-42049EB91D05}
2012-06-10 20:14:24 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-10 20:14:24 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-10 20:13:53 -------- d-----w- C:\Users\Dan\AppData\Local\{C9503E2B-804A-48F5-872F-321082F4B86C}
2012-06-10 20:13:36 -------- d-----w- C:\Users\Dan\AppData\Local\{8BC3E36F-16A8-4EA4-83EE-A1326A3E78DE}
2012-06-08 23:42:06 -------- d-----w- C:\Users\Dan\AppData\Local\{A9C6A9A1-4E26-4885-8ADE-C6885CF9B5AC}
2012-06-08 23:41:47 -------- d-----w- C:\Users\Dan\AppData\Local\{71ACB9E0-A185-4791-9337-5759BE383566}
2012-06-08 08:25:09 -------- d-----w- C:\Users\Dan\AppData\Local\{49A21C5B-FCB5-473B-A78E-05294CDE7826}
2012-06-08 08:24:58 -------- d-----w- C:\Users\Dan\AppData\Local\{6DD6DB93-46E3-4C9E-848C-705354F25127}
2012-06-07 20:24:16 -------- d-----w- C:\Users\Dan\AppData\Local\{79A065FF-B7C6-430C-8117-C9430B155E31}
2012-06-07 20:23:57 -------- d-----w- C:\Users\Dan\AppData\Local\{752978B8-AEA8-44F0-B96E-E06B49D0D59A}
2012-06-06 04:59:39 -------- d-----w- C:\Users\Dan\AppData\Local\{821061D1-D322-4496-94C2-09A92F13061A}
2012-06-06 04:59:28 -------- d-----w- C:\Users\Dan\AppData\Local\{2EFEDE88-BFE0-442F-A7EA-88EF89F8E68C}
2012-06-05 16:58:29 -------- d-----w- C:\Users\Dan\AppData\Local\{FABB7EBA-DD0E-4F0B-835E-0B19EF3DD37D}
2012-06-05 16:58:03 -------- d-----w- C:\Users\Dan\AppData\Local\{51615FE9-90DF-4F8D-B8EB-9B2EF30D3BD4}
2012-06-04 21:53:09 -------- d-----w- C:\Users\Dan\AppData\Local\{FC9895D4-A797-4891-B57E-B79527AEC425}
2012-06-04 21:52:50 -------- d-----w- C:\Users\Dan\AppData\Local\{83FB3A40-D85A-4E9F-92C1-25CD439747C4}
2012-06-04 06:45:25 -------- d-----w- C:\Users\Dan\AppData\Local\{6633E12F-4D54-4C0E-B956-F72F765218A3}
2012-06-04 06:45:13 -------- d-----w- C:\Users\Dan\AppData\Local\{D3683D46-E858-42F5-AA0D-AE66A75CEF20}
2012-06-03 18:44:06 -------- d-----w- C:\Users\Dan\AppData\Local\{D5E4C774-8545-43FF-8DCC-E487C254BE27}
2012-06-03 18:43:43 -------- d-----w- C:\Users\Dan\AppData\Local\{E0A5F164-2439-4A8F-B3DC-E9BA5478F09B}
2012-06-02 17:54:56 -------- d-----w- C:\Users\Dan\AppData\Local\{70E18275-E556-474E-BA88-61EE658021D8}
2012-06-02 17:54:36 -------- d-----w- C:\Users\Dan\AppData\Local\{04F91AEA-BC05-4918-9E1A-E6BE7D1CD91A}
2012-06-01 06:05:40 -------- d-----w- C:\Users\Dan\AppData\Local\{9479528B-C7FD-4CA5-8F30-DC8218E8854C}
2012-06-01 06:05:28 -------- d-----w- C:\Users\Dan\AppData\Local\{FC8E1B6E-C056-47E4-AB55-F41541785F45}
2012-05-31 18:05:03 -------- d-----w- C:\Users\Dan\AppData\Local\{A54FD627-1AD7-41E4-B16E-84386F7F511E}
2012-05-31 18:04:52 -------- d-----w- C:\Users\Dan\AppData\Local\{AF75446C-8B0F-41E7-94AB-22791F6CE9E4}
2012-05-31 06:04:08 -------- d-----w- C:\Users\Dan\AppData\Local\{46B3CB02-A9CE-4461-9A5A-9A47DD343687}
2012-05-31 06:03:52 -------- d-----w- C:\Users\Dan\AppData\Local\{982B8334-593F-42D6-B482-66EC3CDBE88A}
2012-05-30 17:39:46 -------- d-----w- C:\Users\Dan\AppData\Local\{C7776F67-7AD8-4EE9-895D-84A4CAE54376}
2012-05-30 17:39:35 -------- d-----w- C:\Users\Dan\AppData\Local\{58AEFD87-2EE9-4126-80B6-A695DD139A71}
2012-05-30 05:38:58 -------- d-----w- C:\Users\Dan\AppData\Local\{492891C4-C086-4FF4-BC99-ECF86C48ED4A}
2012-05-30 05:38:45 -------- d-----w- C:\Users\Dan\AppData\Local\{BF958220-E1D7-4EED-B74C-AA1C0AA283CE}
2012-05-28 18:11:55 -------- d-----w- C:\Users\Dan\AppData\Local\{E7596530-23A1-4EC4-B72C-DEFF82DE2270}
2012-05-28 18:11:34 -------- d-----w- C:\Users\Dan\AppData\Local\{02990671-A653-4596-B7FE-28DC2C23DECD}
2012-05-26 20:20:28 -------- d-----w- C:\Users\Dan\AppData\Local\{1315FE5D-8096-4521-AD01-4625F9E0B3FF}
2012-05-26 20:20:15 -------- d-----w- C:\Users\Dan\AppData\Local\{3FF03AF4-DAD9-457C-B2B0-84FEE8F469C8}
2012-05-26 01:31:57 -------- d-----w- C:\Users\Dan\AppData\Local\{94706BBA-5E5D-466D-8106-61612179C09C}
2012-05-26 01:31:42 -------- d-----w- C:\Users\Dan\AppData\Local\{2A8FC5CD-D1E8-4114-8065-12A4ADD54F4E}
.
==================== Find3M ====================
.
2012-06-24 18:34:05 4001 --sha-w- C:\windows\SysWow64\mmf.sys
2012-05-15 09:29:47 889664 ----a-w- C:\windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- C:\windows\System32\nvshext.dll
2012-05-15 09:29:46 2561856 ----a-w- C:\windows\System32\nvsvcr.dll
2012-05-15 09:29:46 118080 ----a-w- C:\windows\System32\nvmctray.dll
2012-05-15 09:29:25 3149632 ----a-w- C:\windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\windows\System32\nvcpl.dll
2012-05-15 04:01:31 1188864 ----a-w- C:\windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2012-05-15 01:32:33 3146752 ----a-w- C:\windows\System32\win32k.sys
2012-05-09 19:21:41 476936 ----a-w- C:\windows\SysWow64\npdeployJava1.dll
2012-05-09 19:21:36 472840 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2012-04-20 03:45:41 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2012-04-20 03:16:44 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-04-18 17:08:08 31040 ----a-w- C:\windows\System32\nvhdap64.dll
2012-04-18 17:08:03 188736 ----a-w- C:\windows\System32\drivers\nvhda64v.sys
2012-04-18 17:08:02 1451840 ----a-w- C:\windows\System32\nvhdagenco6420103.dll
2012-04-07 12:31:40 3216384 ----a-w- C:\windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\windows\SysWow64\msi.dll
2012-04-04 22:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
.
============= FINISH: 12:00:17.44 ===============

Thanks in advance for all you guys do.
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Should I disable ESET at this point? Log is too long for one post; I'm breaking it up.



Scan result of Farbar Recovery Scan Tool Version: 24-06-2012
Ran by SYSTEM at 24-06-2012 13:37:52
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [] [x]
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 2009-07-16] ()
HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [508472 2009-10-09] (Conexant Systems, Inc.)
HKLM\...\Run: [HDMICtrlMan] %ProgramFiles%\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [1032536 2009-10-23] (TOSHIBA Corporation.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1810728 2009-07-30] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [910136 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1482592 2009-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [707416 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] C:\windows\system32\thpsrv /logon [x]
HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [2839840 2010-03-24] (ESET)
HKLM\...\Run: [VX3000] C:\windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %programFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [x]
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED [529256 2009-08-09] (Toshiba)
HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2454840 2009-11-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1277704962\ee\AOLSoftware.exe [41800 2010-02-10] (AOL Inc.)
HKLM-x32\...\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun [3695928 2009-08-19] (brother)
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2010-12-13] (Apple Inc.)
HKLM-x32\...\Run: [PrintServer Diagnostic] C:\Program Files (x86)\Print Server2\PTP\PSDiagnostic.exe [266240 2004-11-24] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Dan\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-04-13] (Google Inc.)
HKU\Dan\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6276408 2011-08-22] (Yahoo! Inc.)
HKU\Dan\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Dan\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [15146376 2011-04-18] (Skype Technologies S.A.)
HKU\Dan\...\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup [347008 2011-09-09] (EasyBits Software AS)
HKU\Dan\...\Run: [b6jcgvAHL] C:\ProgramData\oy8XOlg2sbfSWB\Y5xkSVzVWD4sthWP\L55sp76B5np740\tkKLFoADIKs6k\SUjBQoPeYelf\bPw84MTuWvN35R\rNGZaBBdw.exe [31231801 2012-06-22] (Nrsft)
HKU\Dan\...\Run: [AOL Fast Start] "C:\Program Files (x86)\AOL 9.5\AOL.EXE" -b [29520 2010-03-23] (AOL Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Dan\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

3 AOL ACS; "C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe" [46640 2006-10-23] (AOL LLC)
3 EhttpSrv; "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [42336 2010-03-24] (ESET)
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [810120 2010-03-24] (ESET)
2 IviRegMgr; "C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe" [112152 2007-01-04] (InterVideo)
2 LicCtrlService; C:\windows\runservice.exe [2560 2011-11-17] ()
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe /s [115056 2010-09-01] (Symantec Corporation)
2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll" /prefetch:1 [132984 2009-08-29] (Symantec Corporation)
2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation)
2 Secunia PSI Agent; "C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service [994360 2011-10-13] (Secunia)
2 Secunia Update Agent; "C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service [399416 2011-10-13] (Secunia)
3 WinHttpAutoProxySvc; winhttp.dll [444416 2010-11-20] (Microsoft Corporation)
3 WinHttpAutoProxySvc; winhttp.dll [351232 2010-11-20] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [163888 2010-03-24] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [139704 2010-03-24] (ESET)
2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [124760 2010-03-24] (ESET)
3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [49568 2009-08-18] (O2Micro )
3 QIOMem; C:\Windows\System32\Drivers\QIOMem.sys [12800 2009-06-15] (TOSHIBA)
2 regi; C:\Windows\System32\Drivers\regi.sys [14112 2007-04-17] (InterVideo)
2 regi; C:\Windows\SysWow64\Drivers\regi.sys [11032 2007-04-17] (InterVideo)
3 tosrfec; C:\Windows\System32\Drivers\tosrfec.sys [19824 2009-07-13] (TOSHIBA Corporation)
0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [26840 2009-07-14] (TOSHIBA Corporation)
3 VX3000; C:\Windows\System32\Drivers\VX3000.sys [2060144 2010-05-20] (Microsoft Corporation)
3 wanatw; C:\Windows\System32\DRIVERS\wanatw64.sys [24064 2006-11-29] (America Online, Inc.)
1 SASDIFSV; \??\C:\Users\Dan\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
1 SASKUTIL; \??\C:\Users\Dan\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
3 Tosrfcom; [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-24 12:14 - 2012-06-24 12:14 - 01425489 ____A C:\Users\Dan\Desktop\FRST64.exe
2012-06-24 10:57 - 2012-06-24 10:57 - 00607260 ____R (Swearware) C:\Users\Dan\Desktop\dds.scr
2012-06-24 10:45 - 2012-06-24 10:45 - 00302592 ____A C:\Users\Dan\Desktop\62jzi7hk.exe
2012-06-24 09:33 - 2012-05-09 11:18 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-06-24 09:33 - 2012-05-09 11:17 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-06-24 09:33 - 2012-05-09 11:17 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-06-24 09:32 - 2012-06-24 09:33 - 00004357 ____A C:\Windows\SysWOW64\jupdate-1.6.0_33-b03.log
2012-06-24 09:26 - 2012-06-24 09:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{F79465AE-734E-455C-8B3B-801112C059C1}
2012-06-24 09:25 - 2012-06-24 09:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{29B7DFE9-5C92-431B-A3EB-F5621F6BF397}
2012-06-24 09:22 - 2012-06-24 12:27 - 00000224 ____A C:\Windows\setupact.log
2012-06-24 09:22 - 2012-06-24 09:22 - 00000000 ____A C:\Windows\setuperr.log
2012-06-23 15:10 - 2012-06-23 15:10 - 08828112 ____A (SurfRight B.V.) C:\Users\Dan\Downloads\HitmanPro36_x64(1).exe
2012-06-23 15:01 - 2012-06-23 15:01 - 00000833 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-06-23 15:01 - 2012-06-23 15:01 - 00000000 ____D C:\Program Files\CCleaner
2012-06-23 15:00 - 2012-06-23 15:00 - 03862112 ____A (Piriform Ltd) C:\Users\Dan\Downloads\ccsetup319.exe
2012-06-23 14:41 - 2012-06-23 14:54 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-06-23 14:41 - 2012-06-23 14:42 - 08828112 ____A (SurfRight B.V.) C:\Users\Dan\Downloads\HitmanPro36_x64.exe
2012-06-23 14:40 - 2012-06-23 14:41 - 07712104 ____A (SurfRight B.V.) C:\Users\Dan\Downloads\HitmanPro36.exe
2012-06-23 14:38 - 2012-06-23 14:38 - 02128472 ____A (Kaspersky Lab ZAO) C:\Users\Dan\Downloads\tdsskiller(1).exe
2012-06-23 10:35 - 2012-06-23 10:35 - 00000000 ____D C:\Users\Dan\AppData\Local\{5B60CA59-52AF-46E4-8E9E-205F0ECD97F2}
2012-06-23 10:34 - 2012-06-23 10:35 - 00000000 ____D C:\Users\Dan\AppData\Local\{B8E1E2AB-2880-491C-92A4-450657118565}
2012-06-22 20:23 - 2012-06-22 20:23 - 29097015 ____A (Nrsft) C:\Users\All Users\uJ422WwP.exe
2012-06-22 20:23 - 2012-06-22 20:23 - 00000208 ____A C:\Users\All Users\6c2c9f7c19cc348bc2ecb60e6fdb722fe298a6fd
2012-06-22 20:23 - 2012-06-22 20:23 - 00000000 __SHD C:\Users\All Users\oy8XOlg2sbfSWB
2012-06-22 19:31 - 2012-06-22 19:31 - 00000000 ____D C:\Users\Dan\AppData\Local\{D6B6EAAA-4B65-4B6E-A05D-0A90D7EF4983}
2012-06-22 19:31 - 2012-06-22 19:31 - 00000000 ____D C:\Users\Dan\AppData\Local\{47EB55E3-B76E-4A73-BA92-2B3DF38B530D}
2012-06-22 14:28 - 2012-06-22 14:29 - 510126615 ____A C:\Users\Dan\Desktop\21741.mov
2012-06-22 07:30 - 2012-06-22 07:30 - 00000000 ____D C:\Users\Dan\AppData\Local\{462A3DEA-58D6-4AAD-AB1A-DA3E42210BF7}
2012-06-22 07:30 - 2012-06-22 07:30 - 00000000 ____D C:\Users\Dan\AppData\Local\{1BF58B33-662B-4CEC-97BA-4AD71BE29833}
2012-06-21 10:05 - 2012-06-21 10:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{58766833-6E73-46BD-9C88-692D274EC3B4}
2012-06-21 10:04 - 2012-06-21 10:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{8467169C-71EA-478E-847B-6939DE23BF30}
2012-06-20 12:36 - 2012-06-20 12:36 - 00000000 ____D C:\Users\Dan\AppData\Local\{BC92BB70-B2FF-4304-9BEC-C7E8709C92F3}
2012-06-20 12:36 - 2012-06-20 12:36 - 00000000 ____D C:\Users\Dan\AppData\Local\{3F805B19-C8A5-4947-B622-A3E5060C7F6B}
2012-06-19 10:34 - 2012-06-19 10:34 - 00048749 ____A C:\Users\Dan\Desktop\snap_3e5d0bc6fa8483d498f9477dbfabbcc5.png
2012-06-19 10:19 - 2012-06-19 10:19 - 00038628 ____A C:\Users\Dan\Desktop\abra.png
2012-06-19 09:11 - 2012-06-19 09:11 - 00000000 ____D C:\Users\Dan\AppData\Local\{89736433-B6FE-4F20-9C49-B62CF3B27638}
2012-06-19 09:11 - 2012-06-19 09:11 - 00000000 ____D C:\Users\Dan\AppData\Local\{40B5B994-7C26-430A-875A-0A9BB6F773EB}
2012-06-18 18:54 - 2012-06-18 18:55 - 00000000 ____D C:\Users\Dan\AppData\Local\{DFC9DD8D-34C5-4812-AA81-42AC6ACE1FDC}
2012-06-18 18:54 - 2012-06-18 18:54 - 00000000 ____D C:\Users\Dan\AppData\Local\{263406F1-F975-494F-8BBB-6F78A94B101B}
2012-06-17 12:25 - 2012-06-17 12:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{D2E3C0E5-9A2D-4BAC-AA23-300EF61B374A}
2012-06-16 21:48 - 2012-06-16 21:48 - 00000000 ____D C:\Users\Dan\AppData\Local\{A1AACBB3-0723-4E7F-9B72-49CBCADDABD9}
2012-06-16 09:47 - 2012-06-16 09:47 - 00000000 ____D C:\Users\Dan\AppData\Local\{8282D691-3842-4EFE-9614-C69D714C13F1}
2012-06-15 21:47 - 2012-06-15 21:47 - 00000000 ____D C:\Users\Dan\AppData\Local\{68F4BAA2-74D6-4117-A900-EA5196DD0BEC}
2012-06-15 08:20 - 2012-06-15 08:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{C650D261-256C-4E1B-A0BB-020A1F7BE532}
2012-06-14 21:17 - 2012-06-14 21:17 - 00000000 ____D C:\Users\Dan\Downloads\Campus Prep Course Book.scriv
2012-06-14 20:20 - 2012-06-14 20:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{78E68589-4CE1-4DD2-A874-8BBE76D367DE}
2012-06-14 08:19 - 2012-06-14 08:19 - 00000000 ____D C:\Users\Dan\AppData\Local\{77914D45-87F9-4D2D-BA29-A23E012450C1}
2012-06-14 08:19 - 2012-06-14 08:19 - 00000000 ____D C:\Users\Dan\AppData\Local\{21DD5BDE-8387-460F-846B-C339AAA6A3C0}
2012-06-13 15:20 - 2012-06-13 15:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{E5B2E040-E0D8-40EA-81DB-30A6911D3D94}
2012-06-13 15:19 - 2012-06-13 15:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{5FD13A09-CFCD-4764-AA34-A329A7788806}
2012-06-12 19:58 - 2012-05-14 20:01 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-12 19:58 - 2012-05-14 19:59 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-12 19:58 - 2012-05-14 19:03 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-12 19:58 - 2012-05-14 19:00 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-12 19:58 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-12 19:58 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-12 19:58 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-12 19:58 - 2012-04-19 21:42 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-12 19:58 - 2012-04-19 21:42 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-12 19:58 - 2012-04-19 21:42 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-12 19:58 - 2012-04-19 21:42 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-12 19:58 - 2012-04-19 21:42 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-12 19:58 - 2012-04-19 21:42 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-12 19:58 - 2012-04-19 21:42 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-12 19:58 - 2012-04-19 21:42 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-12 19:58 - 2012-04-19 21:00 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-12 19:58 - 2012-04-19 21:00 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-12 19:58 - 2012-04-19 20:57 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-12 19:58 - 2012-04-19 20:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-06-12 19:58 - 2012-04-19 20:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-12 19:58 - 2012-04-19 20:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-12 19:58 - 2012-04-19 20:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-12 19:58 - 2012-04-19 20:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-12 19:58 - 2012-04-19 19:45 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-12 19:58 - 2012-04-19 19:16 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-12 19:58 - 2012-04-16 21:31 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-12 19:58 - 2012-04-16 20:34 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-12 19:57 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 19:57 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-12 19:57 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-12 19:57 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-12 19:57 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-12 19:57 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-12 19:57 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-12 19:57 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-12 19:57 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-12 19:57 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-12 19:57 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-12 19:57 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-12 19:57 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-12 19:57 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-12 14:57 - 2012-06-12 14:57 - 00000000 ____D C:\Users\Dan\AppData\Local\{FDC6DEB4-966C-493F-9B38-FBE986EF9EB3}
2012-06-12 14:57 - 2012-06-12 14:57 - 00000000 ____D C:\Users\Dan\AppData\Local\{A12A2DA5-3760-4E03-B915-4F161C19B80F}
2012-06-11 19:59 - 2012-06-11 19:59 - 00000000 ____D C:\Users\Dan\AppData\Local\{41189B82-BC2F-45DC-8266-8880BFFB08FD}
2012-06-11 19:59 - 2012-06-11 19:59 - 00000000 ____D C:\Users\Dan\AppData\Local\{111BFB54-846E-4130-836C-90869241A26B}
2012-06-11 07:58 - 2012-06-11 07:58 - 00000000 ____D C:\Users\Dan\AppData\Local\{E641F3C7-8293-4D2B-B8FF-9E30883C2655}
2012-06-11 07:58 - 2012-06-11 07:58 - 00000000 ____D C:\Users\Dan\AppData\Local\{56E267E5-387D-46CE-8A42-42049EB91D05}
2012-06-10 12:30 - 2012-06-10 12:50 - 00140950 ____A C:\Users\Dan\Desktop\Oversold_Draft.rtf
2012-06-10 12:13 - 2012-06-10 12:14 - 00000000 ____D C:\Users\Dan\AppData\Local\{C9503E2B-804A-48F5-872F-321082F4B86C}
2012-06-10 12:13 - 2012-06-10 12:13 - 00000000 ____D C:\Users\Dan\AppData\Local\{8BC3E36F-16A8-4EA4-83EE-A1326A3E78DE}
2012-06-08 15:42 - 2012-06-08 15:42 - 00000000 ____D C:\Users\Dan\AppData\Local\{A9C6A9A1-4E26-4885-8ADE-C6885CF9B5AC}
2012-06-08 15:41 - 2012-06-08 15:42 - 00000000 ____D C:\Users\Dan\AppData\Local\{71ACB9E0-A185-4791-9337-5759BE383566}
2012-06-08 00:25 - 2012-06-08 00:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{49A21C5B-FCB5-473B-A78E-05294CDE7826}
2012-06-08 00:24 - 2012-06-08 00:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{6DD6DB93-46E3-4C9E-848C-705354F25127}
2012-06-07 12:24 - 2012-06-07 12:24 - 00000000 ____D C:\Users\Dan\AppData\Local\{79A065FF-B7C6-430C-8117-C9430B155E31}
2012-06-07 12:23 - 2012-06-07 12:24 - 00000000 ____D C:\Users\Dan\AppData\Local\{752978B8-AEA8-44F0-B96E-E06B49D0D59A}
2012-06-05 20:59 - 2012-06-05 20:59 - 00000000 ____D C:\Users\Dan\AppData\Local\{821061D1-D322-4496-94C2-09A92F13061A}
2012-06-05 20:59 - 2012-06-05 20:59 - 00000000 ____D C:\Users\Dan\AppData\Local\{2EFEDE88-BFE0-442F-A7EA-88EF89F8E68C}
2012-06-05 08:58 - 2012-06-05 08:58 - 00000000 ____D C:\Users\Dan\AppData\Local\{FABB7EBA-DD0E-4F0B-835E-0B19EF3DD37D}
2012-06-05 08:58 - 2012-06-05 08:58 - 00000000 ____D C:\Users\Dan\AppData\Local\{51615FE9-90DF-4F8D-B8EB-9B2EF30D3BD4}
2012-06-04 13:53 - 2012-06-04 13:53 - 00000000 ____D C:\Users\Dan\AppData\Local\{FC9895D4-A797-4891-B57E-B79527AEC425}
2012-06-04 13:52 - 2012-06-04 13:53 - 00000000 ____D C:\Users\Dan\AppData\Local\{83FB3A40-D85A-4E9F-92C1-25CD439747C4}
2012-06-03 22:45 - 2012-06-03 22:45 - 00000000 ____D C:\Users\Dan\AppData\Local\{D3683D46-E858-42F5-AA0D-AE66A75CEF20}
2012-06-03 22:45 - 2012-06-03 22:45 - 00000000 ____D C:\Users\Dan\AppData\Local\{6633E12F-4D54-4C0E-B956-F72F765218A3}
2012-06-03 17:51 - 2012-06-03 18:18 - 00114236 ____A C:\Users\Dan\Desktop\oversold.rtf
2012-06-03 10:44 - 2012-06-03 10:44 - 00000000 ____D C:\Users\Dan\AppData\Local\{D5E4C774-8545-43FF-8DCC-E487C254BE27}
2012-06-03 10:43 - 2012-06-03 10:43 - 00000000 ____D C:\Users\Dan\AppData\Local\{E0A5F164-2439-4A8F-B3DC-E9BA5478F09B}
2012-06-02 09:54 - 2012-06-02 09:55 - 00000000 ____D C:\Users\Dan\AppData\Local\{70E18275-E556-474E-BA88-61EE658021D8}
2012-06-02 09:54 - 2012-06-02 09:54 - 00000000 ____D C:\Users\Dan\AppData\Local\{04F91AEA-BC05-4918-9E1A-E6BE7D1CD91A}
2012-05-31 22:05 - 2012-05-31 22:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{FC8E1B6E-C056-47E4-AB55-F41541785F45}
2012-05-31 22:05 - 2012-05-31 22:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{9479528B-C7FD-4CA5-8F30-DC8218E8854C}
 
2012-05-31 10:07 - 2012-05-31 10:07 - 00000000 ____D C:\Users\Dan\Downloads\oversold backup.scriv
2012-05-31 10:05 - 2012-05-31 10:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{A54FD627-1AD7-41E4-B16E-84386F7F511E}
2012-05-31 10:04 - 2012-05-31 10:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{AF75446C-8B0F-41E7-94AB-22791F6CE9E4}
2012-05-30 22:04 - 2012-05-30 22:04 - 00000000 ____D C:\Users\Dan\AppData\Local\{46B3CB02-A9CE-4461-9A5A-9A47DD343687}
2012-05-30 22:03 - 2012-05-30 22:04 - 00000000 ____D C:\Users\Dan\AppData\Local\{982B8334-593F-42D6-B482-66EC3CDBE88A}
2012-05-30 09:39 - 2012-05-30 09:39 - 00000000 ____D C:\Users\Dan\AppData\Local\{C7776F67-7AD8-4EE9-895D-84A4CAE54376}
2012-05-30 09:39 - 2012-05-30 09:39 - 00000000 ____D C:\Users\Dan\AppData\Local\{58AEFD87-2EE9-4126-80B6-A695DD139A71}
2012-05-29 23:09 - 2012-05-29 23:09 - 00000000 ____D C:\Users\Dan\Downloads\Mystery.scriv
2012-05-29 23:04 - 2012-05-29 23:04 - 00000000 ____D C:\Users\Dan\Downloads\Mystery Project.scriv
2012-05-29 21:38 - 2012-05-29 21:39 - 00000000 ____D C:\Users\Dan\AppData\Local\{492891C4-C086-4FF4-BC99-ECF86C48ED4A}
2012-05-29 21:38 - 2012-05-29 21:38 - 00000000 ____D C:\Users\Dan\AppData\Local\{BF958220-E1D7-4EED-B74C-AA1C0AA283CE}
2012-05-28 10:11 - 2012-05-28 10:12 - 00000000 ____D C:\Users\Dan\AppData\Local\{E7596530-23A1-4EC4-B72C-DEFF82DE2270}
2012-05-28 10:11 - 2012-05-28 10:11 - 00000000 ____D C:\Users\Dan\AppData\Local\{02990671-A653-4596-B7FE-28DC2C23DECD}
2012-05-26 12:20 - 2012-05-26 12:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{3FF03AF4-DAD9-457C-B2B0-84FEE8F469C8}
2012-05-26 12:20 - 2012-05-26 12:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{1315FE5D-8096-4521-AD01-4625F9E0B3FF}
2012-05-25 17:31 - 2012-05-25 17:32 - 00000000 ____D C:\Users\Dan\AppData\Local\{94706BBA-5E5D-466D-8106-61612179C09C}
2012-05-25 17:31 - 2012-05-25 17:31 - 00000000 ____D C:\Users\Dan\AppData\Local\{2A8FC5CD-D1E8-4114-8065-12A4ADD54F4E}


============ 3 Months Modified Files and Folders =============

2012-06-24 13:38 - 2012-06-24 13:37 - 00000000 ____D C:\FRST
2012-06-24 12:31 - 2010-08-06 10:45 - 00000286 ___AH C:\Windows\Brownie.ini
2012-06-24 12:31 - 2010-06-04 01:38 - 02053262 ____A C:\Windows\WindowsUpdate.log
2012-06-24 12:31 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-24 12:31 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-24 12:28 - 2011-09-09 11:27 - 00000000 ____D C:\Users\All Users\GameXN
2012-06-24 12:28 - 2011-06-08 13:14 - 00000000 ___RD C:\Users\Dan\Dropbox
2012-06-24 12:28 - 2011-06-08 13:12 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Dropbox
2012-06-24 12:27 - 2012-06-24 09:22 - 00000224 ____A C:\Windows\setupact.log
2012-06-24 12:27 - 2011-03-22 15:43 - 00000000 ____D C:\Users\Dan\Tracing
2012-06-24 12:27 - 2010-11-24 20:50 - 00004001 __ASH C:\Windows\SysWOW64\mmf.sys
2012-06-24 12:27 - 2010-11-10 22:17 - 00000398 ____A C:\Windows\Tasks\Free File Viewer Update Checker.job
2012-06-24 12:27 - 2010-06-27 21:37 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-24 12:27 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-24 12:20 - 2010-06-27 21:28 - 00086200 ____A C:\Users\Dan\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-24 12:18 - 2010-06-29 20:01 - 00000000 ____D C:\Users\Dan\AppData\Roaming\SoftGrid Client
2012-06-24 12:17 - 2011-10-13 11:04 - 00000000 ____D C:\Users\Dan\Desktop\LSAT
2012-06-24 12:17 - 2009-07-13 21:13 - 00727334 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-24 12:14 - 2012-06-24 12:14 - 01425489 ____A C:\Users\Dan\Desktop\FRST64.exe
2012-06-24 11:44 - 2010-06-27 21:37 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-24 10:57 - 2012-06-24 10:57 - 00607260 ____R (Swearware) C:\Users\Dan\Desktop\dds.scr
2012-06-24 10:48 - 2010-07-02 09:46 - 00000000 ____D C:\Users\Dan\Documents\Outlook Files
2012-06-24 10:45 - 2012-06-24 10:45 - 00302592 ____A C:\Users\Dan\Desktop\62jzi7hk.exe
2012-06-24 10:25 - 2010-09-04 07:41 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Skype
2012-06-24 09:33 - 2012-06-24 09:32 - 00004357 ____A C:\Windows\SysWOW64\jupdate-1.6.0_33-b03.log
2012-06-24 09:33 - 2010-04-13 18:17 - 00000000 ____D C:\Program Files (x86)\Java
2012-06-24 09:26 - 2012-06-24 09:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{F79465AE-734E-455C-8B3B-801112C059C1}
2012-06-24 09:26 - 2012-06-24 09:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{29B7DFE9-5C92-431B-A3EB-F5621F6BF397}
2012-06-24 09:26 - 2010-11-08 08:20 - 00000000 ____D C:\Users\Dan\AppData\Local\Windows Live
2012-06-24 09:24 - 2011-05-28 10:08 - 00000000 ____D C:\Users\Dan\AppData\Roaming\go
2012-06-24 09:22 - 2012-06-24 09:22 - 00000000 ____A C:\Windows\setuperr.log
2012-06-23 15:10 - 2012-06-23 15:10 - 08828112 ____A (SurfRight B.V.) C:\Users\Dan\Downloads\HitmanPro36_x64(1).exe
2012-06-23 15:05 - 2011-08-25 19:42 - 00000000 ____D C:\Users\Dan\AppData\Roaming\FileZilla
2012-06-23 15:04 - 2010-07-15 20:58 - 00000000 ____D C:\Windows\Minidump
2012-06-23 15:04 - 2010-04-14 10:32 - 00000000 ____D C:\Windows\Panther
2012-06-23 15:01 - 2012-06-23 15:01 - 00000833 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-06-23 15:01 - 2012-06-23 15:01 - 00000000 ____D C:\Program Files\CCleaner
2012-06-23 15:00 - 2012-06-23 15:00 - 03862112 ____A (Piriform Ltd) C:\Users\Dan\Downloads\ccsetup319.exe
[FONT=Calibri]2012-06-23 14:54 - 2012-06-23 [/FONT]
 
14:41 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-06-23 14:42 - 2012-06-23 14:41 - 08828112 ____A (SurfRight B.V.) C:\Users\Dan\Downloads\HitmanPro36_x64.exe
2012-06-23 14:41 - 2012-06-23 14:40 - 07712104 ____A (SurfRight B.V.) C:\Users\Dan\Downloads\HitmanPro36.exe
2012-06-23 14:38 - 2012-06-23 14:38 - 02128472 ____A (Kaspersky Lab ZAO) C:\Users\Dan\Downloads\tdsskiller(1).exe
2012-06-23 12:54 - 2010-06-27 22:20 - 00000000 ____D C:\Bridge Base Online
2012-06-23 12:18 - 2011-12-28 20:00 - 00001124 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-23 12:18 - 2011-04-09 02:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-23 10:35 - 2012-06-23 10:35 - 00000000 ____D C:\Users\Dan\AppData\Local\{5B60CA59-52AF-46E4-8E9E-205F0ECD97F2}
2012-06-23 10:35 - 2012-06-23 10:34 - 00000000 ____D C:\Users\Dan\AppData\Local\{B8E1E2AB-2880-491C-92A4-450657118565}
2012-06-22 20:23 - 2012-06-22 20:23 - 29097015 ____A (Nrsft) C:\Users\All Users\uJ422WwP.exe
2012-06-22 20:23 - 2012-06-22 20:23 - 00000208 ____A C:\Users\All Users\6c2c9f7c19cc348bc2ecb60e6fdb722fe298a6fd
2012-06-22 20:23 - 2012-06-22 20:23 - 00000000 __SHD C:\Users\All Users\oy8XOlg2sbfSWB
2012-06-22 19:31 - 2012-06-22 19:31 - 00000000 ____D C:\Users\Dan\AppData\Local\{D6B6EAAA-4B65-4B6E-A05D-0A90D7EF4983}
2012-06-22 19:31 - 2012-06-22 19:31 - 00000000 ____D C:\Users\Dan\AppData\Local\{47EB55E3-B76E-4A73-BA92-2B3DF38B530D}
2012-06-22 15:01 - 2010-09-04 07:43 - 00000000 ____D C:\Users\Dan\AppData\Roaming\skypePM
2012-06-22 14:51 - 2011-05-13 10:45 - 00000000 ____D C:\Users\All Users\Skype Extras
2012-06-22 14:29 - 2012-06-22 14:28 - 510126615 ____A C:\Users\Dan\Desktop\21741.mov
2012-06-22 07:30 - 2012-06-22 07:30 - 00000000 ____D C:\Users\Dan\AppData\Local\{462A3DEA-58D6-4AAD-AB1A-DA3E42210BF7}
2012-06-22 07:30 - 2012-06-22 07:30 - 00000000 ____D C:\Users\Dan\AppData\Local\{1BF58B33-662B-4CEC-97BA-4AD71BE29833}
2012-06-21 10:05 - 2012-06-21 10:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{58766833-6E73-46BD-9C88-692D274EC3B4}
2012-06-21 10:05 - 2012-06-21 10:04 - 00000000 ____D C:\Users\Dan\AppData\Local\{8467169C-71EA-478E-847B-6939DE23BF30}
2012-06-20 12:36 - 2012-06-20 12:36 - 00000000 ____D C:\Users\Dan\AppData\Local\{BC92BB70-B2FF-4304-9BEC-C7E8709C92F3}
2012-06-20 12:36 - 2012-06-20 12:36 - 00000000 ____D C:\Users\Dan\AppData\Local\{3F805B19-C8A5-4947-B622-A3E5060C7F6B}
2012-06-19 14:58 - 2012-05-09 22:28 - 00000000 ____D C:\Program Files (x86)\Scrivener
2012-06-19 10:34 - 2012-06-19 10:34 - 00048749 ____A C:\Users\Dan\Desktop\snap_3e5d0bc6fa8483d498f9477dbfabbcc5.png
2012-06-19 10:19 - 2012-06-19 10:19 - 00038628 ____A C:\Users\Dan\Desktop\abra.png
2012-06-19 09:11 - 2012-06-19 09:11 - 00000000 ____D C:\Users\Dan\AppData\Local\{89736433-B6FE-4F20-9C49-B62CF3B27638}
2012-06-19 09:11 - 2012-06-19 09:11 - 00000000 ____D C:\Users\Dan\AppData\Local\{40B5B994-7C26-430A-875A-0A9BB6F773EB}
2012-06-18 18:55 - 2012-06-18 18:54 - 00000000 ____D C:\Users\Dan\AppData\Local\{DFC9DD8D-34C5-4812-AA81-42AC6ACE1FDC}
2012-06-18 18:54 - 2012-06-18 18:54 - 00000000 ____D C:\Users\Dan\AppData\Local\{263406F1-F975-494F-8BBB-6F78A94B101B}
2012-06-17 12:26 - 2012-06-17 12:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{D2E3C0E5-9A2D-4BAC-AA23-300EF61B374A}
2012-06-16 21:48 - 2012-06-16 21:48 - 00000000 ____D C:\Users\Dan\AppData\Local\{A1AACBB3-0723-4E7F-9B72-49CBCADDABD9}
2012-06-16 20:42 - 2012-05-06 19:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-16 09:47 - 2012-06-16 09:47 - 00000000 ____D C:\Users\Dan\AppData\Local\{8282D691-3842-4EFE-9614-C69D714C13F1}
2012-06-16 09:40 - 2010-06-27 21:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-15 21:47 - 2012-06-15 21:47 - 00000000 ____D C:\Users\Dan\AppData\Local\{68F4BAA2-74D6-4117-A900-EA5196DD0BEC}
2012-06-15 08:20 - 2012-06-15 08:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{C650D261-256C-4E1B-A0BB-020A1F7BE532}
2012-06-14 21:17 - 2012-06-14 21:17 - 00000000 ____D C:\Users\Dan\Downloads\Campus Prep Course Book.scriv
2012-06-14 20:20 - 2012-06-14 20:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{78E68589-4CE1-4DD2-A874-8BBE76D367DE}
2012-06-14 15:53 - 2010-07-05 09:51 - 00000000 ____D C:\Users\All Users\Yahoo! Companion
2012-06-14 15:47 - 2009-07-13 21:08 - 00032622 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-14 08:19 - 2012-06-14 08:19 - 00000000 ____D C:\Users\Dan\AppData\Local\{77914D45-87F9-4D2D-BA29-A23E012450C1}
2012-06-14 08:19 - 2012-06-14 08:19 - 00000000 ____D C:\Users\Dan\AppData\Local\{21DD5BDE-8387-460F-846B-C339AAA6A3C0}
2012-06-13 15:20 - 2012-06-13 15:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{E5B2E040-E0D8-40EA-81DB-30A6911D3D94}
2012-06-13 15:20 - 2012-06-13 15:19 - 00000000 ____D C:\Users\Dan\AppData\Local\{5FD13A09-CFCD-4764-AA34-A329A7788806}
2012-06-13 15:16 - 2009-07-13 20:45 - 00361096 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-12 23:15 - 2010-06-27 22:26 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-12 14:57 - 2012-06-12 14:57 - 00000000 ____D C:\Users\Dan\AppData\Local\{FDC6DEB4-966C-493F-9B38-FBE986EF9EB3}
2012-06-12 14:57 - 2012-06-12 14:57 - 00000000 ____D C:\Users\Dan\AppData\Local\{A12A2DA5-3760-4E03-B915-4F161C19B80F}
2012-06-11 19:59 - 2012-06-11 19:59 - 00000000 ____D C:\Users\Dan\AppData\Local\{41189B82-BC2F-45DC-8266-8880BFFB08FD}
2012-06-11 19:59 - 2012-06-11 19:59 - 00000000 ____D C:\Users\Dan\AppData\Local\{111BFB54-846E-4130-836C-90869241A26B}
2012-06-11 19:47 - 2011-06-06 15:08 - 00002355 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-06-11 07:58 - 2012-06-11 07:58 - 00000000 ____D C:\Users\Dan\AppData\Local\{E641F3C7-8293-4D2B-B8FF-9E30883C2655}
2012-06-11 07:58 - 2012-06-11 07:58 - 00000000 ____D C:\Users\Dan\AppData\Local\{56E267E5-387D-46CE-8A42-42049EB91D05}
2012-06-10 12:50 - 2012-06-10 12:30 - 00140950 ____A C:\Users\Dan\Desktop\Oversold_Draft.rtf
2012-06-10 12:14 - 2012-06-10 12:13 - 00000000 ____D C:\Users\Dan\AppData\Local\{C9503E2B-804A-48F5-872F-321082F4B86C}
2012-06-10 12:13 - 2012-06-10 12:13 - 00000000 ____D C:\Users\Dan\AppData\Local\{8BC3E36F-16A8-4EA4-83EE-A1326A3E78DE}
2012-06-08 15:42 - 2012-06-08 15:42 - 00000000 ____D C:\Users\Dan\AppData\Local\{A9C6A9A1-4E26-4885-8ADE-C6885CF9B5AC}
2012-06-08 15:42 - 2012-06-08 15:41 - 00000000 ____D C:\Users\Dan\AppData\Local\{71ACB9E0-A185-4791-9337-5759BE383566}
2012-06-08 00:25 - 2012-06-08 00:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{49A21C5B-FCB5-473B-A78E-05294CDE7826}
2012-06-08 00:25 - 2012-06-08 00:24 - 00000000 ____D C:\Users\Dan\AppData\Local\{6DD6DB93-46E3-4C9E-848C-705354F25127}
2012-06-07 12:24 - 2012-06-07 12:24 - 00000000 ____D C:\Users\Dan\AppData\Local\{79A065FF-B7C6-430C-8117-C9430B155E31}
2012-06-07 12:24 - 2012-06-07 12:23 - 00000000 ____D C:\Users\Dan\AppData\Local\{752978B8-AEA8-44F0-B96E-E06B49D0D59A}
2012-06-05 20:59 - 2012-06-05 20:59 - 00000000 ____D C:\Users\Dan\AppData\Local\{821061D1-D322-4496-94C2-09A92F13061A}
2012-06-05 20:59 - 2012-06-05 20:59 - 00000000 ____D C:\Users\Dan\AppData\Local\{2EFEDE88-BFE0-442F-A7EA-88EF89F8E68C}
2012-06-05 08:58 - 2012-06-05 08:58 - 00000000 ____D C:\Users\Dan\AppData\Local\{FABB7EBA-DD0E-4F0B-835E-0B19EF3DD37D}
2012-06-05 08:58 - 2012-06-05 08:58 - 00000000 ____D C:\Users\Dan\AppData\Local\{51615FE9-90DF-4F8D-B8EB-9B2EF30D3BD4}
2012-06-04 13:53 - 2012-06-04 13:53 - 00000000 ____D C:\Users\Dan\AppData\Local\{FC9895D4-A797-4891-B57E-B79527AEC425}
2012-06-04 13:53 - 2012-06-04 13:52 - 00000000 ____D C:\Users\Dan\AppData\Local\{83FB3A40-D85A-4E9F-92C1-25CD439747C4}
2012-06-03 22:45 - 2012-06-03 22:45 - 00000000 ____D C:\Users\Dan\AppData\Local\{D3683D46-E858-42F5-AA0D-AE66A75CEF20}
2012-06-03 22:45 - 2012-06-03 22:45 - 00000000 ____D C:\Users\Dan\AppData\Local\{6633E12F-4D54-4C0E-B956-F72F765218A3}
2012-06-03 18:18 - 2012-06-03 17:51 - 00114236 ____A C:\Users\Dan\Desktop\oversold.rtf
2012-06-03 10:44 - 2012-06-03 10:44 - 00000000 ____D C:\Users\Dan\AppData\Local\{D5E4C774-8545-43FF-8DCC-E487C254BE27}
2012-06-03 10:43 - 2012-06-03 10:43 - 00000000 ____D C:\Users\Dan\AppData\Local\{E0A5F164-2439-4A8F-B3DC-E9BA5478F09B}
2012-06-02 15:53 - 2011-06-08 13:14 - 00000984 ____A C:\Users\Dan\Desktop\Dropbox.lnk
2012-06-02 09:55 - 2012-06-02 09:54 - 00000000 ____D C:\Users\Dan\AppData\Local\{70E18275-E556-474E-BA88-61EE658021D8}
2012-06-02 09:54 - 2012-06-02 09:54 - 00000000 ____D C:\Users\Dan\AppData\Local\{04F91AEA-BC05-4918-9E1A-E6BE7D1CD91A}
2012-05-31 22:05 - 2012-05-31 22:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{FC8E1B6E-C056-47E4-AB55-F41541785F45}
2012-05-31 22:05 - 2012-05-31 22:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{9479528B-C7FD-4CA5-8F30-DC8218E8854C}
2012-05-31 10:07 - 2012-05-31 10:07 - 00000000 ____D C:\Users\Dan\Downloads\oversold backup.scriv
2012-05-31 10:05 - 2012-05-31 10:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{A54FD627-1AD7-41E4-B16E-84386F7F511E}
2012-05-31 10:05 - 2012-05-31 10:04 - 00000000 ____D C:\Users\Dan\AppData\Local\{AF75446C-8B0F-41E7-94AB-22791F6CE9E4}
2012-05-30 22:04 - 2012-05-30 22:04 - 00000000 ____D C:\Users\Dan\AppData\Local\{46B3CB02-A9CE-4461-9A5A-9A47DD343687}
2012-05-30 22:04 - 2012-05-30 22:03 - 00000000 ____D C:\Users\Dan\AppData\Local\{982B8334-593F-42D6-B482-66EC3CDBE88A}
2012-05-30 09:39 - 2012-05-30 09:39 - 00000000 ____D C:\Users\Dan\AppData\Local\{C7776F67-7AD8-4EE9-895D-84A4CAE54376}
2012-05-30 09:39 - 2012-05-30 09:39 - 00000000 ____D C:\Users\Dan\AppData\Local\{58AEFD87-2EE9-4126-80B6-A695DD139A71}
2012-05-29 23:09 - 2012-05-29 23:09 - 00000000 ____D C:\Users\Dan\Downloads\Mystery.scriv
2012-05-29 23:04 - 2012-05-29 23:04 - 00000000 ____D C:\Users\Dan\Downloads\Mystery Project.scriv
2012-05-29 21:39 - 2012-05-29 21:38 - 00000000 ____D C:\Users\Dan\AppData\Local\{492891C4-C086-4FF4-BC99-ECF86C48ED4A}
2012-05-29 21:38 - 2012-05-29 21:38 - 00000000 ____D C:\Users\Dan\AppData\Local\{BF958220-E1D7-4EED-B74C-AA1C0AA283CE}
2012-05-28 10:12 - 2012-05-28 10:11 - 00000000 ____D C:\Users\Dan\AppData\Local\{E7596530-23A1-4EC4-B72C-DEFF82DE2270}
2012-05-28 10:11 - 2012-05-28 10:11 - 00000000 ____D C:\Users\Dan\AppData\Local\{02990671-A653-4596-B7FE-28DC2C23DECD}
2012-05-26 12:20 - 2012-05-26 12:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{3FF03AF4-DAD9-457C-B2B0-84FEE8F469C8}
2012-05-26 12:20 - 2012-05-26 12:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{1315FE5D-8096-4521-AD01-4625F9E0B3FF}
2012-05-25 17:32 - 2012-05-25 17:31 - 00000000 ____D C:\Users\Dan\AppData\Local\{94706BBA-5E5D-466D-8106-61612179C09C}
2012-05-25 17:31 - 2012-05-25 17:31 - 00000000 ____D C:\Users\Dan\AppData\Local\{2A8FC5CD-D1E8-4114-8065-12A4ADD54F4E}
2012-05-24 21:06 - 2012-05-24 21:06 - 00000000 ____D C:\Users\Dan\AppData\Local\{84E4343D-6366-434D-801D-A7DEA7FD9BB4}
2012-05-24 21:06 - 2012-05-24 21:06 - 00000000 ____D C:\Users\Dan\AppData\Local\{5CD05D62-3FB6-4F60-8959-DFABA6B36408}
2012-05-24 09:05 - 2012-05-24 09:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{DCE921B2-5FC7-49B0-B24E-B026120B14BC}
2012-05-24 09:05 - 2012-05-24 09:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{CD3764EE-41D3-49A9-9BC9-0CB43F9A432B}
2012-05-23 19:54 - 2012-05-23 19:53 - 00000000 ____D C:\Users\Dan\AppData\Local\{E0930C51-ADC5-4421-94AC-52B09F5C0710}
2012-05-23 19:53 - 2012-05-23 19:53 - 00000000 ____D C:\Users\Dan\AppData\Local\{50E9EF8C-3E93-4D66-8806-34455001B2B6}
2012-05-23 07:09 - 2012-05-23 07:09 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-05-23 07:08 - 2010-06-04 01:49 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-05-23 07:07 - 2011-09-12 07:16 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-05-23 07:04 - 2012-05-23 06:59 - 214613632 ____A (NVIDIA Corporation) C:\Users\Dan\Downloads\301.42-notebook-win7-winvista-64bit-international-whql.exe
2012-05-23 06:48 - 2012-05-23 06:48 - 00000000 ____D C:\Users\Dan\AppData\Local\{F83DE537-A41B-478B-98D0-DC340F67E347}
2012-05-23 06:48 - 2012-05-23 06:47 - 00000000 ____D C:\Users\Dan\AppData\Local\{212612A6-2BAC-4990-8DBB-13880701D71D}
2012-05-22 11:56 - 2012-05-22 11:56 - 00000000 ____D C:\Users\Dan\AppData\Local\{234D1E67-D708-43B1-8F98-37221BFCA5AB}
2012-05-22 11:56 - 2012-05-22 11:56 - 00000000 ____D C:\Users\Dan\AppData\Local\{0D9A46AF-3A97-4200-A17E-1D72907753E0}
2012-05-21 21:55 - 2012-05-21 21:54 - 00000000 ____D C:\Users\Dan\AppData\Local\{A257200B-3001-4CF8-B678-77279D050B4A}
2012-05-21 21:54 - 2012-05-21 21:54 - 00000000 ____D C:\Users\Dan\AppData\Local\{121DBA0E-119A-48E6-9AEC-A443EDBB8063}
2012-05-21 08:43 - 2012-05-21 08:43 - 00065536 __ASH C:\Windows\System32\config\COMPONENTS{b6427221-97ff-11e1-b571-00038a000015}.TxR.blf
2012-05-21 08:43 - 2012-05-21 08:43 - 00000000 ____D C:\Users\Dan\AppData\Local\{5B73F1A6-CD38-4AAE-AD76-3E3B928190CE}
2012-05-21 08:43 - 2012-05-21 08:43 - 00000000 ____D C:\Users\Dan\AppData\Local\{1C259C62-B28C-4ACC-8A70-C91B6DDF31F8}
2012-05-20 20:54 - 2011-05-18 12:56 - 00265808 ____A C:\Users\Dan\Documents\voice-message.wav
2012-05-20 14:42 - 2012-05-20 14:42 - 00000000 ____D C:\Users\Dan\AppData\Local\{4064419C-FC82-44BC-BBB8-0CEA383C8853}
2012-05-20 14:42 - 2012-05-20 14:41 - 00000000 ____D C:\Users\Dan\AppData\Local\{F31E5E6B-E7C6-4F0F-88B6-871A10A11B6F}
2012-05-19 20:28 - 2012-05-19 20:28 - 00000000 ____D C:\Users\Dan\AppData\Local\{B176701A-1370-4340-B1C3-273AC623C799}
2012-05-19 20:28 - 2012-05-19 20:27 - 00000000 ____D C:\Users\Dan\AppData\Local\{2F4F3D3B-5399-4937-AE51-2F183E2B5FC7}
2012-05-18 17:20 - 2012-05-18 17:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{C3030517-54A1-44A6-9305-9D7660AF37B2}
2012-05-18 17:19 - 2012-05-18 17:19 - 00000000 ____D C:\Users\Dan\AppData\Local\{6FC92F1C-08F0-45C8-96CE-46780EA34C3C}
2012-05-17 09:24 - 2012-05-17 09:23 - 00000000 ____D C:\Users\Dan\AppData\Local\{EE66F888-C42A-4A99-A207-7E74A3F4EB48}
2012-05-17 09:23 - 2012-05-17 09:23 - 00000000 ____D C:\Users\Dan\AppData\Local\{83CBCA9E-4C60-498E-BF10-26DBE1F55499}
2012-05-16 10:56 - 2012-05-16 10:56 - 00000000 ____D C:\Users\Dan\AppData\Local\{9646E0FC-BAC1-4717-A9D3-1B4336E8E17D}
2012-05-16 10:56 - 2012-05-16 10:55 - 00000000 ____D C:\Users\Dan\AppData\Local\{B256E0C3-CE2E-4F4D-BA14-A2373CB56926}
2012-05-16 10:55 - 2012-05-16 10:55 - 00000000 ____D C:\Windows\en
2012-05-16 10:52 - 2010-11-08 08:23 - 00000000 ____D C:\Program Files\Windows Live
2012-05-16 10:52 - 2010-04-13 20:29 - 00000000 ____D C:\Program Files (x86)\Windows Live
2012-05-16 10:47 - 2012-05-16 10:47 - 00000000 ____D C:\Users\Dan\AppData\Local\{88EAD73E-5E1E-4934-BB02-F4DB439F531D}
2012-05-16 10:47 - 2012-05-16 10:47 - 00000000 ____D C:\Users\Dan\AppData\Local\{72E40356-EE2E-4CE7-9C8A-974F79FB4118}
2012-05-16 08:12 - 2012-05-16 08:12 - 00000000 ____D C:\Users\Dan\AppData\Local\{8A19A40D-1F74-4C05-8ACD-BA513BD8FB17}
2012-05-16 08:12 - 2012-05-16 08:12 - 00000000 ____D C:\Users\Dan\AppData\Local\{10EC9F2E-ABBE-4664-B685-134E8843F237}
2012-05-15 21:43 - 2012-05-15 21:43 - 00000000 ____D C:\Users\Dan\AppData\Local\{B75E37E4-B01C-4E53-862D-D89AD755D22F}
2012-05-15 21:43 - 2012-05-15 21:43 - 00000000 ____D C:\Users\Dan\AppData\Local\{6EF8CD4A-E986-4C62-BA2F-FD54FC2A35F1}
2012-05-15 13:32 - 2012-05-15 13:32 - 00000000 ____D C:\Users\Dan\AppData\Local\{0AE3D754-F6B5-4141-8A19-0E62CC1915F0}
2012-05-15 13:31 - 2012-05-15 13:31 - 00000000 ____D C:\Users\Dan\AppData\Local\{B113DA0F-CE32-43B7-AB23-BFAE58498F8A}
2012-05-15 11:31 - 2012-05-15 11:31 - 00000000 ____D C:\Users\Dan\AppData\Local\{BE5FBA2B-9CA3-4ED1-8143-13D3F67B7EF4}
2012-05-15 11:30 - 2012-05-15 11:30 - 00000000 ____D C:\Users\Dan\AppData\Local\{68D30CB8-9550-46E8-8F8E-13201C4C3EB7}
2012-05-15 11:03 - 2012-05-15 11:03 - 00000000 ____D C:\Users\Dan\AppData\Local\{C410297D-A78A-4666-AB5C-8A4056A151C0}
2012-05-15 11:03 - 2012-05-15 11:02 - 00000000 ____D C:\Users\Dan\AppData\Local\{EF528750-09C7-4226-907E-8A3C84FBB115}
2012-05-15 08:59 - 2012-05-15 08:59 - 00000000 ____D C:\Users\Dan\AppData\Local\{D0FFC345-DB29-4BA0-B54F-3098481AC508}
2012-05-15 08:59 - 2012-05-15 08:59 - 00000000 ____D C:\Users\Dan\AppData\Local\{5DA7622D-C68E-4954-827F-EAF17D31CD8E}
2012-05-15 02:48 - 2012-05-23 07:06 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-15 02:48 - 2012-05-23 07:06 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-15 02:48 - 2012-05-23 07:06 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-15 02:48 - 2012-05-23 07:06 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-05-15 02:48 - 2012-05-23 07:06 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-15 02:48 - 2012-05-23 07:06 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-15 02:48 - 2012-05-23 07:06 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-15 02:48 - 2012-05-23 07:06 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-15 02:48 - 2012-05-23 07:06 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-15 02:48 - 2012-05-23 07:06 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-15 02:48 - 2012-05-23 07:06 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-15 02:48 - 2012-05-23 07:06 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-15 02:48 - 2012-05-23 07:06 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-05-15 02:48 - 2011-09-16 11:19 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-05-15 02:48 - 2011-09-16 11:19 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-05-15 02:48 - 2011-09-12 07:16 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-05-15 02:48 - 2011-09-12 07:16 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-05-15 02:48 - 2011-09-12 07:16 - 00014324 ____A C:\Windows\System32\nvinfo.pb
2012-05-15 02:48 - 2010-01-16 00:02 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-05-15 02:48 - 2010-01-16 00:02 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-05-15 02:48 - 2009-12-06 17:30 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-05-15 02:48 - 2009-12-06 17:30 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-05-15 01:29 - 2010-01-17 21:44 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-05-15 01:29 - 2010-01-17 21:44 - 02561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2012-05-15 01:29 - 2010-01-17 21:44 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-05-15 01:29 - 2010-01-17 21:44 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-05-15 01:29 - 2009-12-07 09:02 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-05-15 01:28 - 2010-01-17 21:44 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-05-14 21:51 - 2012-05-14 21:51 - 00000000 ____D C:\Users\Dan\AppData\Local\{CB227CCA-31BF-48C9-A0CA-3B2D35A1D3BD}
2012-05-14 21:51 - 2012-05-14 21:50 - 00000000 ____D C:\Users\Dan\AppData\Local\{7D30A3D0-3E9C-4805-91BD-1EC360074DC8}
2012-05-14 20:01 - 2012-06-12 19:58 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:59 - 2012-06-12 19:58 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 19:03 - 2012-06-12 19:58 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 19:00 - 2012-06-12 19:58 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-14 17:32 - 2012-06-12 19:57 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-13 21:33 - 2012-05-13 21:32 - 00000000 ____D C:\Users\Dan\AppData\Local\{7FAE030A-0DA5-40A1-BD23-6A26B6BDE38E}
2012-05-13 21:32 - 2012-05-13 21:32 - 00000000 ____D C:\Users\Dan\AppData\Local\{11C59D93-D223-4E77-B599-31ECEDE6C54E}
2012-05-13 19:40 - 2012-05-13 19:40 - 00000000 ____D C:\Users\Dan\AppData\Local\{491F773D-3A38-43A4-B2CA-70E4E7FDA291}
2012-05-13 19:40 - 2012-05-13 19:40 - 00000000 ____D C:\Users\Dan\AppData\Local\{43101971-EFE4-490B-AB39-4A2595B6DFFE}
2012-05-13 18:18 - 2012-05-13 18:18 - 00000000 ____D C:\Users\Dan\Downloads\The Earth and Sky.scriv
2012-05-13 18:17 - 2012-05-13 18:17 - 00014876 ____A C:\Users\Dan\The Earth and Sky.syv
2012-05-13 18:17 - 2010-06-27 21:26 - 00000000 ____D C:\users\Dan
2012-05-13 17:14 - 2012-05-13 17:14 - 00000000 ____D C:\Users\Dan\AppData\Local\{D3C63B95-3044-41B6-BE2A-26FE7E42ACF0}
2012-05-13 17:14 - 2012-05-13 17:13 - 00000000 ____D C:\Users\Dan\AppData\Local\{99684A2F-E24A-4DF1-857D-0A4C9AADF089}
2012-05-12 22:52 - 2012-05-12 22:52 - 00001905 ____A C:\Users\Public\Desktop\Outline 4D.lnk
2012-05-12 22:52 - 2012-05-12 22:52 - 00000000 ____D C:\Users\Dan\AppData\Roaming\PACE Anti-Piracy
2012-05-12 22:52 - 2012-05-12 22:52 - 00000000 ____D C:\Users\Dan\AppData\Local\PACE Anti-Piracy
2012-05-12 22:52 - 2012-05-12 22:52 - 00000000 ____D C:\Users\All Users\PACE Anti-Piracy
2012-05-12 22:52 - 2012-05-12 22:52 - 00000000 ____D C:\Program Files (x86)\Outline 4D
2012-05-12 22:52 - 2010-06-11 09:47 - 00000000 ___HD C:\Users\Dan\AppData\Local\27UHsUnZJVnF
2012-05-12 22:51 - 2012-05-12 22:51 - 00000000 ____D C:\Users\Dan\AppData\Local\Downloaded Installations
2012-05-12 22:40 - 2012-05-12 22:40 - 00000000 ____D C:\Users\Dan\AppData\Local\{E265E54B-2B8B-404E-9838-4CD776FF22BF}
2012-05-12 22:40 - 2012-05-12 22:40 - 00000000 ____D C:\Users\Dan\AppData\Local\{3A7E2D19-4B89-4B1A-8F1D-D95A5C76FEAF}
2012-05-12 18:14 - 2012-05-12 18:14 - 00000000 ____D C:\Users\Dan\AppData\Local\{742E3EFB-59B9-405D-AD45-3FEB1057E4BF}
2012-05-12 18:14 - 2012-05-12 18:13 - 00000000 ____D C:\Users\Dan\AppData\Local\{450FF42D-2BAE-485C-9D23-510244194C6C}
2012-05-12 08:50 - 2012-05-12 08:49 - 00000000 ____D C:\Users\Dan\AppData\Local\{67E7F9B6-193B-4DD8-9328-43AB2BB2E12E}
2012-05-12 08:49 - 2012-05-12 08:49 - 00000000 ____D C:\Users\Dan\AppData\Local\{CABFA940-1B03-4DE7-B1BC-9C238D263F99}
2012-05-11 17:26 - 2012-05-11 17:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{5A47BE29-C13A-4E34-80F2-9FE3DB33F323}
2012-05-11 17:26 - 2012-05-11 17:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{C3822E7E-9655-4820-AFA1-79A0E97ECA30}
2012-05-10 21:47 - 2012-05-10 21:47 - 00000000 ____D C:\Users\Dan\AppData\Local\{BA74826E-01D1-4C3B-B867-4B96ECB6B704}
2012-05-10 21:47 - 2012-05-10 21:47 - 00000000 ____D C:\Users\Dan\AppData\Local\{AFDFEC02-EBD1-4CCC-835B-24EE4ED49FB7}
2012-05-10 20:59 - 2012-05-10 20:59 - 00011506 ____A C:\Users\Dan\Desktop\AcademicChess.xlsx
2012-05-10 18:01 - 2012-05-10 18:01 - 00000000 ____D C:\Users\Dan\AppData\Local\{CAF683E2-BEB4-4A63-8474-F56570293EE2}
2012-05-10 18:01 - 2012-05-10 18:01 - 00000000 ____D C:\Users\Dan\AppData\Local\{6ABD1025-AE1C-47B7-9781-601398892F70}
2012-05-10 12:24 - 2012-05-10 12:24 - 00000000 ____D C:\Users\Dan\AppData\Local\{7AB03690-34D3-41A0-AC92-573D1374F5C5}
2012-05-10 12:24 - 2012-05-10 12:24 - 00000000 ____D C:\Users\Dan\AppData\Local\{11DB446B-834F-48A0-9925-E7F4AB5DB3DD}
2012-05-10 07:21 - 2012-05-10 07:21 - 00000000 ____D C:\Users\Dan\AppData\Local\{1C1F4FD7-27FD-4171-AF6E-409EBD626B9C}
2012-05-10 07:20 - 2012-05-10 07:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{A6BF80C7-B89D-403C-ABA5-482C178E75EE}
2012-05-09 23:21 - 2010-06-04 01:40 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-09 23:10 - 2010-04-13 20:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-09 23:10 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-09 22:32 - 2012-05-09 22:32 - 00000000 ____D C:\Users\Dan\Downloads\Scriv Tutorial.scriv
2012-05-09 22:30 - 2012-05-09 22:30 - 00000000 ____D C:\Users\Dan\AppData\Local\Scrivener
2012-05-09 22:28 - 2012-05-09 22:28 - 00001708 ____A C:\Users\Public\Desktop\Scrivener.lnk
2012-05-09 22:27 - 2012-05-09 22:25 - 52015502 ____A C:\Users\Dan\Downloads\Scrivener-installer.zip
2012-05-09 18:49 - 2012-05-09 18:49 - 00000000 ____D C:\Users\Dan\AppData\Local\{C6FA1CB9-9560-4201-80E4-0FE819CED318}
2012-05-09 18:49 - 2012-05-09 18:49 - 00000000 ____D C:\Users\Dan\AppData\Local\{804FE82D-F0EE-45DE-8754-50ED19272E96}
2012-05-09 14:25 - 2012-05-09 14:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{5D16BB3E-BC5C-412B-9E9C-04FC4CD6B341}
2012-05-09 14:25 - 2012-05-09 14:24 - 00000000 ____D C:\Users\Dan\AppData\Local\{EFA02415-E0C8-45A3-A5E9-F1323C15570A}
2012-05-09 12:05 - 2012-05-09 12:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{B2B67893-0064-46E0-9130-679B2E34AE21}
2012-05-09 12:05 - 2012-05-09 12:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{08A0A36C-5459-472D-A33F-437B26009B23}
2012-05-09 11:21 - 2012-05-16 21:12 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-05-09 11:21 - 2011-09-27 21:39 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-05-09 11:18 - 2012-06-24 09:33 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-05-09 11:17 - 2012-06-24 09:33 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-05-09 11:17 - 2012-06-24 09:33 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-05-09 08:32 - 2012-05-09 08:32 - 00000000 ____D C:\Users\Dan\AppData\Local\{9A290F5E-ECBE-4596-B21A-FE28DAB67BD8}
2012-05-09 08:32 - 2012-05-09 08:32 - 00000000 ____D C:\Users\Dan\AppData\Local\{9051781F-8E40-4E81-84EB-E3A73BB6087E}
2012-05-08 14:03 - 2012-05-08 14:02 - 00000000 ____D C:\Users\Dan\AppData\Local\{B0404E8C-91A1-4476-A3B9-19A25CAAAFF2}
2012-05-08 14:02 - 2012-05-08 14:02 - 00000000 ____D C:\Users\Dan\AppData\Local\{0352A91E-0DA2-48A6-B482-C7CC4E5C5444}
2012-05-08 07:28 - 2012-05-08 07:28 - 00000000 ____D C:\Users\Dan\AppData\Local\{C0E8E35D-C182-4F61-8FDB-DD66014CECF8}
 
2012-05-08 07:28 - 2012-05-08 07:28 - 00000000 ____D C:\Users\Dan\AppData\Local\{B16EC822-C72A-4BD8-BA4F-330BB09E6B46}
2012-05-07 09:23 - 2012-05-07 09:23 - 00000000 ____D C:\Users\Dan\AppData\Local\{0757AD47-AB4A-43EC-B9BF-A17F74BD06C9}
2012-05-07 09:22 - 2012-05-07 09:22 - 00000000 ____D C:\Users\Dan\AppData\Local\{30A713CE-A22C-492D-9181-3E87F2C63B8E}
2012-05-06 20:50 - 2012-05-06 20:49 - 00000000 ____D C:\Users\Dan\AppData\Local\{0907F932-971D-47FC-AEA8-A497FF7C715A}
2012-05-06 20:49 - 2012-05-06 20:49 - 00000000 ____D C:\Users\Dan\AppData\Local\{4E7B0129-98B4-465F-A6F5-E9F0684466F7}
2012-05-06 19:41 - 2012-05-06 19:41 - 00000000 ____D C:\Users\All Users\Mozilla
2012-05-06 19:41 - 2011-06-06 15:08 - 00001064 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-05-06 19:39 - 2012-05-06 19:39 - 16339280 ____A (Mozilla) C:\Users\Dan\Downloads\Firefox Setup 12.0.exe
2012-05-06 19:36 - 2012-05-06 19:36 - 00000000 ____D C:\Users\Dan\AppData\Local\{E57F967D-2EDB-47A9-BF78-8252A5E713AB}
2012-05-06 19:36 - 2012-05-06 19:36 - 00000000 ____D C:\Users\Dan\AppData\Local\{D348413C-1FF2-4EA0-BE50-9857E1E403B8}
2012-05-06 13:16 - 2012-05-06 13:16 - 00000000 ____D C:\Users\Dan\AppData\Local\{AA15443B-CF90-4BD6-9FF5-669FFF3375FF}
2012-05-06 13:16 - 2012-05-06 13:16 - 00000000 ____D C:\Users\Dan\AppData\Local\{84B38334-312D-4364-8025-29375F7DEE6D}
2012-05-06 08:58 - 2012-05-06 08:58 - 00000000 ____D C:\Users\Dan\AppData\Local\{52DABC01-5293-4C24-AF72-5001181C3C76}
2012-05-06 08:58 - 2012-05-06 08:57 - 00000000 ____D C:\Users\Dan\AppData\Local\{AB896480-0FEE-4E33-AA35-A464E3E714A2}
2012-05-06 07:05 - 2012-05-06 07:01 - 00000000 ____D C:\Users\Dan\Desktop\sd
2012-05-06 06:59 - 2012-05-06 06:59 - 00000000 ____D C:\Users\Dan\AppData\Local\{D6E374CC-2498-4707-86A4-9BCBA576A03E}
2012-05-06 06:59 - 2012-05-06 06:58 - 00000000 ____D C:\Users\Dan\AppData\Local\{3D19F0B6-71C5-402B-9BE6-DA45ED25FFF9}
2012-05-06 06:53 - 2012-05-06 06:53 - 00065536 __ASH C:\Windows\System32\config\COMPONENTS{086a564c-972b-11e1-89d0-00038a000015}.TxR.blf
2012-05-05 19:26 - 2012-05-05 19:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{D7363779-9FB8-4A43-95E0-3C0770F27B2E}
2012-05-05 19:26 - 2012-05-05 19:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{99D61BDD-99FC-4C7A-9EA4-F364999F5DD8}
2012-05-05 15:51 - 2012-05-05 15:51 - 00000000 ____D C:\Users\Dan\AppData\Local\{A723BCB8-20FE-4830-82E9-5370B78C275E}
2012-05-05 15:51 - 2012-05-05 15:51 - 00000000 ____D C:\Users\Dan\AppData\Local\{77465BC0-018D-48E3-AE8C-5C3F1BED3B86}
2012-05-04 19:50 - 2012-05-04 19:50 - 00000000 ____D C:\Users\Dan\AppData\Local\{FDF7367A-84F4-4E62-AF18-A6509113984F}
2012-05-04 19:50 - 2012-05-04 19:50 - 00000000 ____D C:\Users\Dan\AppData\Local\{2A25559E-B189-4044-AFCF-9D84CC6D5338}
2012-05-04 17:14 - 2012-05-04 17:14 - 00000000 ____D C:\Users\Dan\AppData\Local\{B3E7229E-3589-4764-88B5-2E797A7A1DB2}
2012-05-04 17:14 - 2012-05-04 17:14 - 00000000 ____D C:\Users\Dan\AppData\Local\{5729D771-38D5-43F7-BB42-B3F55512F3BC}
2012-05-04 03:06 - 2012-06-12 19:57 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-12 19:57 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-12 19:57 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 19:43 - 2012-05-03 19:43 - 00000000 ____D C:\Users\Dan\AppData\Local\{B44217DD-8854-4426-B7C3-45E9DEBF2D28}
2012-05-03 19:42 - 2012-05-03 19:42 - 00000000 ____D C:\Users\Dan\AppData\Local\{BEE5822C-91C6-4FCE-9003-76188CE2ADA5}
2012-05-02 19:52 - 2012-05-02 19:51 - 00000000 ____D C:\Users\Dan\AppData\Local\{216C371F-5A75-4D19-BC7A-FF041D9C26FE}
2012-05-02 19:51 - 2012-05-02 19:51 - 00000000 ____D C:\Users\Dan\AppData\Local\{BE10ADF2-9E51-4617-B875-BBBF904B80FE}
2012-05-02 08:21 - 2012-05-02 08:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{2AD8ABDA-1133-4D8A-BE1E-24AF37931F39}
2012-05-02 08:20 - 2012-05-02 08:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{1A7DE771-EB7C-4940-8794-84DC46970213}
2012-05-01 14:16 - 2012-05-01 14:15 - 00000000 ____D C:\Users\Dan\AppData\Local\{73CCAA84-81A7-4EA0-A0FA-510B915B110F}
2012-05-01 14:15 - 2012-05-01 14:15 - 00000000 ____D C:\Users\Dan\AppData\Local\{76E1322D-5A7B-4061-904A-048B0BCF018A}
2012-05-01 12:41 - 2012-05-01 12:41 - 00000000 ____D C:\Users\Dan\AppData\Local\{DEF1A724-5D3D-491B-8CD6-AB20E56456A0}
2012-05-01 12:41 - 2012-05-01 12:41 - 00000000 ____D C:\Users\Dan\AppData\Local\{0B82BB6C-0C93-4BE9-B1E4-3BD60BAC6609}
2012-04-30 22:00 - 2012-04-30 22:00 - 00000000 ____D C:\Users\Dan\AppData\Local\{C49FF917-BF01-4960-968D-F892626657B2}
2012-04-30 22:00 - 2012-04-30 22:00 - 00000000 ____D C:\Users\Dan\AppData\Local\{178A914C-F32B-4BFA-B063-DC1902FFD0CB}
2012-04-30 21:40 - 2012-06-12 19:57 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-30 19:40 - 2012-04-30 19:40 - 00000000 ____D C:\Users\Dan\AppData\Local\{B43ED39F-D8AA-4E9E-9420-B327D9AD5299}
2012-04-30 19:40 - 2012-04-30 19:40 - 00000000 ____D C:\Users\Dan\AppData\Local\{83D75079-3B8A-4EAE-B680-6C1FEFF1D1FF}
2012-04-30 18:23 - 2012-04-30 18:23 - 00000000 ____D C:\Users\Dan\AppData\Local\{9B935617-D9D0-4F23-A879-08EEBFA1B2C1}
2012-04-30 18:23 - 2012-04-30 18:23 - 00000000 ____D C:\Users\Dan\AppData\Local\{8C8B8793-8F10-41EE-90FE-4AEACB6608C1}
2012-04-30 15:47 - 2012-04-30 15:47 - 00000000 ____D C:\Users\Dan\AppData\Local\{AB5D2FEF-6F7B-4988-8826-4842EAB405E8}
2012-04-30 15:47 - 2012-04-30 15:47 - 00000000 ____D C:\Users\Dan\AppData\Local\{4993FAFC-1D3D-4326-ADC0-81FC9B821EB3}
2012-04-30 14:46 - 2012-04-30 14:46 - 00000000 ____D C:\Users\Dan\AppData\Local\{60174EF9-0620-4C3A-9692-D91154D97D73}
2012-04-30 14:46 - 2012-04-30 14:46 - 00000000 ____D C:\Users\Dan\AppData\Local\{18DE761C-57EA-409F-8410-815252D4DD0A}
2012-04-30 10:49 - 2012-04-30 10:49 - 00000000 ____D C:\Users\Dan\AppData\Local\{C029DF03-7825-4E31-A6C2-DACA75682BF4}
2012-04-30 10:49 - 2012-04-30 10:49 - 00000000 ____D C:\Users\Dan\AppData\Local\{A485A112-BD8E-4649-A5C9-29D606C42C9E}
2012-04-29 21:48 - 2012-04-29 21:48 - 00000000 ____D C:\Users\Dan\AppData\Local\{BBD264C2-C839-4382-9927-DE9C72444F06}
2012-04-29 21:48 - 2012-04-29 21:48 - 00000000 ____D C:\Users\Dan\AppData\Local\{0EBEB2A2-709A-481E-8E69-D666140EF983}
2012-04-29 19:52 - 2012-04-29 19:52 - 00000000 ____D C:\Users\Dan\AppData\Local\{BDCC9454-3C85-477B-BB84-DE5FCE8D284E}
2012-04-29 19:51 - 2012-04-29 19:51 - 00000000 ____D C:\Users\Dan\AppData\Local\{0B30BA46-60F2-417A-AB3E-5269E1032450}
2012-04-29 12:31 - 2012-04-29 12:31 - 00000000 ____D C:\Users\Dan\AppData\Local\{B84B927A-D5C2-4525-B1EA-385FC0C407B3}
2012-04-29 12:31 - 2012-04-29 12:31 - 00000000 ____D C:\Users\Dan\AppData\Local\{AA4BBACB-6B3B-400D-B045-FE77829A24B3}
2012-04-29 08:39 - 2012-04-29 08:39 - 00000000 ____D C:\Users\Dan\AppData\Local\{3CC6EFE8-05D6-4642-80DD-FFD719A5F149}
2012-04-29 08:39 - 2012-04-29 08:38 - 00000000 ____D C:\Users\Dan\AppData\Local\{0009937B-2CBC-4541-896E-78459CC44C46}
2012-04-27 19:55 - 2012-06-12 19:57 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 17:24 - 2012-04-27 17:24 - 00000000 ____D C:\Users\Dan\AppData\Local\{E6FDFD1F-CFDE-4D75-9A61-43FE14090EB4}
2012-04-27 17:24 - 2012-04-27 17:24 - 00000000 ____D C:\Users\Dan\AppData\Local\{3A2005F5-4894-44EB-98A0-4E5A46EE326C}
2012-04-27 10:06 - 2012-04-27 10:06 - 00000000 ____D C:\Users\Dan\AppData\Local\{F38308A0-5229-4EBE-B8DD-F218D322FF5D}
2012-04-27 10:06 - 2012-04-27 10:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{298FABAA-0918-4422-B1F2-FB5EDF6DD29B}
2012-04-26 21:09 - 2012-04-26 21:09 - 00000000 ____D C:\Users\Dan\AppData\Local\{E8291985-017E-4AC3-A4B9-D7F4D80307BD}
2012-04-26 21:09 - 2012-04-26 21:09 - 00000000 ____D C:\Users\Dan\AppData\Local\{46F47C33-AF48-4B9D-8FFF-85FA9F13E8E0}
2012-04-26 14:55 - 2012-04-26 14:55 - 00000000 ____D C:\Users\Dan\AppData\Local\{F1A25581-EE4C-4AE8-92D0-A9089A781CBC}
2012-04-26 14:55 - 2012-04-26 14:55 - 00000000 ____D C:\Users\Dan\AppData\Local\{63653B72-28ED-489A-AABB-65070735DDB0}
2012-04-26 07:11 - 2012-04-26 07:11 - 00000000 ____D C:\Users\Dan\AppData\Local\{E966E06F-2308-4C65-81F1-1AF970DF3F1A}
2012-04-26 07:11 - 2012-04-26 07:11 - 00000000 ____D C:\Users\Dan\AppData\Local\{C128A21D-17FE-40B0-B54F-7A636921E5AA}
2012-04-25 21:41 - 2012-06-12 19:58 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-12 19:58 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-12 19:58 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 18:39 - 2012-04-24 18:39 - 00000000 ____D C:\Users\Dan\AppData\Local\{8AF06313-0CDF-48CF-A79D-93C656A8BA25}
2012-04-24 18:39 - 2012-04-24 18:38 - 00000000 ____D C:\Users\Dan\AppData\Local\{EC70DF28-F63C-4B2F-AD8E-DCF980F4497B}
2012-04-24 15:55 - 2012-04-24 15:55 - 00000000 ____D C:\Users\Dan\AppData\Local\{909B0BE0-9578-43E6-B07D-1403C104FFD8}
2012-04-24 15:55 - 2012-04-24 15:55 - 00000000 ____D C:\Users\Dan\AppData\Local\{4A5F60C7-722A-41EB-95AF-2C2022344CAA}
2012-04-23 21:54 - 2012-04-23 21:53 - 00000000 ____D C:\Users\Dan\AppData\Local\{22F5FF2D-6789-46BC-9C19-2F399E5A7FBF}
2012-04-23 21:53 - 2012-04-23 21:53 - 00000000 ____D C:\Users\Dan\AppData\Local\{12D67E38-2F97-4B1F-9ECA-04C9839E997C}
2012-04-23 21:37 - 2012-06-12 19:57 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-12 19:57 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-12 19:57 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-12 19:57 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-12 19:57 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-12 19:57 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-22 21:32 - 2012-04-22 21:32 - 00000000 ____D C:\Users\Dan\AppData\Local\{490365DD-38BE-4540-9E73-7E0C8C9B5E7C}
2012-04-22 21:32 - 2012-04-22 21:31 - 00000000 ____D C:\Users\Dan\AppData\Local\{A22DD622-BEA1-48A9-8ACB-BA540E9AD00E}
2012-04-22 10:40 - 2012-04-22 10:40 - 00000000 ____D C:\Users\Dan\AppData\Local\{D3A7BD9D-C0DC-4051-8C47-0BDC00E90309}
2012-04-22 10:39 - 2012-04-22 10:39 - 00000000 ____D C:\Users\Dan\AppData\Local\{4F8428A2-4A8B-4092-9B25-5C80C7EFC57C}
2012-04-20 17:29 - 2012-04-20 17:29 - 00000000 ____D C:\Users\Dan\AppData\Local\{4F43F4D2-4BA1-4CA7-B523-507DB42F1B26}
2012-04-20 17:29 - 2012-04-20 17:29 - 00000000 ____D C:\Users\Dan\AppData\Local\{2BB1498C-BE8F-4CA8-B73F-8600902CD89A}
2012-04-19 21:42 - 2012-06-12 19:58 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-19 21:42 - 2012-06-12 19:58 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-19 21:42 - 2012-06-12 19:58 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-19 21:42 - 2012-06-12 19:58 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-19 21:42 - 2012-06-12 19:58 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-19 21:42 - 2012-06-12 19:58 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-19 21:42 - 2012-06-12 19:58 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-19 21:42 - 2012-06-12 19:58 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-19 21:33 - 2012-04-19 21:33 - 00000000 ____D C:\Users\Dan\AppData\Local\{6EA4B401-E6F8-4828-B5FF-AA47D086230D}
2012-04-19 21:33 - 2012-04-19 21:32 - 00000000 ____D C:\Users\Dan\AppData\Local\{A0479E39-FA81-40E9-8763-D941F0541A29}
2012-04-19 21:00 - 2012-06-12 19:58 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-19 21:00 - 2012-06-12 19:58 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-19 20:57 - 2012-06-12 19:58 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-19 20:57 - 2012-06-12 19:58 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-19 20:57 - 2012-06-12 19:58 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-19 20:56 - 2012-06-12 19:58 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-19 20:56 - 2012-06-12 19:58 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-19 20:56 - 2012-06-12 19:58 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-19 19:45 - 2012-06-12 19:58 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-19 19:16 - 2012-06-12 19:58 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-19 11:11 - 2012-04-19 11:11 - 00000000 ____D C:\Users\Dan\AppData\Local\{21D9A6BA-1B4C-4915-8363-3424479F2060}
2012-04-19 11:11 - 2012-04-19 11:11 - 00000000 ____D C:\Users\Dan\AppData\Local\{1434EF10-79F6-4F99-839D-CD478189E8B0}
2012-04-18 11:58 - 2012-04-18 11:58 - 00000000 ____D C:\Users\Dan\AppData\Local\{C12842F5-F8F3-4D33-A7E0-71186394220F}
2012-04-18 11:58 - 2012-04-18 11:58 - 00000000 ____D C:\Users\Dan\AppData\Local\{6338DC90-05BD-49E5-8D21-714AD6C82B33}
2012-04-18 09:08 - 2012-05-23 07:06 - 01451840 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
2012-04-18 09:08 - 2012-05-23 07:06 - 00188736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-04-18 09:08 - 2012-05-23 07:06 - 00031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-04-17 21:19 - 2012-04-17 21:19 - 00000000 ____D C:\Users\Dan\AppData\Local\{D33586DB-6FC8-40C2-A3F3-701518E88373}
2012-04-17 21:19 - 2012-04-17 21:19 - 00000000 ____D C:\Users\Dan\AppData\Local\{5E2E6EDC-C841-487E-B987-45A515DF7D53}
2012-04-17 16:25 - 2012-04-17 16:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{AAFADF50-B809-4EAF-9265-2C0A60B8794A}
2012-04-17 16:25 - 2012-04-17 16:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{0D303FA9-FB7B-4831-A54B-969D94F92360}
2012-04-17 10:39 - 2012-04-17 10:39 - 00000000 ____D C:\Users\Dan\AppData\Local\{C21878F1-3419-430A-8057-7CA7ED701451}
2012-04-17 10:39 - 2012-04-17 10:39 - 00000000 ____D C:\Users\Dan\AppData\Local\{5053BBD0-F24C-4EBF-A303-345E37A08DB0}
2012-04-16 21:49 - 2012-04-16 21:49 - 00000000 ____D C:\Users\Dan\AppData\Local\{E16274F0-C9DA-4E95-AA78-4B5C6F0904FE}
2012-04-16 21:49 - 2012-04-16 21:48 - 00000000 ____D C:\Users\Dan\AppData\Local\{58551FC3-3DF2-4693-915F-58F76DE92487}
2012-04-16 21:31 - 2012-06-12 19:58 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-16 20:34 - 2012-06-12 19:58 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-16 11:04 - 2012-04-16 11:04 - 00000000 ____D C:\Users\Dan\AppData\Local\{F7BA92DA-87F7-4891-B667-AD33AF1E0786}
2012-04-16 11:04 - 2012-04-16 11:04 - 00000000 ____D C:\Users\Dan\AppData\Local\{2ADE152D-89FB-4490-90D6-ACF82AEC7353}
2012-04-16 08:36 - 2012-04-16 08:36 - 00000000 ____D C:\Users\Dan\AppData\Local\{D75B642A-4C84-4187-B8D1-8E25CB55E3E9}
2012-04-16 08:36 - 2012-04-16 08:35 - 00000000 ____D C:\Users\Dan\AppData\Local\{6C85B781-965A-4648-AF92-4ABFED4E52ED}
2012-04-15 21:51 - 2012-04-15 21:51 - 00000000 ____D C:\Users\Dan\AppData\Local\{A58900E7-3FFB-47CA-8DBB-689A7481BB58}
2012-04-15 21:51 - 2012-04-15 21:51 - 00000000 ____D C:\Users\Dan\AppData\Local\{9F99D7AF-69C0-4E98-8DD1-A332B3A5B89E}
2012-04-15 19:55 - 2012-04-15 19:55 - 00000000 ____D C:\Users\Dan\AppData\Local\{DAAA2339-2ECF-4D21-8932-7A8FA5BF3AE1}
2012-04-15 19:55 - 2012-04-15 19:54 - 00000000 ____D C:\Users\Dan\AppData\Local\{BEBD1596-6111-4EA2-B3C2-E1A329CA0555}
2012-04-15 17:11 - 2012-04-15 17:11 - 00000000 ____D C:\Users\Dan\AppData\Local\{A7C50E0B-643C-4ABC-A62E-6A32AD9DA0A7}
2012-04-15 17:11 - 2012-04-15 17:11 - 00000000 ____D C:\Users\Dan\AppData\Local\{16E650B0-CB2A-4E8B-8C6A-3BBBAB433C65}
2012-04-15 12:01 - 2012-04-15 12:01 - 00000000 ____D C:\Users\Dan\AppData\Local\{E9996E5B-5E81-4C60-8757-A4D70AD93987}
2012-04-15 12:01 - 2012-04-15 12:00 - 00000000 ____D C:\Users\Dan\AppData\Local\{C92D1E88-971C-429E-9407-E1372528925F}
2012-04-15 10:30 - 2012-04-15 10:29 - 00000000 ____D C:\Users\Dan\AppData\Local\{200525F7-7A2C-40F3-B11F-0ED290724205}
2012-04-15 10:29 - 2012-04-15 10:29 - 00000000 ____D C:\Users\Dan\AppData\Local\{8A23F49B-947D-499B-93BF-A9B1369C1F10}
2012-04-15 06:53 - 2012-04-15 06:52 - 00000000 ____D C:\Users\Dan\AppData\Local\{001447A5-E8AC-4148-BF74-0CC2A3FE1312}
2012-04-15 06:52 - 2012-04-15 06:52 - 00000000 ____D C:\Users\Dan\AppData\Local\{96615B36-7041-4119-AD51-A990AD086E67}
2012-04-14 21:47 - 2012-04-14 21:47 - 00000000 ____D C:\Users\Dan\AppData\Local\{066F8E0B-8095-4A50-A862-4339E046BCC9}
2012-04-14 21:47 - 2012-04-14 21:46 - 00000000 ____D C:\Users\Dan\AppData\Local\{B98BF740-8AFB-4EC7-8D5C-0F4E1B5B8F8D}
2012-04-14 20:55 - 2012-04-14 20:55 - 00000000 ____D C:\Users\Dan\AppData\Local\{3620FBEB-5E27-4435-A9CF-E406A439C098}
2012-04-12 13:18 - 2012-04-12 13:18 - 00000000 ____D C:\Users\Dan\AppData\Local\{289E7A9A-F7A4-4C5A-A9A0-68AE3E9FC9C5}
2012-04-11 12:06 - 2012-04-11 12:06 - 00000000 ____D C:\Users\Dan\AppData\Local\{CFE8456A-0DC7-431D-9AD9-AC4DDE28BBF2}
2012-04-10 18:35 - 2012-04-10 18:35 - 00000000 ____D C:\Users\Dan\AppData\Local\{5AC8C7B1-EAAA-4D8E-8FA1-5CB9EC0D83D8}
2012-04-10 06:34 - 2012-04-10 06:34 - 00000000 ____D C:\Users\Dan\AppData\Local\{690F5274-1D0B-4683-BD0F-E913050653B3}
2012-04-08 19:49 - 2012-04-08 19:49 - 00000000 ____D C:\Users\Dan\AppData\Local\{D3E9AA25-4DDE-4055-BEE1-18C40A245693}
2012-04-07 17:26 - 2012-04-07 17:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{9EB31EA6-FD66-4AB5-8581-B9FF10482522}
2012-04-07 04:31 - 2012-06-12 19:57 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 03:26 - 2012-06-12 19:57 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-06 19:57 - 2012-04-06 19:57 - 00000000 ____D C:\Users\Dan\AppData\Local\{5CAF6C13-7703-46E0-B8DC-2A17AF897AE1}
2012-04-06 12:36 - 2012-04-06 12:33 - 00000000 ____D C:\Users\Dan\Desktop\KS
2012-04-06 07:56 - 2012-04-06 07:56 - 00000000 ____D C:\Users\Dan\AppData\Local\{9A92BE3D-A3E3-43E7-8CCF-3D4A68AB3306}
2012-04-05 12:16 - 2012-04-05 12:15 - 00000000 ____D C:\Users\Dan\AppData\Local\{6D80198A-0CFF-4B1C-A60F-739592A12DB4}
2012-04-04 14:56 - 2011-04-09 02:02 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 09:56 - 2012-04-04 09:56 - 00000000 ____D C:\Users\Dan\AppData\Local\{FBE0F65A-5C89-48CC-A291-1201A42955BF}
2012-04-03 21:56 - 2012-04-03 21:56 - 00000000 ____D C:\Users\Dan\AppData\Local\{37CADD5A-0823-4C5D-99B9-AFD6E282D5C7}
2012-04-02 08:38 - 2012-04-02 08:38 - 00000000 ____D C:\Users\Dan\AppData\Local\{D3F03256-E6FF-40A9-8A75-F5BFD18E95C9}
2012-04-01 12:41 - 2012-04-01 12:40 - 00000000 ____D C:\Users\Dan\AppData\Local\{714DC18E-57DE-43E0-B0EE-752FA3D143B7}
[FONT=Calibri]2012-03-31 18:17 - 2012-03-31 18:16 - 00000000 ____D C:\Users\Dan\AppData\Local\{D3BABD7A-[/FONT]
 
B89B-438B-BCFB-EA6774C6FA24}
2012-03-31 06:16 - 2012-03-31 06:16 - 00000000 ____D C:\Users\Dan\AppData\Local\{7623A18D-BB2D-4A8C-B611-CF8D92681865}
2012-03-30 14:59 - 2011-10-13 11:03 - 00000000 ____D C:\Users\Dan\Desktop\Law
2012-03-30 11:06 - 2012-03-30 11:06 - 00000000 ____D C:\Users\Dan\AppData\Local\{F9BCCF2E-9F0B-4527-81AD-0936220D2432}
2012-03-30 03:35 - 2012-05-09 16:41 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 21:52 - 2012-03-29 21:52 - 00000000 ____D C:\Users\Dan\AppData\Local\{3FF4B51E-F29F-44C6-ACC2-9C5F69FBE8D6}
2012-03-29 09:35 - 2012-03-29 09:35 - 00000000 ____D C:\Users\Dan\AppData\Local\{6743759E-CDE0-4370-BA20-36115B26DE69}
2012-03-28 19:31 - 2012-03-28 19:31 - 00000000 ____D C:\Users\Dan\AppData\Local\{6FDA3A20-C643-40E2-988D-515306BE7139}
2012-03-27 22:30 - 2012-03-27 22:30 - 00000000 ____D C:\Users\Dan\AppData\Local\{C12F1399-FCBA-4247-97A5-6417A2D321D3}
2012-03-27 22:30 - 2012-03-27 22:30 - 00000000 ____D C:\Users\Dan\AppData\Local\{8CE4D224-C443-4309-BB39-6C3003381ACA}
2012-03-27 10:29 - 2012-03-27 10:29 - 00000000 ____D C:\Users\Dan\AppData\Local\{7CBC2F91-A65B-4210-9865-CABD9F8DC4CE}
2012-03-27 10:29 - 2012-03-27 10:29 - 00000000 ____D C:\Users\Dan\AppData\Local\{6A39E0D1-2491-4D50-B0C1-680B96825860}

ZeroAccess:
C:\Windows\Installer\{2530ad49-bb07-94ba-ed79-1caa08e8bbf1}
C:\Windows\Installer\{2530ad49-bb07-94ba-ed79-1caa08e8bbf1}\@
C:\Windows\Installer\{2530ad49-bb07-94ba-ed79-1caa08e8bbf1}\L
C:\Windows\Installer\{2530ad49-bb07-94ba-ed79-1caa08e8bbf1}\U
C:\Windows\Installer\{2530ad49-bb07-94ba-ed79-1caa08e8bbf1}\U\800000cb.@

ZeroAccess:
C:\Users\Dan\AppData\Local\{2530ad49-bb07-94ba-ed79-1caa08e8bbf1}
C:\Users\Dan\AppData\Local\{2530ad49-bb07-94ba-ed79-1caa08e8bbf1}\@
C:\Users\Dan\AppData\Local\{2530ad49-bb07-94ba-ed79-1caa08e8bbf1}\L
C:\Users\Dan\AppData\Local\{2530ad49-bb07-94ba-ed79-1caa08e8bbf1}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4084.48 MB
Available physical RAM: 3490 MB
Total Pagefile: 4082.63 MB
Available Pagefile: 3476.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (TI105861W0D) (Fixed) (Total:453.79 GB) (Free:375.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (DRAWMEATREE) (CDROM) (Total:7.04 GB) (Free:0 GB) UDF
4 Drive f: (LATHAM) (Removable) (Total:0.49 GB) (Free:0.46 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 503 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 453 GB 1501 MB
Partition 3 Primary 10 GB 455 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI105861W0D NTFS Partition 453 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 503 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F LATHAM FAT Removable 503 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2011-09-27 17:34

======================= End Of Log ==========================
 
In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to UBCD and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.
 
Farbar Recovery Scan Tool Version: 24-06-2012
Ran by SYSTEM at 2012-06-24 15:24:57
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next....

Restart computer normally and...

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 

Attachments

  • fixlist.txt
    393 bytes · Views: 3
Here's the fixlog. I'm moving on to the other steps now.


Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 24-06-2012
Ran by SYSTEM at 2012-06-24 15:53:54 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Windows\System32\consrv.dll not found.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
C:\Windows\Installer\{2530ad49-bb07-94ba-ed79-1caa08e8bbf1} moved successfully.
C:\Users\Dan\AppData\Local\{2530ad49-bb07-94ba-ed79-1caa08e8bbf1} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====
 
Combofix ran fine and finished, but I can't get back on the internet. My computer is saying that I'm connected to my home's wireless network (through which other computers are currently connected), but it's not letting me on.
 
ComboFix 12-06-24.03 - Dan 06/24/2012 16:16:57.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4084.2428 [GMT -7:00]
Running from: c:\users\Dan\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\657405y0j711t125n073v2rlu0r2
c:\programdata\6c2c9f7c19cc348bc2ecb60e6fdb722fe298a6fd
c:\programdata\uJ422WwP.exe
c:\users\Dan\Documents\~WRL0003.tmp
c:\users\Dan\Documents\~WRL0005.tmp
c:\users\Dan\Documents\~WRL3676.tmp
c:\users\Dan\Documents\~WRL3881.tmp
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))
.
.
2012-06-24 23:26 . 2012-06-24 23:26 -------- d-----w- c:\users\Dan\AppData\Roaming\TeamViewer
2012-06-24 23:24 . 2012-06-24 23:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-24 21:37 . 2012-06-24 21:39 -------- d-----w- C:\FRST
2012-06-23 23:01 . 2012-06-23 23:01 -------- d-----w- c:\program files\CCleaner
2012-06-23 22:41 . 2012-06-23 22:54 -------- d-----w- c:\programdata\HitmanPro
2012-06-23 04:23 . 2012-06-23 04:23 -------- d-sh--w- c:\programdata\oy8XOlg2sbfSWB
2012-06-13 03:57 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-10 20:14 . 2012-06-10 20:14 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-10 20:14 . 2012-06-10 20:14 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 10:48 . 2012-05-23 15:06 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-05-23 15:06 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-05-23 15:06 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-05-23 15:06 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-05-23 15:06 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-23 15:06 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-05-23 15:06 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-05-23 15:06 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-05-23 15:06 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-05-23 15:06 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-23 15:06 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-05-23 15:06 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-05-23 15:06 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2011-09-16 19:19 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2011-09-16 19:19 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2011-09-12 15:16 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-09-12 15:16 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2010-01-16 08:02 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2010-01-16 08:02 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2009-12-07 01:30 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2009-12-07 01:30 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 09:29 . 2010-01-18 05:44 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2010-01-18 05:44 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2010-01-18 05:44 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2009-12-07 17:02 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2010-01-18 05:44 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2010-01-18 05:44 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-09 19:21 . 2012-05-17 05:12 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-09 19:21 . 2011-09-28 05:39 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-18 17:08 . 2012-05-23 15:06 31040 ----a-w- c:\windows\system32\nvhdap64.dll
2012-04-18 17:08 . 2012-05-23 15:06 188736 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-04-18 17:08 . 2012-05-23 15:06 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2012-04-04 22:56 . 2011-04-09 10:02 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 11:35 . 2012-05-10 00:41 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-14 39408]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-04-19 15146376]
"GameXN GO"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-09 347008]
"b6jcgvAHL"="c:\programdata\oy8XOlg2sbfSWB\Y5xkSVzVWD4sthWP\L55sp76B5np740\tkKLFoADIKs6k\SUjBQoPeYelf\bPw84MTuWvN35R\rNGZaBBdw.exe" [2012-06-23 31231801]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"NortonOnlineBackupReminder"="c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-24 2454840]
"HostManager"="c:\program files (x86)\Common Files\AOL\1277704962\ee\AOLSoftware.exe" [2010-02-10 41800]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"PrintServer Diagnostic"="c:\program files (x86)\Print Server2\PTP\PSDiagnostic.exe" [2004-11-25 266240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-13 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
R1 SASDIFSV;SASDIFSV;c:\users\Dan\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Dan\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-28 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-28 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-03-25 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2011-11-17 2560]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-09-02 115056]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdgx64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-24 c:\windows\Tasks\Free File Viewer Update Checker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2010-11-11 19:25]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-28 05:37]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-28 05:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 709976]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-25 2839840]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\llnx2h19.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aolTB50CL-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-aolTB50CL-ab-en-us&query=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
Toolbar-Locked - (no file)
HKLM-Run-HDMICtrlMan - c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-FoxTab Media Player - c:\program files (x86)\FoxTabFLVPlayer\Uninstall\Uninstall.exe
AddRemove-Trader Workstation - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$I&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,42,54,3b,7e,24,3e,19,f8
"2"=hex:74,3a,ea,7a,01,1a,f6,06,21,62,93,b5,cb,23,e3,91,85,38,0e,f8,ce,56,2c,
d2,a4,f2,d0,33,2d,ee,33,13
"3"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,be,55,66,4e,06,ba,4c,d8,66,9a,0f,4f,39,c4,a1,1d,fa,72,08,2f,25,9c,e8,b6,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$I&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F\D26BD25DC85E777542CA969E56548E46]
"1"=hex:c0,52,20,b1,47,91,30,5f,58,6a,ea,d4,ff,71,4b,c6,a8,87,6f,5a,78,c6,5d,
5b,22,26,64,2f,88,eb,a4,7b
"2"=hex:2e,2a,64,cc,69,b1,fa,45
"3"=hex:86,66,03,06,89,8e,9d,a3,06,17,94,c5,23,94,55,f5,00,b5,44,3b,73,36,0d,
21,8f,76,99,bb,cd,2d,44,93,93,b6,87,bc,e5,d6,f1,26,47,22,e1,e5,51,d9,ec,95,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:c0,52,20,b1,47,91,30,5f,58,6a,ea,d4,ff,71,4b,c6,a8,87,6f,5a,78,c6,5d,
5b,8c,75,7b,03,a2,57,45,f3,7d,9a,95,05,b8,ad,07,d6,8a,81,08,3a,da,7f,4f,29,\
"7"=hex:9c,0f,26,c5,43,55,e2,9e,79,40,de,a7,ca,bc,f3,99,99,4d,91,38,55,4f,0b,
a5,8f,9b,e5,fc,d6,5f,45,dd,f6,df,ab,53,85,3c,a2,16,6d,58,d5,44,e1,b2,db,fb,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,dd,5f,b3,ed,0b,f3,84,
77,45,a9,de,2e,a4,95,f6,88,d1,8e,cf,5a,45,90,66,fc,23,93,03,59,55,2d,c6,bd,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:05,0c,6b,5f,6a,e7,f2,0c,7b,5d,7e,4f,98,94,49,3c,08,30,53,db,b5,36,5a,
12,fc,04,63,b0,bd,11,3b,3b,f2,cb,44,61,2e,42,17,38,30,b2,34,94,56,a2,ce,d2,\
"13"=hex:55,c2,ec,dd,1b,5b,87,c5,9c,06,6b,0b,f0,a2,40,58,36,88,0f,00,5a,a1,f6,
0b
"14"=hex:dd,25,64,f3,20,04,ef,cb
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:f9,15,03,41,f4,b7,0c,d1,1a,2e,f4,1f,4d,6e,68,c4
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:89,16,99,f7,70,4e,1d,5f,63,c5,26,4f,e0,0c,92,99,f7,48,f8,1b,96,ca,89,
e5,1a,ea,1e,5d,4c,7e,e8,e3,80,83,f8,2b,48,64,04,b0,ea,63,3d,68,13,28,07,a9,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$I&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB]
"1"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,d6,9f,52,ce,23,dc,1a,
c2
"2"=hex:d1,c8,c3,5e,08,10,b9,8f,1e,fd,a6,7c,f5,6d,b0,f3,a6,71,8f,f8,ab,bd,bd,
76,64,10,04,f0,92,77,f9,20
"3"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,ac,98,11,9b,be,95,83,
07,ae,ba,7e,d8,e6,d6,56,50,c4,dc,bb,7b,18,78,a4,de,04,5c,25,4e,9f,d7,39,6d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$I&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB\DBF31101A5C3B93315CBBEA90ED13257]
"1"=hex:05,63,4e,ca,af,1d,39,e0,e8,3b,06,bc,35,26,5b,04,02,70,fd,49,72,ea,3f,
0d,c1,ed,7b,62,a7,87,bb,89
"2"=hex:c6,d7,96,b5,5f,fa,3f,77
"3"=hex:35,4f,bd,24,f4,ff,1d,e6,1f,8b,ea,de,24,6b,4b,03,7e,2c,ae,6b,69,82,4d,
61,99,79,85,94,21,41,ce,93,21,d2,1a,d7,12,1f,8c,68,a6,a5,ff,ee,42,ec,f5,27,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:05,63,4e,ca,af,1d,39,e0,e8,3b,06,bc,35,26,5b,04,02,70,fd,49,72,ea,3f,
0d,38,a0,6c,90,31,db,5a,af,1a,99,07,f1,ef,d1,93,a4,80,fd,34,8b,e9,c5,e1,a0,\
"7"=hex:3b,e8,2f,01,6c,32,33,d8,e1,d7,f3,f6,0e,0a,fa,46,62,39,09,43,d3,da,73,
d4,4e,db,d0,f9,b1,fb,0a,f1,d3,99,57,af,7d,98,93,fd,a5,1e,64,b6,5b,35,28,e1,\
"8"=hex:63,5a,d7,1b,b1,d4,18,46,3c,25,e7,95,a9,cd,5a,04,96,a6,43,00,08,a7,a8,
d1,a4,cd,ac,42,1d,60,62,ae,4b,ee,0e,92,e7,bf,f1,1a
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:fb,49,8e,8a,e1,88,6c,77,f4,d6,c4,14,d5,18,6b,97,ae,40,37,a0,e6,5c,11,
15,86,b5,53,01,4d,75,1a,6a,2a,45,7d,7c,ac,a9,63,3d,fe,6c,e5,92,b2,eb,13,d4,\
"13"=hex:d0,10,23,f6,a8,4f,4a,53,31,a8,38,4d,41,49,59,4a,98,82,a7,a2,6d,5a,ec,
40
"14"=hex:79,6a,b1,0b,fb,82,9f,17
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:0d,08,86,72,91,5d,e3,bf,a2,0d,fc,d5,c9,fe,2c,cd
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:3b,0c,4d,b3,79,79,33,9b,c4,65,a4,fd,16,13,8b,a4,a6,0d,9f,81,8c,50,22,
8b,8f,9f,cf,80,b9,99,e0,68,80,4f,34,27,61,a4,f4,b6,b1,b8,33,2a,a1,80,e8,df,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Swearware\backup\winsock2\Parameters]
@DACL=(02 0000)
@SACL=
"NameSpace_Callout"=expand:"%SystemRoot%\\System32\\fwpuclnt.dll"
"WinSock_Registry_Version"="2.0"
"AutodialDLL"="rasadhlp.dll"
"Current_NameSpace_Catalog"="NameSpace_Catalog5"
"Current_Protocol_Catalog"="Protocol_Catalog9"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
.
**************************************************************************
.
Completion time: 2012-06-24 16:31:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-24 23:31
.
Pre-Run: 403,465,166,848 bytes free
Post-Run: 402,833,612,800 bytes free
.
- - End Of File - - C318F2F71F9476337BDFF872EDFC4B94
 
Let's see what's going on....

Please download Farbar Service Scanner Download Link and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
 
Farbar Service Scanner Version: 24-06-2012 01
Ran by Dan (administrator) on 24-06-2012 at 18:46:51
Running from "E:\"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****
 
All those settings are fine.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Devices (do NOT change any settings)
  • List Users, Partitions and Memory size
Click Go and post the result.
 
MiniToolBox by Farbar Version: 09-06-2012
Ran by Dan (administrator) on 24-06-2012 at 19:22:58
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
========================= FF Proxy Settings: ==============================
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection 2 (Connected)
Atheros AR8131 PCI-E Gigabit Ethernet Controller = Local Area Connection 2 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global

popd
# End of IPv4 configuration

Windows IP Configuration
Host Name . . . . . . . . . . . . : LawMonster
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Wireless LAN adapter Wireless Network Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC #2
Physical Address. . . . . . . . . : 70-F1-A1-A7-6C-B5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c1fe:2880:94aa:1cda%15(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.28.218(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 359723425
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-9A-80-D6-C8-0A-A9-AE-04-29
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8131 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : C8-0A-A9-AE-04-29
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{89AEED7C-6744-47E5-9429-8FBC86D5A94B}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #8
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1
Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: fec0:0:0:ffff::1
Ping request could not find host yahoo.com. Please check the name and try again.
Server: UnKnown
Address: fec0:0:0:ffff::1
Ping request could not find host bleepingcomputer.com. Please check the name and try again.
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15...70 f1 a1 a7 6c b5 ......Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC #2
14...c8 0a a9 ae 04 29 ......Atheros AR8131 PCI-E Gigabit Ethernet Controller
1...........................Software Loopback Interface 1
23...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #8
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.28.218 281
169.254.28.218 255.255.255.255 On-link 169.254.28.218 281
169.254.255.255 255.255.255.255 On-link 169.254.28.218 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.28.218 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.28.218 281
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
15 281 fe80::/64 On-link
15 281 fe80::c1fe:2880:94aa:1cda/128
On-link
1 306 ff00::/8 On-link
15 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (06/24/2012 05:05:09 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0062-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved
Error: (06/24/2012 04:56:47 PM) (Source: TOSHIBA Service Station) (User: )
Description: TSS Load: could not communicate with TMachInfo service
Error: (06/24/2012 04:53:34 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Works - Update 'Security Update for Microsoft Works 9 (KB2680317)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (06/24/2012 04:53:34 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Works -- Error 1606.Could not access network location %APPDATA%\.
Error: (06/24/2012 04:53:34 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
Description: Product: Microsoft Works -- Error 1606.Could not access network location %APPDATA%\.
Error: (06/24/2012 04:50:30 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0062-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved
Error: (06/24/2012 04:42:03 PM) (Source: TOSHIBA Service Station) (User: )
Description: TSS Load: could not communicate with TMachInfo service
Error: (06/24/2012 04:36:09 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0062-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved
Error: (06/24/2012 04:21:55 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0062-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved
Error: (06/24/2012 04:13:25 PM) (Source: TOSHIBA Service Station) (User: )
Description: TSS Load: could not communicate with TMachInfo service

System errors:
=============
Error: (06/24/2012 04:59:39 PM) (Source: DCOM) (User: )
Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}
Error: (06/24/2012 04:55:07 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL
Error: (06/24/2012 04:54:41 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10022
Error: (06/24/2012 04:53:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Works 9 (KB2680317).
Error: (06/24/2012 04:40:28 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL
Error: (06/24/2012 04:40:06 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10022
Error: (06/24/2012 04:39:59 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 4:38:22 PM on ?6/?24/?2012 was unexpected.
Error: (06/24/2012 04:26:07 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL
Error: (06/24/2012 04:25:44 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%126
Error: (06/24/2012 04:25:36 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10022

Microsoft Office Sessions:
=========================
========================= Devices: ================================
Name: SASDIFSV
Description: SASDIFSV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASDIFSV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASKUTIL
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

========================= Memory info: ===================================
Percentage of memory in use: 42%
Total physical RAM: 4084.48 MB
Available physical RAM: 2359.61 MB
Total Pagefile: 8167.15 MB
Available Pagefile: 6284.23 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.88 MB
========================= Partitions: =====================================
1 Drive c: (TI105861W0D) (Fixed) (Total:453.79 GB) (Free:375.2 GB) NTFS
2 Drive d: (DRAWMEATREE) (CDROM) (Total:7.04 GB) (Free:0 GB) UDF
3 Drive e: (LATHAM) (Removable) (Total:0.49 GB) (Free:0.46 GB) FAT
========================= Users: ========================================
User accounts for \\LAWMONSTER
Administrator Dan Guest

**** End of log ****
 
It looks to me like a matter of adjusting some settings as "Default Gateway" value is missing.

Make sure, your settings are correct.
1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol version 4 (TCP/IPv4), make sure it is checked, and then click Properties
6. Make sure Obtain an IP Address Automatically and Obtain DNS server address Automatically are checked.
7. Click on "Advanced" button and make sure "IP Settings" tab looks like this:
p4491747.gif

Make sure "DNS" tab looks like this:
p4491748.gif

Make sure "WINS" tab looks like this:
p4491749.gif

8. Still in Control Panel double click on "Internet options" then "Connections" tab then "LAN Settings" button. Make sure "Automatically detect settings" is checked.
If you made any changes OK your way out.
Restart computer.


If that doesn't work...
Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.

If that doesn't work, bypass router, and connect computer straight to the modem.

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Restart computer.

If that doesn't work...
Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.
 
I got up to the "flush dns" command, but when I tried the "registerdns" command, I got the message ""The requested operation requires elevation."
 
Busted. So, now I got through registerdns, but at "release," I'm getting "Windows IP Configuration. An error occurred while releasing interface Wireless Network Connection 2: An address has not yet been associated with the network endpoint. No operation can be performed on Local Area Connection 2 while it has its media disconnected."
 
Status
Not open for further replies.

Similar threads

Daniel Sims
Microsoft confirms standalone Office 2024 is coming to Windows and Mac later this year
Replies
15
Views
281
Gezzer
G
TS Dealmaster
  • Locked
Get a Microsoft Office lifetime license for $39, no subscription required
Replies
0
Views
833
TS Dealmaster
TS Dealmaster
TS Dealmaster
  • Locked
Microsoft Office deal is down to $58 for a lifetime license
Replies
0
Views
3K
TS Dealmaster
TS Dealmaster

Latest posts

Back