TechSpot

[A] Still yet more Win64/Sirefef.AE

By LobowolfXXX
Jun 24, 2012
  1. I'm getting pop-up warnings from Eset for the above, and a few other related threats. Sometimes it's telling me the threats are being quaranties; sometimes it says they can't be cleaned. The PatchedB.Gen is another one that comes up a lot. Despite the warnings, though, Eset scanned clean. MBAB found and removed one threat, but I'm still getting the popups. GMER did not give me a log, but here are the other ones:


    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.24.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Dan :: LAWMONSTER [administrator]

    6/24/2012 11:23:58 AM
    mbam-log-2012-06-24 (11-23-58).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 214022
    Time elapsed: 3 minute(s), 24 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Windows\Installer\{2530ad49-bb07-94ba-ed79-1caa08e8bbf1}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
    (end)

    ************
    Here's the attach log from DDS:

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/27/2010 10:26:15 PM
    System Uptime: 6/24/2012 11:33:41 AM (1 hours ago)
    .
    Motherboard: TOSHIBA | | Qosmio X505
    Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz | CPU 1 | 1317/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 454 GiB total, 376.339 GiB free.
    D: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: SASDIFSV
    Device ID: ROOT\LEGACY_SASDIFSV\0000
    Manufacturer:
    Name: SASDIFSV
    PNP Device ID: ROOT\LEGACY_SASDIFSV\0000
    Service: SASDIFSV
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: SASKUTIL
    Device ID: ROOT\LEGACY_SASKUTIL\0000
    Manufacturer:
    Name: SASKUTIL
    PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
    Service: SASKUTIL
    .
    ==== System Restore Points ===================
    .
    RP783: 6/15/2012 11:12:02 AM - Windows Update
    RP784: 6/15/2012 8:08:53 PM - Windows Update
    RP785: 6/16/2012 1:25:50 AM - Windows Update
    RP786: 6/16/2012 11:45:01 AM - Windows Update
    RP787: 6/16/2012 11:56:01 PM - Windows Update
    RP788: 6/17/2012 1:20:17 PM - Windows Update
    RP789: 6/17/2012 2:21:38 PM - Windows Update
    RP790: 6/17/2012 11:02:09 PM - Windows Update
    RP791: 6/19/2012 12:48:24 AM - Windows Update
    RP792: 6/19/2012 12:06:27 PM - Windows Update
    RP793: 6/20/2012 1:38:15 PM - Windows Update
    RP794: 6/20/2012 3:29:07 PM - Windows Update
    RP795: 6/21/2012 6:02:55 PM - Windows Update
    RP796: 6/21/2012 10:00:16 PM - Windows Update
    RP797: 6/22/2012 12:45:16 PM - Windows Update
    RP798: 6/23/2012 11:37:38 AM - Windows Update
    RP799: 6/23/2012 4:45:35 PM - Windows Update
    RP800: 6/24/2012 10:24:44 AM - Windows Update
    RP801: 6/24/2012 10:32:07 AM - Installed Java(TM) 6 Update 33
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe Flash Media Live Encoder 3.2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.3
    Amazon Links
    Amazon MP3 Downloader 1.0.10
    AnswerWorks 5.0 English Runtime
    AOL Toolbar
    AOL Uninstaller (Choose which Products to Remove)
    Apple Application Support
    Apple Software Update
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Bejeweled 2 Deluxe
    Bing Bar
    BlitzIn 2.7
    Bowl Bound College Football
    Bridge Base Online
    Bridge Buff 19
    Brother HL-2140
    ChatAssistant ver 3.1 build 1736
    Chess Assistant 10
    Chuzzle Deluxe
    Color LaserJet 1600
    Compatibility Pack for the 2007 Office system
    Corel WinDVD
    D3DX10
    Dan Gordon's NFL Handicapping Companion
    DominateGame 20050929 (dominate)
    Download Updater (AOL LLC)
    Dropbox
    eMedia Piano and Keyboard Method
    Escape Rosecliff Island
    FATE - The Traitor Soul
    FileZilla Client 3.5.0
    FoxTab Media Player
    Free File Viewer 2010
    FreeTorrentDownloader
    GameXN GO
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Guild Wars
    Guitar Leads Series Master Volume
    HDMI Control Manager
    iCopyBot for Windows 7.2.1
    Insaniquarium Deluxe 1.1
    Intel(R) Control Center
    Intel(R) Rapid Storage Technology
    Ipswitch WS_FTP 12
    Java Auto Updater
    Java(TM) 6 Update 33
    Jewel Quest 3
    Junk Mail filter update
    Label@Once 1.0
    LeXpert 3.2
    Malwarebytes Anti-Malware version 1.61.0.1400
    McAfee Security Scan Plus
    Mesh Runtime
    Messenger Companion
    Microsoft Corporation
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Click-to-Run 2010
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Business 2010 - English
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Microsoft XML Parser
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NOOK for PC
    NVIDIA 3D Vision Controller Driver
    NVIDIA PhysX
    O2Micro Flash Memory Card Windows Driver
    Objection Series 3.3
    Outline 4D
    Penguins!
    Play65
    PokerStars
    Polar Bowler
    Power Tab Editor 1.7
    Print Server Driver
    Quickbooks Financial Center
    Quicken 2010
    QuickTime
    Realtek WLAN Driver
    Scrivener Update
    Secunia PSI (2.0.0.4003)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Skype Launcher
    Skype Toolbars
    Skype™ 5.3
    South Point Poker
    System Requirements Lab
    TeamViewer 6
    Title Bout Championship Boxing 2.5
    TOSHIBA Application Installer
    TOSHIBA Assist
    TOSHIBA Bulletin Board
    TOSHIBA DVD PLAYER
    TOSHIBA eco Utility
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    Toshiba Laptop Checkup
    TOSHIBA Media Controller
    Toshiba Online Backup
    TOSHIBA Quality Application
    TOSHIBA ReelTime
    TOSHIBA Service Station
    TOSHIBA Supervisor Password
    TOSHIBA USB Sleep and Charge Utility
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    ToshibaRegistration
    Trader Workstation
    Trojan Killer 2.0
    U.S. Legal Forms, Inc. Pleading Macro
    Uninstall AOL Emergency Connect Utility 1.0
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Viewpoint Media Player
    Virtual Families
    Virtual Villagers - The Secret City
    WildTangent Games
    WildTangent ORB Game Console
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinZip 15.5
    WordBiz version 1.8
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    Zuma's Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/24/2012 11:38:03 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    6/24/2012 11:34:23 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
    6/24/2012 11:34:06 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    6/24/2012 11:34:05 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    6/24/2012 11:34:05 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    6/24/2012 11:34:05 AM, Error: Service Control Manager [7003] - The epfwwfpr service depends the following service: BFE. This service might not be installed.
    6/24/2012 10:31:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Works 9 (KB2680317).
    6/23/2012 3:57:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
    6/23/2012 3:57:46 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
    I'll put the other DDS log in a subsequent post.
     
  2. LobowolfXXX

    LobowolfXXX TS Rookie Topic Starter Posts: 28

    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_33
    Run by Dan at 11:59:44 on 2012-06-24
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4084.2652 [GMT -7:00]
    .
    AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\nvvsvc.exe
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\windows\system32\nvvsvc.exe
    C:\windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\windows\runservice.exe
    C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
    C:\windows\system32\DRIVERS\o2flash.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
    C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    C:\windows\system32\ThpSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files (x86)\Secunia\PSI\sua.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
    C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\TECO\Teco.exe
    C:\Windows\System32\ThpSrv.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Windows\vVX3000.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\ProgramData\GameXN\GameXNGO.exe
    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
    C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
    C:\Program Files (x86)\Common Files\aol\1277704962\ee\aolsoftware.exe
    C:\Program Files (x86)\Brownie\BrStsW64.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Brownie\brpjp04a.exe
    C:\windows\system32\wuauclt.exe
    C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    Q:\140062.enu\Office14\WINWORD.EXE
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
    C:\windows\splwow64.exe
    C:\Program Files (x86)\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
    C:\Program Files (x86)\AOL 9.5\waol.exe
    C:\Program Files (x86)\AOL 9.5\shellmon.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\conhost.exe
    C:\windows\SysWOW64\cscript.exe
    C:\windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
    uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
    uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll
    mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    uRun: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup
    uRun: [b6jcgvAHL] C:\ProgramData\oy8XOlg2sbfSWB\Y5xkSVzVWD4sthWP\L55sp76B5np740\tkKLFoADIKs6k\SUjBQoPeYelf\bPw84MTuWvN35R\rNGZaBBdw.exe
    uRun: [AOL Fast Start] "C:\Program Files (x86)\AOL 9.5\AOL.EXE" -b
    mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
    mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1277704962\ee\AOLSoftware.exe
    mRun: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
    mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [PrintServer Diagnostic] C:\Program Files (x86)\Print Server2\PTP\PSDiagnostic.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\Dan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{3FF33566-E6AB-451B-A61B-73160599AA5F} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{89AEED7C-6744-47E5-9429-8FBC86D5A94B} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{89AEED7C-6744-47E5-9429-8FBC86D5A94B}\34F42474F4C46423 : DhcpNameServer = 71.9.127.107 68.190.192.35 68.116.46.115 192.168.1.1 71.9.127.107 68.190.192.35 68.116.46.115
    TCP: Interfaces\{89AEED7C-6744-47E5-9429-8FBC86D5A94B}\441667964637F6E6 : DhcpNameServer = 192.168.0.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
    BHO-X64: AOL Toolbar Loader - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    mRun-x64: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
    mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    mRun-x64: [HostManager] C:\Program Files (x86)\Common Files\AOL\1277704962\ee\AOLSoftware.exe
    mRun-x64: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
    mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [PrintServer Diagnostic] C:\Program Files (x86)\Print Server2\PTP\PSDiagnostic.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\llnx2h19.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aolTB50CL-chromesbox-en-us
    FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-aolTB50CL-ab-en-us&query=
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\windows\SysWOW64\npmproxy.dll
    FF - plugin: Q:\140062.enu\Office14\NPAUTHZ.DLL
    FF - plugin: Q:\140062.enu\Office14\NPSPWRAP.DLL
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
    R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 eamonm;eamonm;C:\windows\system32\DRIVERS\eamonm.sys --> C:\windows\system32\DRIVERS\eamonm.sys [?]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-3-24 810120]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-4 13336]
    R2 LicCtrlService;LicCtrl Service;C:\Windows\Runservice.exe [2011-11-17 2560]
    R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-6-4 115056]
    R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2010-6-4 126392]
    R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-17 11032]
    R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-13 994360]
    R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-13 399416]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-6-6 2337144]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-9-28 251760]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]
    R3 O2MDGRDR;O2MDGRDR;C:\windows\system32\DRIVERS\o2mdgx64.sys --> C:\windows\system32\DRIVERS\o2mdgx64.sys [?]
    R3 O2SDGRDR;O2SDGRDR;C:\windows\system32\DRIVERS\o2sdgx64.sys --> C:\windows\system32\DRIVERS\o2sdgx64.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
    R3 PSI;PSI;C:\windows\system32\DRIVERS\psi_mf.sys --> C:\windows\system32\DRIVERS\psi_mf.sys [?]
    R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
    R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-6-4 51512]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-5 137560]
    R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 epfwwfpr;epfwwfpr;C:\windows\system32\DRIVERS\epfwwfpr.sys --> C:\windows\system32\DRIVERS\epfwwfpr.sys [?]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-27 135664]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
    S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-27 135664]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-6 113120]
    S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-06-24 17:26:11 -------- d-----w- C:\Users\Dan\AppData\Local\{F79465AE-734E-455C-8B3B-801112C059C1}
    2012-06-24 17:25:53 -------- d-----w- C:\Users\Dan\AppData\Local\{29B7DFE9-5C92-431B-A3EB-F5621F6BF397}
    2012-06-23 23:01:04 -------- d-----w- C:\Program Files\CCleaner
    2012-06-23 22:41:23 -------- d-----w- C:\ProgramData\HitmanPro
    2012-06-23 18:35:10 -------- d-----w- C:\Users\Dan\AppData\Local\{5B60CA59-52AF-46E4-8E9E-205F0ECD97F2}
    2012-06-23 18:34:53 -------- d-----w- C:\Users\Dan\AppData\Local\{B8E1E2AB-2880-491C-92A4-450657118565}
    2012-06-23 04:23:24 -------- d-sh--w- C:\ProgramData\oy8XOlg2sbfSWB
    2012-06-23 04:23:05 29097015 ----a-w- C:\ProgramData\uJ422WwP.exe
    2012-06-23 03:31:36 -------- d-----w- C:\Users\Dan\AppData\Local\{47EB55E3-B76E-4A73-BA92-2B3DF38B530D}
    2012-06-23 03:31:24 -------- d-----w- C:\Users\Dan\AppData\Local\{D6B6EAAA-4B65-4B6E-A05D-0A90D7EF4983}
    2012-06-22 15:30:30 -------- d-----w- C:\Users\Dan\AppData\Local\{462A3DEA-58D6-4AAD-AB1A-DA3E42210BF7}
    2012-06-22 15:30:14 -------- d-----w- C:\Users\Dan\AppData\Local\{1BF58B33-662B-4CEC-97BA-4AD71BE29833}
    2012-06-21 18:05:06 -------- d-----w- C:\Users\Dan\AppData\Local\{58766833-6E73-46BD-9C88-692D274EC3B4}
    2012-06-21 18:04:48 -------- d-----w- C:\Users\Dan\AppData\Local\{8467169C-71EA-478E-847B-6939DE23BF30}
    2012-06-20 20:36:25 -------- d-----w- C:\Users\Dan\AppData\Local\{3F805B19-C8A5-4947-B622-A3E5060C7F6B}
    2012-06-20 20:36:11 -------- d-----w- C:\Users\Dan\AppData\Local\{BC92BB70-B2FF-4304-9BEC-C7E8709C92F3}
    2012-06-19 17:11:41 -------- d-----w- C:\Users\Dan\AppData\Local\{89736433-B6FE-4F20-9C49-B62CF3B27638}
    2012-06-19 17:11:20 -------- d-----w- C:\Users\Dan\AppData\Local\{40B5B994-7C26-430A-875A-0A9BB6F773EB}
    2012-06-19 02:54:52 -------- d-----w- C:\Users\Dan\AppData\Local\{DFC9DD8D-34C5-4812-AA81-42AC6ACE1FDC}
    2012-06-19 02:54:37 -------- d-----w- C:\Users\Dan\AppData\Local\{263406F1-F975-494F-8BBB-6F78A94B101B}
    2012-06-17 20:25:56 -------- d-----w- C:\Users\Dan\AppData\Local\{D2E3C0E5-9A2D-4BAC-AA23-300EF61B374A}
    2012-06-17 05:48:04 -------- d-----w- C:\Users\Dan\AppData\Local\{A1AACBB3-0723-4E7F-9B72-49CBCADDABD9}
    2012-06-16 17:47:39 -------- d-----w- C:\Users\Dan\AppData\Local\{8282D691-3842-4EFE-9614-C69D714C13F1}
    2012-06-16 05:47:11 -------- d-----w- C:\Users\Dan\AppData\Local\{68F4BAA2-74D6-4117-A900-EA5196DD0BEC}
    2012-06-15 16:20:34 -------- d-----w- C:\Users\Dan\AppData\Local\{C650D261-256C-4E1B-A0BB-020A1F7BE532}
    2012-06-15 04:20:06 -------- d-----w- C:\Users\Dan\AppData\Local\{78E68589-4CE1-4DD2-A874-8BBE76D367DE}
    2012-06-14 16:19:18 -------- d-----w- C:\Users\Dan\AppData\Local\{21DD5BDE-8387-460F-846B-C339AAA6A3C0}
    2012-06-14 16:19:03 -------- d-----w- C:\Users\Dan\AppData\Local\{77914D45-87F9-4D2D-BA29-A23E012450C1}
    2012-06-13 23:20:05 -------- d-----w- C:\Users\Dan\AppData\Local\{E5B2E040-E0D8-40EA-81DB-30A6911D3D94}
    2012-06-13 23:19:49 -------- d-----w- C:\Users\Dan\AppData\Local\{5FD13A09-CFCD-4764-AA34-A329A7788806}
    2012-06-13 03:57:53 209920 ----a-w- C:\windows\System32\profsvc.dll
    2012-06-12 22:57:48 -------- d-----w- C:\Users\Dan\AppData\Local\{FDC6DEB4-966C-493F-9B38-FBE986EF9EB3}
    2012-06-12 22:57:37 -------- d-----w- C:\Users\Dan\AppData\Local\{A12A2DA5-3760-4E03-B915-4F161C19B80F}
    2012-06-12 03:59:46 -------- d-----w- C:\Users\Dan\AppData\Local\{41189B82-BC2F-45DC-8266-8880BFFB08FD}
    2012-06-12 03:59:26 -------- d-----w- C:\Users\Dan\AppData\Local\{111BFB54-846E-4130-836C-90869241A26B}
    2012-06-11 15:58:41 -------- d-----w- C:\Users\Dan\AppData\Local\{E641F3C7-8293-4D2B-B8FF-9E30883C2655}
    2012-06-11 15:58:28 -------- d-----w- C:\Users\Dan\AppData\Local\{56E267E5-387D-46CE-8A42-42049EB91D05}
    2012-06-10 20:14:24 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-10 20:14:24 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-10 20:13:53 -------- d-----w- C:\Users\Dan\AppData\Local\{C9503E2B-804A-48F5-872F-321082F4B86C}
    2012-06-10 20:13:36 -------- d-----w- C:\Users\Dan\AppData\Local\{8BC3E36F-16A8-4EA4-83EE-A1326A3E78DE}
    2012-06-08 23:42:06 -------- d-----w- C:\Users\Dan\AppData\Local\{A9C6A9A1-4E26-4885-8ADE-C6885CF9B5AC}
    2012-06-08 23:41:47 -------- d-----w- C:\Users\Dan\AppData\Local\{71ACB9E0-A185-4791-9337-5759BE383566}
    2012-06-08 08:25:09 -------- d-----w- C:\Users\Dan\AppData\Local\{49A21C5B-FCB5-473B-A78E-05294CDE7826}
    2012-06-08 08:24:58 -------- d-----w- C:\Users\Dan\AppData\Local\{6DD6DB93-46E3-4C9E-848C-705354F25127}
    2012-06-07 20:24:16 -------- d-----w- C:\Users\Dan\AppData\Local\{79A065FF-B7C6-430C-8117-C9430B155E31}
    2012-06-07 20:23:57 -------- d-----w- C:\Users\Dan\AppData\Local\{752978B8-AEA8-44F0-B96E-E06B49D0D59A}
    2012-06-06 04:59:39 -------- d-----w- C:\Users\Dan\AppData\Local\{821061D1-D322-4496-94C2-09A92F13061A}
    2012-06-06 04:59:28 -------- d-----w- C:\Users\Dan\AppData\Local\{2EFEDE88-BFE0-442F-A7EA-88EF89F8E68C}
    2012-06-05 16:58:29 -------- d-----w- C:\Users\Dan\AppData\Local\{FABB7EBA-DD0E-4F0B-835E-0B19EF3DD37D}
    2012-06-05 16:58:03 -------- d-----w- C:\Users\Dan\AppData\Local\{51615FE9-90DF-4F8D-B8EB-9B2EF30D3BD4}
    2012-06-04 21:53:09 -------- d-----w- C:\Users\Dan\AppData\Local\{FC9895D4-A797-4891-B57E-B79527AEC425}
    2012-06-04 21:52:50 -------- d-----w- C:\Users\Dan\AppData\Local\{83FB3A40-D85A-4E9F-92C1-25CD439747C4}
    2012-06-04 06:45:25 -------- d-----w- C:\Users\Dan\AppData\Local\{6633E12F-4D54-4C0E-B956-F72F765218A3}
    2012-06-04 06:45:13 -------- d-----w- C:\Users\Dan\AppData\Local\{D3683D46-E858-42F5-AA0D-AE66A75CEF20}
    2012-06-03 18:44:06 -------- d-----w- C:\Users\Dan\AppData\Local\{D5E4C774-8545-43FF-8DCC-E487C254BE27}
    2012-06-03 18:43:43 -------- d-----w- C:\Users\Dan\AppData\Local\{E0A5F164-2439-4A8F-B3DC-E9BA5478F09B}
    2012-06-02 17:54:56 -------- d-----w- C:\Users\Dan\AppData\Local\{70E18275-E556-474E-BA88-61EE658021D8}
    2012-06-02 17:54:36 -------- d-----w- C:\Users\Dan\AppData\Local\{04F91AEA-BC05-4918-9E1A-E6BE7D1CD91A}
    2012-06-01 06:05:40 -------- d-----w- C:\Users\Dan\AppData\Local\{9479528B-C7FD-4CA5-8F30-DC8218E8854C}
    2012-06-01 06:05:28 -------- d-----w- C:\Users\Dan\AppData\Local\{FC8E1B6E-C056-47E4-AB55-F41541785F45}
    2012-05-31 18:05:03 -------- d-----w- C:\Users\Dan\AppData\Local\{A54FD627-1AD7-41E4-B16E-84386F7F511E}
    2012-05-31 18:04:52 -------- d-----w- C:\Users\Dan\AppData\Local\{AF75446C-8B0F-41E7-94AB-22791F6CE9E4}
    2012-05-31 06:04:08 -------- d-----w- C:\Users\Dan\AppData\Local\{46B3CB02-A9CE-4461-9A5A-9A47DD343687}
    2012-05-31 06:03:52 -------- d-----w- C:\Users\Dan\AppData\Local\{982B8334-593F-42D6-B482-66EC3CDBE88A}
    2012-05-30 17:39:46 -------- d-----w- C:\Users\Dan\AppData\Local\{C7776F67-7AD8-4EE9-895D-84A4CAE54376}
    2012-05-30 17:39:35 -------- d-----w- C:\Users\Dan\AppData\Local\{58AEFD87-2EE9-4126-80B6-A695DD139A71}
    2012-05-30 05:38:58 -------- d-----w- C:\Users\Dan\AppData\Local\{492891C4-C086-4FF4-BC99-ECF86C48ED4A}
    2012-05-30 05:38:45 -------- d-----w- C:\Users\Dan\AppData\Local\{BF958220-E1D7-4EED-B74C-AA1C0AA283CE}
    2012-05-28 18:11:55 -------- d-----w- C:\Users\Dan\AppData\Local\{E7596530-23A1-4EC4-B72C-DEFF82DE2270}
    2012-05-28 18:11:34 -------- d-----w- C:\Users\Dan\AppData\Local\{02990671-A653-4596-B7FE-28DC2C23DECD}
    2012-05-26 20:20:28 -------- d-----w- C:\Users\Dan\AppData\Local\{1315FE5D-8096-4521-AD01-4625F9E0B3FF}
    2012-05-26 20:20:15 -------- d-----w- C:\Users\Dan\AppData\Local\{3FF03AF4-DAD9-457C-B2B0-84FEE8F469C8}
    2012-05-26 01:31:57 -------- d-----w- C:\Users\Dan\AppData\Local\{94706BBA-5E5D-466D-8106-61612179C09C}
    2012-05-26 01:31:42 -------- d-----w- C:\Users\Dan\AppData\Local\{2A8FC5CD-D1E8-4114-8065-12A4ADD54F4E}
    .
    ==================== Find3M ====================
    .
    2012-06-24 18:34:05 4001 --sha-w- C:\windows\SysWow64\mmf.sys
    2012-05-15 09:29:47 889664 ----a-w- C:\windows\System32\nvvsvc.exe
    2012-05-15 09:29:46 63296 ----a-w- C:\windows\System32\nvshext.dll
    2012-05-15 09:29:46 2561856 ----a-w- C:\windows\System32\nvsvcr.dll
    2012-05-15 09:29:46 118080 ----a-w- C:\windows\System32\nvmctray.dll
    2012-05-15 09:29:25 3149632 ----a-w- C:\windows\System32\nvsvc64.dll
    2012-05-15 09:28:42 6151488 ----a-w- C:\windows\System32\nvcpl.dll
    2012-05-15 04:01:31 1188864 ----a-w- C:\windows\System32\wininet.dll
    2012-05-15 03:03:54 981504 ----a-w- C:\windows\SysWow64\wininet.dll
    2012-05-15 01:32:33 3146752 ----a-w- C:\windows\System32\win32k.sys
    2012-05-09 19:21:41 476936 ----a-w- C:\windows\SysWow64\npdeployJava1.dll
    2012-05-09 19:21:36 472840 ----a-w- C:\windows\SysWow64\deployJava1.dll
    2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
    2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
    2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
    2012-04-26 05:34:27 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
    2012-04-24 05:37:37 184320 ----a-w- C:\windows\System32\cryptsvc.dll
    2012-04-24 05:37:37 140288 ----a-w- C:\windows\System32\cryptnet.dll
    2012-04-24 05:37:36 1462272 ----a-w- C:\windows\System32\crypt32.dll
    2012-04-24 04:36:42 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36:42 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll
    2012-04-24 04:36:42 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
    2012-04-20 03:45:41 1638912 ----a-w- C:\windows\System32\mshtml.tlb
    2012-04-20 03:16:44 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2012-04-18 17:08:08 31040 ----a-w- C:\windows\System32\nvhdap64.dll
    2012-04-18 17:08:03 188736 ----a-w- C:\windows\System32\drivers\nvhda64v.sys
    2012-04-18 17:08:02 1451840 ----a-w- C:\windows\System32\nvhdagenco6420103.dll
    2012-04-07 12:31:40 3216384 ----a-w- C:\windows\System32\msi.dll
    2012-04-07 11:26:29 2342400 ----a-w- C:\windows\SysWow64\msi.dll
    2012-04-04 22:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
    2012-03-30 11:35:47 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
    .
    ============= FINISH: 12:00:17.44 ===============

    Thanks in advance for all you guys do.
     
  3. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  4. LobowolfXXX

    LobowolfXXX TS Rookie Topic Starter Posts: 28

    Should I disable ESET at this point? Log is too long for one post; I'm breaking it up.



    Scan result of Farbar Recovery Scan Tool Version: 24-06-2012
    Ran by SYSTEM at 24-06-2012 13:37:52
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [] [x]
    HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 2009-07-16] ()
    HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [508472 2009-10-09] (Conexant Systems, Inc.)
    HKLM\...\Run: [HDMICtrlMan] %ProgramFiles%\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [1032536 2009-10-23] (TOSHIBA Corporation.)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1810728 2009-07-30] (Synaptics Incorporated)
    HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
    HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
    HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
    HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [910136 2009-11-10] (TOSHIBA Corporation)
    HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1482592 2009-09-28] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [707416 2009-11-10] (TOSHIBA Corporation)
    HKLM\...\Run: [ThpSrv] C:\windows\system32\thpsrv /logon [x]
    HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
    HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
    HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-11-05] (TOSHIBA Corporation)
    HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [2839840 2010-03-24] (ESET)
    HKLM\...\Run: [VX3000] C:\windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
    HKLM\...\Run: [TosReelTimeMonitor] %programFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [x]
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
    HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294136 2009-10-06] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED [529256 2009-08-09] (Toshiba)
    HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2454840 2009-11-24] (TOSHIBA CORPORATION.)
    HKLM-x32\...\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1277704962\ee\AOLSoftware.exe [41800 2010-02-10] (AOL Inc.)
    HKLM-x32\...\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun [3695928 2009-08-19] (brother)
    HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2010-12-13] (Apple Inc.)
    HKLM-x32\...\Run: [PrintServer Diagnostic] C:\Program Files (x86)\Print Server2\PTP\PSDiagnostic.exe [266240 2004-11-24] ()
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKU\Dan\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-04-13] (Google Inc.)
    HKU\Dan\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6276408 2011-08-22] (Yahoo! Inc.)
    HKU\Dan\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
    HKU\Dan\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [15146376 2011-04-18] (Skype Technologies S.A.)
    HKU\Dan\...\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup [347008 2011-09-09] (EasyBits Software AS)
    HKU\Dan\...\Run: [b6jcgvAHL] C:\ProgramData\oy8XOlg2sbfSWB\Y5xkSVzVWD4sthWP\L55sp76B5np740\tkKLFoADIKs6k\SUjBQoPeYelf\bPw84MTuWvN35R\rNGZaBBdw.exe [31231801 2012-06-22] (Nrsft)
    HKU\Dan\...\Run: [AOL Fast Start] "C:\Program Files (x86)\AOL 9.5\AOL.EXE" -b [29520 2010-03-23] (AOL Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
    Startup: C:\Users\Dan\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)

    ==================== Services (Whitelisted) ======

    3 AOL ACS; "C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe" [46640 2006-10-23] (AOL LLC)
    3 EhttpSrv; "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [42336 2010-03-24] (ESET)
    2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [810120 2010-03-24] (ESET)
    2 IviRegMgr; "C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe" [112152 2007-01-04] (InterVideo)
    2 LicCtrlService; C:\windows\runservice.exe [2560 2011-11-17] ()
    3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
    2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe /s [115056 2010-09-01] (Symantec Corporation)
    2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll" /prefetch:1 [132984 2009-08-29] (Symantec Corporation)
    2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation)
    2 Secunia PSI Agent; "C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service [994360 2011-10-13] (Secunia)
    2 Secunia Update Agent; "C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service [399416 2011-10-13] (Secunia)
    3 WinHttpAutoProxySvc; winhttp.dll [444416 2010-11-20] (Microsoft Corporation)
    3 WinHttpAutoProxySvc; winhttp.dll [351232 2010-11-20] (Microsoft Corporation)

    ========================== Drivers (Whitelisted) =============

    2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [163888 2010-03-24] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [139704 2010-03-24] (ESET)
    2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [124760 2010-03-24] (ESET)
    3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [49568 2009-08-18] (O2Micro )
    3 QIOMem; C:\Windows\System32\Drivers\QIOMem.sys [12800 2009-06-15] (TOSHIBA)
    2 regi; C:\Windows\System32\Drivers\regi.sys [14112 2007-04-17] (InterVideo)
    2 regi; C:\Windows\SysWow64\Drivers\regi.sys [11032 2007-04-17] (InterVideo)
    3 tosrfec; C:\Windows\System32\Drivers\tosrfec.sys [19824 2009-07-13] (TOSHIBA Corporation)
    0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [26840 2009-07-14] (TOSHIBA Corporation)
    3 VX3000; C:\Windows\System32\Drivers\VX3000.sys [2060144 2010-05-20] (Microsoft Corporation)
    3 wanatw; C:\Windows\System32\DRIVERS\wanatw64.sys [24064 2006-11-29] (America Online, Inc.)
    1 SASDIFSV; \??\C:\Users\Dan\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
    1 SASKUTIL; \??\C:\Users\Dan\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
    3 Tosrfcom; [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-06-24 12:14 - 2012-06-24 12:14 - 01425489 ____A C:\Users\Dan\Desktop\FRST64.exe
    2012-06-24 10:57 - 2012-06-24 10:57 - 00607260 ____R (Swearware) C:\Users\Dan\Desktop\dds.scr
    2012-06-24 10:45 - 2012-06-24 10:45 - 00302592 ____A C:\Users\Dan\Desktop\62jzi7hk.exe
    2012-06-24 09:33 - 2012-05-09 11:18 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-06-24 09:33 - 2012-05-09 11:17 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-06-24 09:33 - 2012-05-09 11:17 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-06-24 09:32 - 2012-06-24 09:33 - 00004357 ____A C:\Windows\SysWOW64\jupdate-1.6.0_33-b03.log
    2012-06-24 09:26 - 2012-06-24 09:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{F79465AE-734E-455C-8B3B-801112C059C1}
    2012-06-24 09:25 - 2012-06-24 09:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{29B7DFE9-5C92-431B-A3EB-F5621F6BF397}
    2012-06-24 09:22 - 2012-06-24 12:27 - 00000224 ____A C:\Windows\setupact.log
    2012-06-24 09:22 - 2012-06-24 09:22 - 00000000 ____A C:\Windows\setuperr.log
    2012-06-23 15:10 - 2012-06-23 15:10 - 08828112 ____A (SurfRight B.V.) C:\Users\Dan\Downloads\HitmanPro36_x64(1).exe
    2012-06-23 15:01 - 2012-06-23 15:01 - 00000833 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-06-23 15:01 - 2012-06-23 15:01 - 00000000 ____D C:\Program Files\CCleaner
    2012-06-23 15:00 - 2012-06-23 15:00 - 03862112 ____A (Piriform Ltd) C:\Users\Dan\Downloads\ccsetup319.exe
    2012-06-23 14:41 - 2012-06-23 14:54 - 00000000 ____D C:\Users\All Users\HitmanPro
    2012-06-23 14:41 - 2012-06-23 14:42 - 08828112 ____A (SurfRight B.V.) C:\Users\Dan\Downloads\HitmanPro36_x64.exe
    2012-06-23 14:40 - 2012-06-23 14:41 - 07712104 ____A (SurfRight B.V.) C:\Users\Dan\Downloads\HitmanPro36.exe
    2012-06-23 14:38 - 2012-06-23 14:38 - 02128472 ____A (Kaspersky Lab ZAO) C:\Users\Dan\Downloads\tdsskiller(1).exe
    2012-06-23 10:35 - 2012-06-23 10:35 - 00000000 ____D C:\Users\Dan\AppData\Local\{5B60CA59-52AF-46E4-8E9E-205F0ECD97F2}
    2012-06-23 10:34 - 2012-06-23 10:35 - 00000000 ____D C:\Users\Dan\AppData\Local\{B8E1E2AB-2880-491C-92A4-450657118565}
    2012-06-22 20:23 - 2012-06-22 20:23 - 29097015 ____A (Nrsft) C:\Users\All Users\uJ422WwP.exe
    2012-06-22 20:23 - 2012-06-22 20:23 - 00000208 ____A C:\Users\All Users\6c2c9f7c19cc348bc2ecb60e6fdb722fe298a6fd
    2012-06-22 20:23 - 2012-06-22 20:23 - 00000000 __SHD C:\Users\All Users\oy8XOlg2sbfSWB
    2012-06-22 19:31 - 2012-06-22 19:31 - 00000000 ____D C:\Users\Dan\AppData\Local\{D6B6EAAA-4B65-4B6E-A05D-0A90D7EF4983}
    2012-06-22 19:31 - 2012-06-22 19:31 - 00000000 ____D C:\Users\Dan\AppData\Local\{47EB55E3-B76E-4A73-BA92-2B3DF38B530D}
    2012-06-22 14:28 - 2012-06-22 14:29 - 510126615 ____A C:\Users\Dan\Desktop\21741.mov
    2012-06-22 07:30 - 2012-06-22 07:30 - 00000000 ____D C:\Users\Dan\AppData\Local\{462A3DEA-58D6-4AAD-AB1A-DA3E42210BF7}
    2012-06-22 07:30 - 2012-06-22 07:30 - 00000000 ____D C:\Users\Dan\AppData\Local\{1BF58B33-662B-4CEC-97BA-4AD71BE29833}
    2012-06-21 10:05 - 2012-06-21 10:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{58766833-6E73-46BD-9C88-692D274EC3B4}
    2012-06-21 10:04 - 2012-06-21 10:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{8467169C-71EA-478E-847B-6939DE23BF30}
    2012-06-20 12:36 - 2012-06-20 12:36 - 00000000 ____D C:\Users\Dan\AppData\Local\{BC92BB70-B2FF-4304-9BEC-C7E8709C92F3}
    2012-06-20 12:36 - 2012-06-20 12:36 - 00000000 ____D C:\Users\Dan\AppData\Local\{3F805B19-C8A5-4947-B622-A3E5060C7F6B}
    2012-06-19 10:34 - 2012-06-19 10:34 - 00048749 ____A C:\Users\Dan\Desktop\snap_3e5d0bc6fa8483d498f9477dbfabbcc5.png
    2012-06-19 10:19 - 2012-06-19 10:19 - 00038628 ____A C:\Users\Dan\Desktop\abra.png
    2012-06-19 09:11 - 2012-06-19 09:11 - 00000000 ____D C:\Users\Dan\AppData\Local\{89736433-B6FE-4F20-9C49-B62CF3B27638}
    2012-06-19 09:11 - 2012-06-19 09:11 - 00000000 ____D C:\Users\Dan\AppData\Local\{40B5B994-7C26-430A-875A-0A9BB6F773EB}
    2012-06-18 18:54 - 2012-06-18 18:55 - 00000000 ____D C:\Users\Dan\AppData\Local\{DFC9DD8D-34C5-4812-AA81-42AC6ACE1FDC}
    2012-06-18 18:54 - 2012-06-18 18:54 - 00000000 ____D C:\Users\Dan\AppData\Local\{263406F1-F975-494F-8BBB-6F78A94B101B}
    2012-06-17 12:25 - 2012-06-17 12:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{D2E3C0E5-9A2D-4BAC-AA23-300EF61B374A}
    2012-06-16 21:48 - 2012-06-16 21:48 - 00000000 ____D C:\Users\Dan\AppData\Local\{A1AACBB3-0723-4E7F-9B72-49CBCADDABD9}
    2012-06-16 09:47 - 2012-06-16 09:47 - 00000000 ____D C:\Users\Dan\AppData\Local\{8282D691-3842-4EFE-9614-C69D714C13F1}
    2012-06-15 21:47 - 2012-06-15 21:47 - 00000000 ____D C:\Users\Dan\AppData\Local\{68F4BAA2-74D6-4117-A900-EA5196DD0BEC}
    2012-06-15 08:20 - 2012-06-15 08:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{C650D261-256C-4E1B-A0BB-020A1F7BE532}
    2012-06-14 21:17 - 2012-06-14 21:17 - 00000000 ____D C:\Users\Dan\Downloads\Campus Prep Course Book.scriv
    2012-06-14 20:20 - 2012-06-14 20:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{78E68589-4CE1-4DD2-A874-8BBE76D367DE}
    2012-06-14 08:19 - 2012-06-14 08:19 - 00000000 ____D C:\Users\Dan\AppData\Local\{77914D45-87F9-4D2D-BA29-A23E012450C1}
    2012-06-14 08:19 - 2012-06-14 08:19 - 00000000 ____D C:\Users\Dan\AppData\Local\{21DD5BDE-8387-460F-846B-C339AAA6A3C0}
    2012-06-13 15:20 - 2012-06-13 15:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{E5B2E040-E0D8-40EA-81DB-30A6911D3D94}
    2012-06-13 15:19 - 2012-06-13 15:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{5FD13A09-CFCD-4764-AA34-A329A7788806}
    2012-06-12 19:58 - 2012-05-14 20:01 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-12 19:58 - 2012-05-14 19:59 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-12 19:58 - 2012-05-14 19:03 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-12 19:58 - 2012-05-14 19:00 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-12 19:58 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-12 19:58 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-12 19:58 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-12 19:58 - 2012-04-19 21:42 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-12 19:58 - 2012-04-19 21:42 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-12 19:58 - 2012-04-19 21:42 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-12 19:58 - 2012-04-19 21:42 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-12 19:58 - 2012-04-19 21:42 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-06-12 19:58 - 2012-04-19 21:42 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-12 19:58 - 2012-04-19 21:42 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-12 19:58 - 2012-04-19 21:42 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-12 19:58 - 2012-04-19 21:00 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-12 19:58 - 2012-04-19 21:00 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-12 19:58 - 2012-04-19 20:57 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-12 19:58 - 2012-04-19 20:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-06-12 19:58 - 2012-04-19 20:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-12 19:58 - 2012-04-19 20:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-12 19:58 - 2012-04-19 20:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-12 19:58 - 2012-04-19 20:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-12 19:58 - 2012-04-19 19:45 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-12 19:58 - 2012-04-19 19:16 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-12 19:58 - 2012-04-16 21:31 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-12 19:58 - 2012-04-16 20:34 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-12 19:57 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-12 19:57 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-12 19:57 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-12 19:57 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-12 19:57 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-12 19:57 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-12 19:57 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-12 19:57 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-12 19:57 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-12 19:57 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-12 19:57 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-12 19:57 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-12 19:57 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-12 19:57 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-06-12 14:57 - 2012-06-12 14:57 - 00000000 ____D C:\Users\Dan\AppData\Local\{FDC6DEB4-966C-493F-9B38-FBE986EF9EB3}
    2012-06-12 14:57 - 2012-06-12 14:57 - 00000000 ____D C:\Users\Dan\AppData\Local\{A12A2DA5-3760-4E03-B915-4F161C19B80F}
    2012-06-11 19:59 - 2012-06-11 19:59 - 00000000 ____D C:\Users\Dan\AppData\Local\{41189B82-BC2F-45DC-8266-8880BFFB08FD}
    2012-06-11 19:59 - 2012-06-11 19:59 - 00000000 ____D C:\Users\Dan\AppData\Local\{111BFB54-846E-4130-836C-90869241A26B}
    2012-06-11 07:58 - 2012-06-11 07:58 - 00000000 ____D C:\Users\Dan\AppData\Local\{E641F3C7-8293-4D2B-B8FF-9E30883C2655}
    2012-06-11 07:58 - 2012-06-11 07:58 - 00000000 ____D C:\Users\Dan\AppData\Local\{56E267E5-387D-46CE-8A42-42049EB91D05}
    2012-06-10 12:30 - 2012-06-10 12:50 - 00140950 ____A C:\Users\Dan\Desktop\Oversold_Draft.rtf
    2012-06-10 12:13 - 2012-06-10 12:14 - 00000000 ____D C:\Users\Dan\AppData\Local\{C9503E2B-804A-48F5-872F-321082F4B86C}
    2012-06-10 12:13 - 2012-06-10 12:13 - 00000000 ____D C:\Users\Dan\AppData\Local\{8BC3E36F-16A8-4EA4-83EE-A1326A3E78DE}
    2012-06-08 15:42 - 2012-06-08 15:42 - 00000000 ____D C:\Users\Dan\AppData\Local\{A9C6A9A1-4E26-4885-8ADE-C6885CF9B5AC}
    2012-06-08 15:41 - 2012-06-08 15:42 - 00000000 ____D C:\Users\Dan\AppData\Local\{71ACB9E0-A185-4791-9337-5759BE383566}
    2012-06-08 00:25 - 2012-06-08 00:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{49A21C5B-FCB5-473B-A78E-05294CDE7826}
    2012-06-08 00:24 - 2012-06-08 00:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{6DD6DB93-46E3-4C9E-848C-705354F25127}
    2012-06-07 12:24 - 2012-06-07 12:24 - 00000000 ____D C:\Users\Dan\AppData\Local\{79A065FF-B7C6-430C-8117-C9430B155E31}
    2012-06-07 12:23 - 2012-06-07 12:24 - 00000000 ____D C:\Users\Dan\AppData\Local\{752978B8-AEA8-44F0-B96E-E06B49D0D59A}
    2012-06-05 20:59 - 2012-06-05 20:59 - 00000000 ____D C:\Users\Dan\AppData\Local\{821061D1-D322-4496-94C2-09A92F13061A}
    2012-06-05 20:59 - 2012-06-05 20:59 - 00000000 ____D C:\Users\Dan\AppData\Local\{2EFEDE88-BFE0-442F-A7EA-88EF89F8E68C}
    2012-06-05 08:58 - 2012-06-05 08:58 - 00000000 ____D C:\Users\Dan\AppData\Local\{FABB7EBA-DD0E-4F0B-835E-0B19EF3DD37D}
    2012-06-05 08:58 - 2012-06-05 08:58 - 00000000 ____D C:\Users\Dan\AppData\Local\{51615FE9-90DF-4F8D-B8EB-9B2EF30D3BD4}
    2012-06-04 13:53 - 2012-06-04 13:53 - 00000000 ____D C:\Users\Dan\AppData\Local\{FC9895D4-A797-4891-B57E-B79527AEC425}
    2012-06-04 13:52 - 2012-06-04 13:53 - 00000000 ____D C:\Users\Dan\AppData\Local\{83FB3A40-D85A-4E9F-92C1-25CD439747C4}
    2012-06-03 22:45 - 2012-06-03 22:45 - 00000000 ____D C:\Users\Dan\AppData\Local\{D3683D46-E858-42F5-AA0D-AE66A75CEF20}
    2012-06-03 22:45 - 2012-06-03 22:45 - 00000000 ____D C:\Users\Dan\AppData\Local\{6633E12F-4D54-4C0E-B956-F72F765218A3}
    2012-06-03 17:51 - 2012-06-03 18:18 - 00114236 ____A C:\Users\Dan\Desktop\oversold.rtf
    2012-06-03 10:44 - 2012-06-03 10:44 - 00000000 ____D C:\Users\Dan\AppData\Local\{D5E4C774-8545-43FF-8DCC-E487C254BE27}
    2012-06-03 10:43 - 2012-06-03 10:43 - 00000000 ____D C:\Users\Dan\AppData\Local\{E0A5F164-2439-4A8F-B3DC-E9BA5478F09B}
    2012-06-02 09:54 - 2012-06-02 09:55 - 00000000 ____D C:\Users\Dan\AppData\Local\{70E18275-E556-474E-BA88-61EE658021D8}
    2012-06-02 09:54 - 2012-06-02 09:54 - 00000000 ____D C:\Users\Dan\AppData\Local\{04F91AEA-BC05-4918-9E1A-E6BE7D1CD91A}
    2012-05-31 22:05 - 2012-05-31 22:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{FC8E1B6E-C056-47E4-AB55-F41541785F45}
    2012-05-31 22:05 - 2012-05-31 22:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{9479528B-C7FD-4CA5-8F30-DC8218E8854C}
     
  5. LobowolfXXX

    LobowolfXXX TS Rookie Topic Starter Posts: 28

    2012-05-31 10:07 - 2012-05-31 10:07 - 00000000 ____D C:\Users\Dan\Downloads\oversold backup.scriv
    2012-05-31 10:05 - 2012-05-31 10:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{A54FD627-1AD7-41E4-B16E-84386F7F511E}
    2012-05-31 10:04 - 2012-05-31 10:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{AF75446C-8B0F-41E7-94AB-22791F6CE9E4}
    2012-05-30 22:04 - 2012-05-30 22:04 - 00000000 ____D C:\Users\Dan\AppData\Local\{46B3CB02-A9CE-4461-9A5A-9A47DD343687}
    2012-05-30 22:03 - 2012-05-30 22:04 - 00000000 ____D C:\Users\Dan\AppData\Local\{982B8334-593F-42D6-B482-66EC3CDBE88A}
    2012-05-30 09:39 - 2012-05-30 09:39 - 00000000 ____D C:\Users\Dan\AppData\Local\{C7776F67-7AD8-4EE9-895D-84A4CAE54376}
    2012-05-30 09:39 - 2012-05-30 09:39 - 00000000 ____D C:\Users\Dan\AppData\Local\{58AEFD87-2EE9-4126-80B6-A695DD139A71}
    2012-05-29 23:09 - 2012-05-29 23:09 - 00000000 ____D C:\Users\Dan\Downloads\Mystery.scriv
    2012-05-29 23:04 - 2012-05-29 23:04 - 00000000 ____D C:\Users\Dan\Downloads\Mystery Project.scriv
    2012-05-29 21:38 - 2012-05-29 21:39 - 00000000 ____D C:\Users\Dan\AppData\Local\{492891C4-C086-4FF4-BC99-ECF86C48ED4A}
    2012-05-29 21:38 - 2012-05-29 21:38 - 00000000 ____D C:\Users\Dan\AppData\Local\{BF958220-E1D7-4EED-B74C-AA1C0AA283CE}
    2012-05-28 10:11 - 2012-05-28 10:12 - 00000000 ____D C:\Users\Dan\AppData\Local\{E7596530-23A1-4EC4-B72C-DEFF82DE2270}
    2012-05-28 10:11 - 2012-05-28 10:11 - 00000000 ____D C:\Users\Dan\AppData\Local\{02990671-A653-4596-B7FE-28DC2C23DECD}
    2012-05-26 12:20 - 2012-05-26 12:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{3FF03AF4-DAD9-457C-B2B0-84FEE8F469C8}
    2012-05-26 12:20 - 2012-05-26 12:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{1315FE5D-8096-4521-AD01-4625F9E0B3FF}
    2012-05-25 17:31 - 2012-05-25 17:32 - 00000000 ____D C:\Users\Dan\AppData\Local\{94706BBA-5E5D-466D-8106-61612179C09C}
    2012-05-25 17:31 - 2012-05-25 17:31 - 00000000 ____D C:\Users\Dan\AppData\Local\{2A8FC5CD-D1E8-4114-8065-12A4ADD54F4E}


    ============ 3 Months Modified Files and Folders =============

    2012-06-24 13:38 - 2012-06-24 13:37 - 00000000 ____D C:\FRST
    2012-06-24 12:31 - 2010-08-06 10:45 - 00000286 ___AH C:\Windows\Brownie.ini
    2012-06-24 12:31 - 2010-06-04 01:38 - 02053262 ____A C:\Windows\WindowsUpdate.log
    2012-06-24 12:31 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-24 12:31 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-24 12:28 - 2011-09-09 11:27 - 00000000 ____D C:\Users\All Users\GameXN
    2012-06-24 12:28 - 2011-06-08 13:14 - 00000000 ___RD C:\Users\Dan\Dropbox
    2012-06-24 12:28 - 2011-06-08 13:12 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Dropbox
    2012-06-24 12:27 - 2012-06-24 09:22 - 00000224 ____A C:\Windows\setupact.log
    2012-06-24 12:27 - 2011-03-22 15:43 - 00000000 ____D C:\Users\Dan\Tracing
    2012-06-24 12:27 - 2010-11-24 20:50 - 00004001 __ASH C:\Windows\SysWOW64\mmf.sys
    2012-06-24 12:27 - 2010-11-10 22:17 - 00000398 ____A C:\Windows\Tasks\Free File Viewer Update Checker.job
    2012-06-24 12:27 - 2010-06-27 21:37 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-06-24 12:27 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-24 12:20 - 2010-06-27 21:28 - 00086200 ____A C:\Users\Dan\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-06-24 12:18 - 2010-06-29 20:01 - 00000000 ____D C:\Users\Dan\AppData\Roaming\SoftGrid Client
    2012-06-24 12:17 - 2011-10-13 11:04 - 00000000 ____D C:\Users\Dan\Desktop\LSAT
    2012-06-24 12:17 - 2009-07-13 21:13 - 00727334 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-24 12:14 - 2012-06-24 12:14 - 01425489 ____A C:\Users\Dan\Desktop\FRST64.exe
    2012-06-24 11:44 - 2010-06-27 21:37 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-06-24 10:57 - 2012-06-24 10:57 - 00607260 ____R (Swearware) C:\Users\Dan\Desktop\dds.scr
    2012-06-24 10:48 - 2010-07-02 09:46 - 00000000 ____D C:\Users\Dan\Documents\Outlook Files
    2012-06-24 10:45 - 2012-06-24 10:45 - 00302592 ____A C:\Users\Dan\Desktop\62jzi7hk.exe
    2012-06-24 10:25 - 2010-09-04 07:41 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Skype
    2012-06-24 09:33 - 2012-06-24 09:32 - 00004357 ____A C:\Windows\SysWOW64\jupdate-1.6.0_33-b03.log
    2012-06-24 09:33 - 2010-04-13 18:17 - 00000000 ____D C:\Program Files (x86)\Java
    2012-06-24 09:26 - 2012-06-24 09:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{F79465AE-734E-455C-8B3B-801112C059C1}
    2012-06-24 09:26 - 2012-06-24 09:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{29B7DFE9-5C92-431B-A3EB-F5621F6BF397}
    2012-06-24 09:26 - 2010-11-08 08:20 - 00000000 ____D C:\Users\Dan\AppData\Local\Windows Live
    2012-06-24 09:24 - 2011-05-28 10:08 - 00000000 ____D C:\Users\Dan\AppData\Roaming\go
    2012-06-24 09:22 - 2012-06-24 09:22 - 00000000 ____A C:\Windows\setuperr.log
    2012-06-23 15:10 - 2012-06-23 15:10 - 08828112 ____A (SurfRight B.V.) C:\Users\Dan\Downloads\HitmanPro36_x64(1).exe
    2012-06-23 15:05 - 2011-08-25 19:42 - 00000000 ____D C:\Users\Dan\AppData\Roaming\FileZilla
    2012-06-23 15:04 - 2010-07-15 20:58 - 00000000 ____D C:\Windows\Minidump
    2012-06-23 15:04 - 2010-04-14 10:32 - 00000000 ____D C:\Windows\Panther
    2012-06-23 15:01 - 2012-06-23 15:01 - 00000833 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-06-23 15:01 - 2012-06-23 15:01 - 00000000 ____D C:\Program Files\CCleaner
    2012-06-23 15:00 - 2012-06-23 15:00 - 03862112 ____A (Piriform Ltd) C:\Users\Dan\Downloads\ccsetup319.exe
    2012-06-23 14:54 - 2012-06-23
     
  6. LobowolfXXX

    LobowolfXXX TS Rookie Topic Starter Posts: 28

    14:41 - 00000000 ____D C:\Users\All Users\HitmanPro
    2012-06-23 14:42 - 2012-06-23 14:41 - 08828112 ____A (SurfRight B.V.) C:\Users\Dan\Downloads\HitmanPro36_x64.exe
    2012-06-23 14:41 - 2012-06-23 14:40 - 07712104 ____A (SurfRight B.V.) C:\Users\Dan\Downloads\HitmanPro36.exe
    2012-06-23 14:38 - 2012-06-23 14:38 - 02128472 ____A (Kaspersky Lab ZAO) C:\Users\Dan\Downloads\tdsskiller(1).exe
    2012-06-23 12:54 - 2010-06-27 22:20 - 00000000 ____D C:\Bridge Base Online
    2012-06-23 12:18 - 2011-12-28 20:00 - 00001124 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-23 12:18 - 2011-04-09 02:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-23 10:35 - 2012-06-23 10:35 - 00000000 ____D C:\Users\Dan\AppData\Local\{5B60CA59-52AF-46E4-8E9E-205F0ECD97F2}
    2012-06-23 10:35 - 2012-06-23 10:34 - 00000000 ____D C:\Users\Dan\AppData\Local\{B8E1E2AB-2880-491C-92A4-450657118565}
    2012-06-22 20:23 - 2012-06-22 20:23 - 29097015 ____A (Nrsft) C:\Users\All Users\uJ422WwP.exe
    2012-06-22 20:23 - 2012-06-22 20:23 - 00000208 ____A C:\Users\All Users\6c2c9f7c19cc348bc2ecb60e6fdb722fe298a6fd
    2012-06-22 20:23 - 2012-06-22 20:23 - 00000000 __SHD C:\Users\All Users\oy8XOlg2sbfSWB
    2012-06-22 19:31 - 2012-06-22 19:31 - 00000000 ____D C:\Users\Dan\AppData\Local\{D6B6EAAA-4B65-4B6E-A05D-0A90D7EF4983}
    2012-06-22 19:31 - 2012-06-22 19:31 - 00000000 ____D C:\Users\Dan\AppData\Local\{47EB55E3-B76E-4A73-BA92-2B3DF38B530D}
    2012-06-22 15:01 - 2010-09-04 07:43 - 00000000 ____D C:\Users\Dan\AppData\Roaming\skypePM
    2012-06-22 14:51 - 2011-05-13 10:45 - 00000000 ____D C:\Users\All Users\Skype Extras
    2012-06-22 14:29 - 2012-06-22 14:28 - 510126615 ____A C:\Users\Dan\Desktop\21741.mov
    2012-06-22 07:30 - 2012-06-22 07:30 - 00000000 ____D C:\Users\Dan\AppData\Local\{462A3DEA-58D6-4AAD-AB1A-DA3E42210BF7}
    2012-06-22 07:30 - 2012-06-22 07:30 - 00000000 ____D C:\Users\Dan\AppData\Local\{1BF58B33-662B-4CEC-97BA-4AD71BE29833}
    2012-06-21 10:05 - 2012-06-21 10:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{58766833-6E73-46BD-9C88-692D274EC3B4}
    2012-06-21 10:05 - 2012-06-21 10:04 - 00000000 ____D C:\Users\Dan\AppData\Local\{8467169C-71EA-478E-847B-6939DE23BF30}
    2012-06-20 12:36 - 2012-06-20 12:36 - 00000000 ____D C:\Users\Dan\AppData\Local\{BC92BB70-B2FF-4304-9BEC-C7E8709C92F3}
    2012-06-20 12:36 - 2012-06-20 12:36 - 00000000 ____D C:\Users\Dan\AppData\Local\{3F805B19-C8A5-4947-B622-A3E5060C7F6B}
    2012-06-19 14:58 - 2012-05-09 22:28 - 00000000 ____D C:\Program Files (x86)\Scrivener
    2012-06-19 10:34 - 2012-06-19 10:34 - 00048749 ____A C:\Users\Dan\Desktop\snap_3e5d0bc6fa8483d498f9477dbfabbcc5.png
    2012-06-19 10:19 - 2012-06-19 10:19 - 00038628 ____A C:\Users\Dan\Desktop\abra.png
    2012-06-19 09:11 - 2012-06-19 09:11 - 00000000 ____D C:\Users\Dan\AppData\Local\{89736433-B6FE-4F20-9C49-B62CF3B27638}
    2012-06-19 09:11 - 2012-06-19 09:11 - 00000000 ____D C:\Users\Dan\AppData\Local\{40B5B994-7C26-430A-875A-0A9BB6F773EB}
    2012-06-18 18:55 - 2012-06-18 18:54 - 00000000 ____D C:\Users\Dan\AppData\Local\{DFC9DD8D-34C5-4812-AA81-42AC6ACE1FDC}
    2012-06-18 18:54 - 2012-06-18 18:54 - 00000000 ____D C:\Users\Dan\AppData\Local\{263406F1-F975-494F-8BBB-6F78A94B101B}
    2012-06-17 12:26 - 2012-06-17 12:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{D2E3C0E5-9A2D-4BAC-AA23-300EF61B374A}
    2012-06-16 21:48 - 2012-06-16 21:48 - 00000000 ____D C:\Users\Dan\AppData\Local\{A1AACBB3-0723-4E7F-9B72-49CBCADDABD9}
    2012-06-16 20:42 - 2012-05-06 19:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-06-16 09:47 - 2012-06-16 09:47 - 00000000 ____D C:\Users\Dan\AppData\Local\{8282D691-3842-4EFE-9614-C69D714C13F1}
    2012-06-16 09:40 - 2010-06-27 21:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-06-15 21:47 - 2012-06-15 21:47 - 00000000 ____D C:\Users\Dan\AppData\Local\{68F4BAA2-74D6-4117-A900-EA5196DD0BEC}
    2012-06-15 08:20 - 2012-06-15 08:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{C650D261-256C-4E1B-A0BB-020A1F7BE532}
    2012-06-14 21:17 - 2012-06-14 21:17 - 00000000 ____D C:\Users\Dan\Downloads\Campus Prep Course Book.scriv
    2012-06-14 20:20 - 2012-06-14 20:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{78E68589-4CE1-4DD2-A874-8BBE76D367DE}
    2012-06-14 15:53 - 2010-07-05 09:51 - 00000000 ____D C:\Users\All Users\Yahoo! Companion
    2012-06-14 15:47 - 2009-07-13 21:08 - 00032622 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-14 08:19 - 2012-06-14 08:19 - 00000000 ____D C:\Users\Dan\AppData\Local\{77914D45-87F9-4D2D-BA29-A23E012450C1}
    2012-06-14 08:19 - 2012-06-14 08:19 - 00000000 ____D C:\Users\Dan\AppData\Local\{21DD5BDE-8387-460F-846B-C339AAA6A3C0}
    2012-06-13 15:20 - 2012-06-13 15:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{E5B2E040-E0D8-40EA-81DB-30A6911D3D94}
    2012-06-13 15:20 - 2012-06-13 15:19 - 00000000 ____D C:\Users\Dan\AppData\Local\{5FD13A09-CFCD-4764-AA34-A329A7788806}
    2012-06-13 15:16 - 2009-07-13 20:45 - 00361096 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-12 23:15 - 2010-06-27 22:26 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-12 14:57 - 2012-06-12 14:57 - 00000000 ____D C:\Users\Dan\AppData\Local\{FDC6DEB4-966C-493F-9B38-FBE986EF9EB3}
    2012-06-12 14:57 - 2012-06-12 14:57 - 00000000 ____D C:\Users\Dan\AppData\Local\{A12A2DA5-3760-4E03-B915-4F161C19B80F}
    2012-06-11 19:59 - 2012-06-11 19:59 - 00000000 ____D C:\Users\Dan\AppData\Local\{41189B82-BC2F-45DC-8266-8880BFFB08FD}
    2012-06-11 19:59 - 2012-06-11 19:59 - 00000000 ____D C:\Users\Dan\AppData\Local\{111BFB54-846E-4130-836C-90869241A26B}
    2012-06-11 19:47 - 2011-06-06 15:08 - 00002355 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2012-06-11 07:58 - 2012-06-11 07:58 - 00000000 ____D C:\Users\Dan\AppData\Local\{E641F3C7-8293-4D2B-B8FF-9E30883C2655}
    2012-06-11 07:58 - 2012-06-11 07:58 - 00000000 ____D C:\Users\Dan\AppData\Local\{56E267E5-387D-46CE-8A42-42049EB91D05}
    2012-06-10 12:50 - 2012-06-10 12:30 - 00140950 ____A C:\Users\Dan\Desktop\Oversold_Draft.rtf
    2012-06-10 12:14 - 2012-06-10 12:13 - 00000000 ____D C:\Users\Dan\AppData\Local\{C9503E2B-804A-48F5-872F-321082F4B86C}
    2012-06-10 12:13 - 2012-06-10 12:13 - 00000000 ____D C:\Users\Dan\AppData\Local\{8BC3E36F-16A8-4EA4-83EE-A1326A3E78DE}
    2012-06-08 15:42 - 2012-06-08 15:42 - 00000000 ____D C:\Users\Dan\AppData\Local\{A9C6A9A1-4E26-4885-8ADE-C6885CF9B5AC}
    2012-06-08 15:42 - 2012-06-08 15:41 - 00000000 ____D C:\Users\Dan\AppData\Local\{71ACB9E0-A185-4791-9337-5759BE383566}
    2012-06-08 00:25 - 2012-06-08 00:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{49A21C5B-FCB5-473B-A78E-05294CDE7826}
    2012-06-08 00:25 - 2012-06-08 00:24 - 00000000 ____D C:\Users\Dan\AppData\Local\{6DD6DB93-46E3-4C9E-848C-705354F25127}
    2012-06-07 12:24 - 2012-06-07 12:24 - 00000000 ____D C:\Users\Dan\AppData\Local\{79A065FF-B7C6-430C-8117-C9430B155E31}
    2012-06-07 12:24 - 2012-06-07 12:23 - 00000000 ____D C:\Users\Dan\AppData\Local\{752978B8-AEA8-44F0-B96E-E06B49D0D59A}
    2012-06-05 20:59 - 2012-06-05 20:59 - 00000000 ____D C:\Users\Dan\AppData\Local\{821061D1-D322-4496-94C2-09A92F13061A}
    2012-06-05 20:59 - 2012-06-05 20:59 - 00000000 ____D C:\Users\Dan\AppData\Local\{2EFEDE88-BFE0-442F-A7EA-88EF89F8E68C}
    2012-06-05 08:58 - 2012-06-05 08:58 - 00000000 ____D C:\Users\Dan\AppData\Local\{FABB7EBA-DD0E-4F0B-835E-0B19EF3DD37D}
    2012-06-05 08:58 - 2012-06-05 08:58 - 00000000 ____D C:\Users\Dan\AppData\Local\{51615FE9-90DF-4F8D-B8EB-9B2EF30D3BD4}
    2012-06-04 13:53 - 2012-06-04 13:53 - 00000000 ____D C:\Users\Dan\AppData\Local\{FC9895D4-A797-4891-B57E-B79527AEC425}
    2012-06-04 13:53 - 2012-06-04 13:52 - 00000000 ____D C:\Users\Dan\AppData\Local\{83FB3A40-D85A-4E9F-92C1-25CD439747C4}
    2012-06-03 22:45 - 2012-06-03 22:45 - 00000000 ____D C:\Users\Dan\AppData\Local\{D3683D46-E858-42F5-AA0D-AE66A75CEF20}
    2012-06-03 22:45 - 2012-06-03 22:45 - 00000000 ____D C:\Users\Dan\AppData\Local\{6633E12F-4D54-4C0E-B956-F72F765218A3}
    2012-06-03 18:18 - 2012-06-03 17:51 - 00114236 ____A C:\Users\Dan\Desktop\oversold.rtf
    2012-06-03 10:44 - 2012-06-03 10:44 - 00000000 ____D C:\Users\Dan\AppData\Local\{D5E4C774-8545-43FF-8DCC-E487C254BE27}
    2012-06-03 10:43 - 2012-06-03 10:43 - 00000000 ____D C:\Users\Dan\AppData\Local\{E0A5F164-2439-4A8F-B3DC-E9BA5478F09B}
    2012-06-02 15:53 - 2011-06-08 13:14 - 00000984 ____A C:\Users\Dan\Desktop\Dropbox.lnk
    2012-06-02 09:55 - 2012-06-02 09:54 - 00000000 ____D C:\Users\Dan\AppData\Local\{70E18275-E556-474E-BA88-61EE658021D8}
    2012-06-02 09:54 - 2012-06-02 09:54 - 00000000 ____D C:\Users\Dan\AppData\Local\{04F91AEA-BC05-4918-9E1A-E6BE7D1CD91A}
    2012-05-31 22:05 - 2012-05-31 22:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{FC8E1B6E-C056-47E4-AB55-F41541785F45}
    2012-05-31 22:05 - 2012-05-31 22:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{9479528B-C7FD-4CA5-8F30-DC8218E8854C}
    2012-05-31 10:07 - 2012-05-31 10:07 - 00000000 ____D C:\Users\Dan\Downloads\oversold backup.scriv
    2012-05-31 10:05 - 2012-05-31 10:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{A54FD627-1AD7-41E4-B16E-84386F7F511E}
    2012-05-31 10:05 - 2012-05-31 10:04 - 00000000 ____D C:\Users\Dan\AppData\Local\{AF75446C-8B0F-41E7-94AB-22791F6CE9E4}
    2012-05-30 22:04 - 2012-05-30 22:04 - 00000000 ____D C:\Users\Dan\AppData\Local\{46B3CB02-A9CE-4461-9A5A-9A47DD343687}
    2012-05-30 22:04 - 2012-05-30 22:03 - 00000000 ____D C:\Users\Dan\AppData\Local\{982B8334-593F-42D6-B482-66EC3CDBE88A}
    2012-05-30 09:39 - 2012-05-30 09:39 - 00000000 ____D C:\Users\Dan\AppData\Local\{C7776F67-7AD8-4EE9-895D-84A4CAE54376}
    2012-05-30 09:39 - 2012-05-30 09:39 - 00000000 ____D C:\Users\Dan\AppData\Local\{58AEFD87-2EE9-4126-80B6-A695DD139A71}
    2012-05-29 23:09 - 2012-05-29 23:09 - 00000000 ____D C:\Users\Dan\Downloads\Mystery.scriv
    2012-05-29 23:04 - 2012-05-29 23:04 - 00000000 ____D C:\Users\Dan\Downloads\Mystery Project.scriv
    2012-05-29 21:39 - 2012-05-29 21:38 - 00000000 ____D C:\Users\Dan\AppData\Local\{492891C4-C086-4FF4-BC99-ECF86C48ED4A}
    2012-05-29 21:38 - 2012-05-29 21:38 - 00000000 ____D C:\Users\Dan\AppData\Local\{BF958220-E1D7-4EED-B74C-AA1C0AA283CE}
    2012-05-28 10:12 - 2012-05-28 10:11 - 00000000 ____D C:\Users\Dan\AppData\Local\{E7596530-23A1-4EC4-B72C-DEFF82DE2270}
    2012-05-28 10:11 - 2012-05-28 10:11 - 00000000 ____D C:\Users\Dan\AppData\Local\{02990671-A653-4596-B7FE-28DC2C23DECD}
    2012-05-26 12:20 - 2012-05-26 12:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{3FF03AF4-DAD9-457C-B2B0-84FEE8F469C8}
    2012-05-26 12:20 - 2012-05-26 12:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{1315FE5D-8096-4521-AD01-4625F9E0B3FF}
    2012-05-25 17:32 - 2012-05-25 17:31 - 00000000 ____D C:\Users\Dan\AppData\Local\{94706BBA-5E5D-466D-8106-61612179C09C}
    2012-05-25 17:31 - 2012-05-25 17:31 - 00000000 ____D C:\Users\Dan\AppData\Local\{2A8FC5CD-D1E8-4114-8065-12A4ADD54F4E}
    2012-05-24 21:06 - 2012-05-24 21:06 - 00000000 ____D C:\Users\Dan\AppData\Local\{84E4343D-6366-434D-801D-A7DEA7FD9BB4}
    2012-05-24 21:06 - 2012-05-24 21:06 - 00000000 ____D C:\Users\Dan\AppData\Local\{5CD05D62-3FB6-4F60-8959-DFABA6B36408}
    2012-05-24 09:05 - 2012-05-24 09:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{DCE921B2-5FC7-49B0-B24E-B026120B14BC}
    2012-05-24 09:05 - 2012-05-24 09:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{CD3764EE-41D3-49A9-9BC9-0CB43F9A432B}
    2012-05-23 19:54 - 2012-05-23 19:53 - 00000000 ____D C:\Users\Dan\AppData\Local\{E0930C51-ADC5-4421-94AC-52B09F5C0710}
    2012-05-23 19:53 - 2012-05-23 19:53 - 00000000 ____D C:\Users\Dan\AppData\Local\{50E9EF8C-3E93-4D66-8806-34455001B2B6}
    2012-05-23 07:09 - 2012-05-23 07:09 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2012-05-23 07:08 - 2010-06-04 01:49 - 00000000 ____D C:\Users\All Users\NVIDIA
    2012-05-23 07:07 - 2011-09-12 07:16 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2012-05-23 07:04 - 2012-05-23 06:59 - 214613632 ____A (NVIDIA Corporation) C:\Users\Dan\Downloads\301.42-notebook-win7-winvista-64bit-international-whql.exe
    2012-05-23 06:48 - 2012-05-23 06:48 - 00000000 ____D C:\Users\Dan\AppData\Local\{F83DE537-A41B-478B-98D0-DC340F67E347}
    2012-05-23 06:48 - 2012-05-23 06:47 - 00000000 ____D C:\Users\Dan\AppData\Local\{212612A6-2BAC-4990-8DBB-13880701D71D}
    2012-05-22 11:56 - 2012-05-22 11:56 - 00000000 ____D C:\Users\Dan\AppData\Local\{234D1E67-D708-43B1-8F98-37221BFCA5AB}
    2012-05-22 11:56 - 2012-05-22 11:56 - 00000000 ____D C:\Users\Dan\AppData\Local\{0D9A46AF-3A97-4200-A17E-1D72907753E0}
    2012-05-21 21:55 - 2012-05-21 21:54 - 00000000 ____D C:\Users\Dan\AppData\Local\{A257200B-3001-4CF8-B678-77279D050B4A}
    2012-05-21 21:54 - 2012-05-21 21:54 - 00000000 ____D C:\Users\Dan\AppData\Local\{121DBA0E-119A-48E6-9AEC-A443EDBB8063}
    2012-05-21 08:43 - 2012-05-21 08:43 - 00065536 __ASH C:\Windows\System32\config\COMPONENTS{b6427221-97ff-11e1-b571-00038a000015}.TxR.blf
    2012-05-21 08:43 - 2012-05-21 08:43 - 00000000 ____D C:\Users\Dan\AppData\Local\{5B73F1A6-CD38-4AAE-AD76-3E3B928190CE}
    2012-05-21 08:43 - 2012-05-21 08:43 - 00000000 ____D C:\Users\Dan\AppData\Local\{1C259C62-B28C-4ACC-8A70-C91B6DDF31F8}
    2012-05-20 20:54 - 2011-05-18 12:56 - 00265808 ____A C:\Users\Dan\Documents\voice-message.wav
    2012-05-20 14:42 - 2012-05-20 14:42 - 00000000 ____D C:\Users\Dan\AppData\Local\{4064419C-FC82-44BC-BBB8-0CEA383C8853}
    2012-05-20 14:42 - 2012-05-20 14:41 - 00000000 ____D C:\Users\Dan\AppData\Local\{F31E5E6B-E7C6-4F0F-88B6-871A10A11B6F}
    2012-05-19 20:28 - 2012-05-19 20:28 - 00000000 ____D C:\Users\Dan\AppData\Local\{B176701A-1370-4340-B1C3-273AC623C799}
    2012-05-19 20:28 - 2012-05-19 20:27 - 00000000 ____D C:\Users\Dan\AppData\Local\{2F4F3D3B-5399-4937-AE51-2F183E2B5FC7}
    2012-05-18 17:20 - 2012-05-18 17:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{C3030517-54A1-44A6-9305-9D7660AF37B2}
    2012-05-18 17:19 - 2012-05-18 17:19 - 00000000 ____D C:\Users\Dan\AppData\Local\{6FC92F1C-08F0-45C8-96CE-46780EA34C3C}
    2012-05-17 09:24 - 2012-05-17 09:23 - 00000000 ____D C:\Users\Dan\AppData\Local\{EE66F888-C42A-4A99-A207-7E74A3F4EB48}
    2012-05-17 09:23 - 2012-05-17 09:23 - 00000000 ____D C:\Users\Dan\AppData\Local\{83CBCA9E-4C60-498E-BF10-26DBE1F55499}
    2012-05-16 10:56 - 2012-05-16 10:56 - 00000000 ____D C:\Users\Dan\AppData\Local\{9646E0FC-BAC1-4717-A9D3-1B4336E8E17D}
    2012-05-16 10:56 - 2012-05-16 10:55 - 00000000 ____D C:\Users\Dan\AppData\Local\{B256E0C3-CE2E-4F4D-BA14-A2373CB56926}
    2012-05-16 10:55 - 2012-05-16 10:55 - 00000000 ____D C:\Windows\en
    2012-05-16 10:52 - 2010-11-08 08:23 - 00000000 ____D C:\Program Files\Windows Live
    2012-05-16 10:52 - 2010-04-13 20:29 - 00000000 ____D C:\Program Files (x86)\Windows Live
    2012-05-16 10:47 - 2012-05-16 10:47 - 00000000 ____D C:\Users\Dan\AppData\Local\{88EAD73E-5E1E-4934-BB02-F4DB439F531D}
    2012-05-16 10:47 - 2012-05-16 10:47 - 00000000 ____D C:\Users\Dan\AppData\Local\{72E40356-EE2E-4CE7-9C8A-974F79FB4118}
    2012-05-16 08:12 - 2012-05-16 08:12 - 00000000 ____D C:\Users\Dan\AppData\Local\{8A19A40D-1F74-4C05-8ACD-BA513BD8FB17}
    2012-05-16 08:12 - 2012-05-16 08:12 - 00000000 ____D C:\Users\Dan\AppData\Local\{10EC9F2E-ABBE-4664-B685-134E8843F237}
    2012-05-15 21:43 - 2012-05-15 21:43 - 00000000 ____D C:\Users\Dan\AppData\Local\{B75E37E4-B01C-4E53-862D-D89AD755D22F}
    2012-05-15 21:43 - 2012-05-15 21:43 - 00000000 ____D C:\Users\Dan\AppData\Local\{6EF8CD4A-E986-4C62-BA2F-FD54FC2A35F1}
    2012-05-15 13:32 - 2012-05-15 13:32 - 00000000 ____D C:\Users\Dan\AppData\Local\{0AE3D754-F6B5-4141-8A19-0E62CC1915F0}
    2012-05-15 13:31 - 2012-05-15 13:31 - 00000000 ____D C:\Users\Dan\AppData\Local\{B113DA0F-CE32-43B7-AB23-BFAE58498F8A}
    2012-05-15 11:31 - 2012-05-15 11:31 - 00000000 ____D C:\Users\Dan\AppData\Local\{BE5FBA2B-9CA3-4ED1-8143-13D3F67B7EF4}
    2012-05-15 11:30 - 2012-05-15 11:30 - 00000000 ____D C:\Users\Dan\AppData\Local\{68D30CB8-9550-46E8-8F8E-13201C4C3EB7}
    2012-05-15 11:03 - 2012-05-15 11:03 - 00000000 ____D C:\Users\Dan\AppData\Local\{C410297D-A78A-4666-AB5C-8A4056A151C0}
    2012-05-15 11:03 - 2012-05-15 11:02 - 00000000 ____D C:\Users\Dan\AppData\Local\{EF528750-09C7-4226-907E-8A3C84FBB115}
    2012-05-15 08:59 - 2012-05-15 08:59 - 00000000 ____D C:\Users\Dan\AppData\Local\{D0FFC345-DB29-4BA0-B54F-3098481AC508}
    2012-05-15 08:59 - 2012-05-15 08:59 - 00000000 ____D C:\Users\Dan\AppData\Local\{5DA7622D-C68E-4954-827F-EAF17D31CD8E}
    2012-05-15 02:48 - 2012-05-23 07:06 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
    2012-05-15 02:48 - 2012-05-23 07:06 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
    2012-05-15 02:48 - 2012-05-23 07:06 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2012-05-15 02:48 - 2012-05-23 07:06 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
    2012-05-15 02:48 - 2012-05-23 07:06 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2012-05-15 02:48 - 2012-05-23 07:06 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
    2012-05-15 02:48 - 2012-05-23 07:06 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
    2012-05-15 02:48 - 2012-05-23 07:06 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2012-05-15 02:48 - 2012-05-23 07:06 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
    2012-05-15 02:48 - 2012-05-23 07:06 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
    2012-05-15 02:48 - 2012-05-23 07:06 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2012-05-15 02:48 - 2012-05-23 07:06 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
    2012-05-15 02:48 - 2012-05-23 07:06 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2012-05-15 02:48 - 2011-09-16 11:19 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
    2012-05-15 02:48 - 2011-09-16 11:19 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
    2012-05-15 02:48 - 2011-09-12 07:16 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
    2012-05-15 02:48 - 2011-09-12 07:16 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
    2012-05-15 02:48 - 2011-09-12 07:16 - 00014324 ____A C:\Windows\System32\nvinfo.pb
    2012-05-15 02:48 - 2010-01-16 00:02 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2012-05-15 02:48 - 2010-01-16 00:02 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2012-05-15 02:48 - 2009-12-06 17:30 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
    2012-05-15 02:48 - 2009-12-06 17:30 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
    2012-05-15 01:29 - 2010-01-17 21:44 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
    2012-05-15 01:29 - 2010-01-17 21:44 - 02561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
    2012-05-15 01:29 - 2010-01-17 21:44 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    2012-05-15 01:29 - 2010-01-17 21:44 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
    2012-05-15 01:29 - 2009-12-07 09:02 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
    2012-05-15 01:28 - 2010-01-17 21:44 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
    2012-05-14 21:51 - 2012-05-14 21:51 - 00000000 ____D C:\Users\Dan\AppData\Local\{CB227CCA-31BF-48C9-A0CA-3B2D35A1D3BD}
    2012-05-14 21:51 - 2012-05-14 21:50 - 00000000 ____D C:\Users\Dan\AppData\Local\{7D30A3D0-3E9C-4805-91BD-1EC360074DC8}
    2012-05-14 20:01 - 2012-06-12 19:58 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-14 19:59 - 2012-06-12 19:58 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-14 19:03 - 2012-06-12 19:58 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-14 19:00 - 2012-06-12 19:58 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-14 17:32 - 2012-06-12 19:57 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-13 21:33 - 2012-05-13 21:32 - 00000000 ____D C:\Users\Dan\AppData\Local\{7FAE030A-0DA5-40A1-BD23-6A26B6BDE38E}
    2012-05-13 21:32 - 2012-05-13 21:32 - 00000000 ____D C:\Users\Dan\AppData\Local\{11C59D93-D223-4E77-B599-31ECEDE6C54E}
    2012-05-13 19:40 - 2012-05-13 19:40 - 00000000 ____D C:\Users\Dan\AppData\Local\{491F773D-3A38-43A4-B2CA-70E4E7FDA291}
    2012-05-13 19:40 - 2012-05-13 19:40 - 00000000 ____D C:\Users\Dan\AppData\Local\{43101971-EFE4-490B-AB39-4A2595B6DFFE}
    2012-05-13 18:18 - 2012-05-13 18:18 - 00000000 ____D C:\Users\Dan\Downloads\The Earth and Sky.scriv
    2012-05-13 18:17 - 2012-05-13 18:17 - 00014876 ____A C:\Users\Dan\The Earth and Sky.syv
    2012-05-13 18:17 - 2010-06-27 21:26 - 00000000 ____D C:\users\Dan
    2012-05-13 17:14 - 2012-05-13 17:14 - 00000000 ____D C:\Users\Dan\AppData\Local\{D3C63B95-3044-41B6-BE2A-26FE7E42ACF0}
    2012-05-13 17:14 - 2012-05-13 17:13 - 00000000 ____D C:\Users\Dan\AppData\Local\{99684A2F-E24A-4DF1-857D-0A4C9AADF089}
    2012-05-12 22:52 - 2012-05-12 22:52 - 00001905 ____A C:\Users\Public\Desktop\Outline 4D.lnk
    2012-05-12 22:52 - 2012-05-12 22:52 - 00000000 ____D C:\Users\Dan\AppData\Roaming\PACE Anti-Piracy
    2012-05-12 22:52 - 2012-05-12 22:52 - 00000000 ____D C:\Users\Dan\AppData\Local\PACE Anti-Piracy
    2012-05-12 22:52 - 2012-05-12 22:52 - 00000000 ____D C:\Users\All Users\PACE Anti-Piracy
    2012-05-12 22:52 - 2012-05-12 22:52 - 00000000 ____D C:\Program Files (x86)\Outline 4D
    2012-05-12 22:52 - 2010-06-11 09:47 - 00000000 ___HD C:\Users\Dan\AppData\Local\27UHsUnZJVnF
    2012-05-12 22:51 - 2012-05-12 22:51 - 00000000 ____D C:\Users\Dan\AppData\Local\Downloaded Installations
    2012-05-12 22:40 - 2012-05-12 22:40 - 00000000 ____D C:\Users\Dan\AppData\Local\{E265E54B-2B8B-404E-9838-4CD776FF22BF}
    2012-05-12 22:40 - 2012-05-12 22:40 - 00000000 ____D C:\Users\Dan\AppData\Local\{3A7E2D19-4B89-4B1A-8F1D-D95A5C76FEAF}
    2012-05-12 18:14 - 2012-05-12 18:14 - 00000000 ____D C:\Users\Dan\AppData\Local\{742E3EFB-59B9-405D-AD45-3FEB1057E4BF}
    2012-05-12 18:14 - 2012-05-12 18:13 - 00000000 ____D C:\Users\Dan\AppData\Local\{450FF42D-2BAE-485C-9D23-510244194C6C}
    2012-05-12 08:50 - 2012-05-12 08:49 - 00000000 ____D C:\Users\Dan\AppData\Local\{67E7F9B6-193B-4DD8-9328-43AB2BB2E12E}
    2012-05-12 08:49 - 2012-05-12 08:49 - 00000000 ____D C:\Users\Dan\AppData\Local\{CABFA940-1B03-4DE7-B1BC-9C238D263F99}
    2012-05-11 17:26 - 2012-05-11 17:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{5A47BE29-C13A-4E34-80F2-9FE3DB33F323}
    2012-05-11 17:26 - 2012-05-11 17:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{C3822E7E-9655-4820-AFA1-79A0E97ECA30}
    2012-05-10 21:47 - 2012-05-10 21:47 - 00000000 ____D C:\Users\Dan\AppData\Local\{BA74826E-01D1-4C3B-B867-4B96ECB6B704}
    2012-05-10 21:47 - 2012-05-10 21:47 - 00000000 ____D C:\Users\Dan\AppData\Local\{AFDFEC02-EBD1-4CCC-835B-24EE4ED49FB7}
    2012-05-10 20:59 - 2012-05-10 20:59 - 00011506 ____A C:\Users\Dan\Desktop\AcademicChess.xlsx
    2012-05-10 18:01 - 2012-05-10 18:01 - 00000000 ____D C:\Users\Dan\AppData\Local\{CAF683E2-BEB4-4A63-8474-F56570293EE2}
    2012-05-10 18:01 - 2012-05-10 18:01 - 00000000 ____D C:\Users\Dan\AppData\Local\{6ABD1025-AE1C-47B7-9781-601398892F70}
    2012-05-10 12:24 - 2012-05-10 12:24 - 00000000 ____D C:\Users\Dan\AppData\Local\{7AB03690-34D3-41A0-AC92-573D1374F5C5}
    2012-05-10 12:24 - 2012-05-10 12:24 - 00000000 ____D C:\Users\Dan\AppData\Local\{11DB446B-834F-48A0-9925-E7F4AB5DB3DD}
    2012-05-10 07:21 - 2012-05-10 07:21 - 00000000 ____D C:\Users\Dan\AppData\Local\{1C1F4FD7-27FD-4171-AF6E-409EBD626B9C}
    2012-05-10 07:20 - 2012-05-10 07:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{A6BF80C7-B89D-403C-ABA5-482C178E75EE}
    2012-05-09 23:21 - 2010-06-04 01:40 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-05-09 23:10 - 2010-04-13 20:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2012-05-09 23:10 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
    2012-05-09 22:32 - 2012-05-09 22:32 - 00000000 ____D C:\Users\Dan\Downloads\Scriv Tutorial.scriv
    2012-05-09 22:30 - 2012-05-09 22:30 - 00000000 ____D C:\Users\Dan\AppData\Local\Scrivener
    2012-05-09 22:28 - 2012-05-09 22:28 - 00001708 ____A C:\Users\Public\Desktop\Scrivener.lnk
    2012-05-09 22:27 - 2012-05-09 22:25 - 52015502 ____A C:\Users\Dan\Downloads\Scrivener-installer.zip
    2012-05-09 18:49 - 2012-05-09 18:49 - 00000000 ____D C:\Users\Dan\AppData\Local\{C6FA1CB9-9560-4201-80E4-0FE819CED318}
    2012-05-09 18:49 - 2012-05-09 18:49 - 00000000 ____D C:\Users\Dan\AppData\Local\{804FE82D-F0EE-45DE-8754-50ED19272E96}
    2012-05-09 14:25 - 2012-05-09 14:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{5D16BB3E-BC5C-412B-9E9C-04FC4CD6B341}
    2012-05-09 14:25 - 2012-05-09 14:24 - 00000000 ____D C:\Users\Dan\AppData\Local\{EFA02415-E0C8-45A3-A5E9-F1323C15570A}
    2012-05-09 12:05 - 2012-05-09 12:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{B2B67893-0064-46E0-9130-679B2E34AE21}
    2012-05-09 12:05 - 2012-05-09 12:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{08A0A36C-5459-472D-A33F-437B26009B23}
    2012-05-09 11:21 - 2012-05-16 21:12 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-05-09 11:21 - 2011-09-27 21:39 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-05-09 11:18 - 2012-06-24 09:33 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-05-09 11:17 - 2012-06-24 09:33 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-05-09 11:17 - 2012-06-24 09:33 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-05-09 08:32 - 2012-05-09 08:32 - 00000000 ____D C:\Users\Dan\AppData\Local\{9A290F5E-ECBE-4596-B21A-FE28DAB67BD8}
    2012-05-09 08:32 - 2012-05-09 08:32 - 00000000 ____D C:\Users\Dan\AppData\Local\{9051781F-8E40-4E81-84EB-E3A73BB6087E}
    2012-05-08 14:03 - 2012-05-08 14:02 - 00000000 ____D C:\Users\Dan\AppData\Local\{B0404E8C-91A1-4476-A3B9-19A25CAAAFF2}
    2012-05-08 14:02 - 2012-05-08 14:02 - 00000000 ____D C:\Users\Dan\AppData\Local\{0352A91E-0DA2-48A6-B482-C7CC4E5C5444}
    2012-05-08 07:28 - 2012-05-08 07:28 - 00000000 ____D C:\Users\Dan\AppData\Local\{C0E8E35D-C182-4F61-8FDB-DD66014CECF8}
     
  7. LobowolfXXX

    LobowolfXXX TS Rookie Topic Starter Posts: 28

    2012-05-08 07:28 - 2012-05-08 07:28 - 00000000 ____D C:\Users\Dan\AppData\Local\{B16EC822-C72A-4BD8-BA4F-330BB09E6B46}
    2012-05-07 09:23 - 2012-05-07 09:23 - 00000000 ____D C:\Users\Dan\AppData\Local\{0757AD47-AB4A-43EC-B9BF-A17F74BD06C9}
    2012-05-07 09:22 - 2012-05-07 09:22 - 00000000 ____D C:\Users\Dan\AppData\Local\{30A713CE-A22C-492D-9181-3E87F2C63B8E}
    2012-05-06 20:50 - 2012-05-06 20:49 - 00000000 ____D C:\Users\Dan\AppData\Local\{0907F932-971D-47FC-AEA8-A497FF7C715A}
    2012-05-06 20:49 - 2012-05-06 20:49 - 00000000 ____D C:\Users\Dan\AppData\Local\{4E7B0129-98B4-465F-A6F5-E9F0684466F7}
    2012-05-06 19:41 - 2012-05-06 19:41 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-05-06 19:41 - 2011-06-06 15:08 - 00001064 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-05-06 19:39 - 2012-05-06 19:39 - 16339280 ____A (Mozilla) C:\Users\Dan\Downloads\Firefox Setup 12.0.exe
    2012-05-06 19:36 - 2012-05-06 19:36 - 00000000 ____D C:\Users\Dan\AppData\Local\{E57F967D-2EDB-47A9-BF78-8252A5E713AB}
    2012-05-06 19:36 - 2012-05-06 19:36 - 00000000 ____D C:\Users\Dan\AppData\Local\{D348413C-1FF2-4EA0-BE50-9857E1E403B8}
    2012-05-06 13:16 - 2012-05-06 13:16 - 00000000 ____D C:\Users\Dan\AppData\Local\{AA15443B-CF90-4BD6-9FF5-669FFF3375FF}
    2012-05-06 13:16 - 2012-05-06 13:16 - 00000000 ____D C:\Users\Dan\AppData\Local\{84B38334-312D-4364-8025-29375F7DEE6D}
    2012-05-06 08:58 - 2012-05-06 08:58 - 00000000 ____D C:\Users\Dan\AppData\Local\{52DABC01-5293-4C24-AF72-5001181C3C76}
    2012-05-06 08:58 - 2012-05-06 08:57 - 00000000 ____D C:\Users\Dan\AppData\Local\{AB896480-0FEE-4E33-AA35-A464E3E714A2}
    2012-05-06 07:05 - 2012-05-06 07:01 - 00000000 ____D C:\Users\Dan\Desktop\sd
    2012-05-06 06:59 - 2012-05-06 06:59 - 00000000 ____D C:\Users\Dan\AppData\Local\{D6E374CC-2498-4707-86A4-9BCBA576A03E}
    2012-05-06 06:59 - 2012-05-06 06:58 - 00000000 ____D C:\Users\Dan\AppData\Local\{3D19F0B6-71C5-402B-9BE6-DA45ED25FFF9}
    2012-05-06 06:53 - 2012-05-06 06:53 - 00065536 __ASH C:\Windows\System32\config\COMPONENTS{086a564c-972b-11e1-89d0-00038a000015}.TxR.blf
    2012-05-05 19:26 - 2012-05-05 19:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{D7363779-9FB8-4A43-95E0-3C0770F27B2E}
    2012-05-05 19:26 - 2012-05-05 19:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{99D61BDD-99FC-4C7A-9EA4-F364999F5DD8}
    2012-05-05 15:51 - 2012-05-05 15:51 - 00000000 ____D C:\Users\Dan\AppData\Local\{A723BCB8-20FE-4830-82E9-5370B78C275E}
    2012-05-05 15:51 - 2012-05-05 15:51 - 00000000 ____D C:\Users\Dan\AppData\Local\{77465BC0-018D-48E3-AE8C-5C3F1BED3B86}
    2012-05-04 19:50 - 2012-05-04 19:50 - 00000000 ____D C:\Users\Dan\AppData\Local\{FDF7367A-84F4-4E62-AF18-A6509113984F}
    2012-05-04 19:50 - 2012-05-04 19:50 - 00000000 ____D C:\Users\Dan\AppData\Local\{2A25559E-B189-4044-AFCF-9D84CC6D5338}
    2012-05-04 17:14 - 2012-05-04 17:14 - 00000000 ____D C:\Users\Dan\AppData\Local\{B3E7229E-3589-4764-88B5-2E797A7A1DB2}
    2012-05-04 17:14 - 2012-05-04 17:14 - 00000000 ____D C:\Users\Dan\AppData\Local\{5729D771-38D5-43F7-BB42-B3F55512F3BC}
    2012-05-04 03:06 - 2012-06-12 19:57 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:03 - 2012-06-12 19:57 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-12 19:57 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-03 19:43 - 2012-05-03 19:43 - 00000000 ____D C:\Users\Dan\AppData\Local\{B44217DD-8854-4426-B7C3-45E9DEBF2D28}
    2012-05-03 19:42 - 2012-05-03 19:42 - 00000000 ____D C:\Users\Dan\AppData\Local\{BEE5822C-91C6-4FCE-9003-76188CE2ADA5}
    2012-05-02 19:52 - 2012-05-02 19:51 - 00000000 ____D C:\Users\Dan\AppData\Local\{216C371F-5A75-4D19-BC7A-FF041D9C26FE}
    2012-05-02 19:51 - 2012-05-02 19:51 - 00000000 ____D C:\Users\Dan\AppData\Local\{BE10ADF2-9E51-4617-B875-BBBF904B80FE}
    2012-05-02 08:21 - 2012-05-02 08:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{2AD8ABDA-1133-4D8A-BE1E-24AF37931F39}
    2012-05-02 08:20 - 2012-05-02 08:20 - 00000000 ____D C:\Users\Dan\AppData\Local\{1A7DE771-EB7C-4940-8794-84DC46970213}
    2012-05-01 14:16 - 2012-05-01 14:15 - 00000000 ____D C:\Users\Dan\AppData\Local\{73CCAA84-81A7-4EA0-A0FA-510B915B110F}
    2012-05-01 14:15 - 2012-05-01 14:15 - 00000000 ____D C:\Users\Dan\AppData\Local\{76E1322D-5A7B-4061-904A-048B0BCF018A}
    2012-05-01 12:41 - 2012-05-01 12:41 - 00000000 ____D C:\Users\Dan\AppData\Local\{DEF1A724-5D3D-491B-8CD6-AB20E56456A0}
    2012-05-01 12:41 - 2012-05-01 12:41 - 00000000 ____D C:\Users\Dan\AppData\Local\{0B82BB6C-0C93-4BE9-B1E4-3BD60BAC6609}
    2012-04-30 22:00 - 2012-04-30 22:00 - 00000000 ____D C:\Users\Dan\AppData\Local\{C49FF917-BF01-4960-968D-F892626657B2}
    2012-04-30 22:00 - 2012-04-30 22:00 - 00000000 ____D C:\Users\Dan\AppData\Local\{178A914C-F32B-4BFA-B063-DC1902FFD0CB}
    2012-04-30 21:40 - 2012-06-12 19:57 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-30 19:40 - 2012-04-30 19:40 - 00000000 ____D C:\Users\Dan\AppData\Local\{B43ED39F-D8AA-4E9E-9420-B327D9AD5299}
    2012-04-30 19:40 - 2012-04-30 19:40 - 00000000 ____D C:\Users\Dan\AppData\Local\{83D75079-3B8A-4EAE-B680-6C1FEFF1D1FF}
    2012-04-30 18:23 - 2012-04-30 18:23 - 00000000 ____D C:\Users\Dan\AppData\Local\{9B935617-D9D0-4F23-A879-08EEBFA1B2C1}
    2012-04-30 18:23 - 2012-04-30 18:23 - 00000000 ____D C:\Users\Dan\AppData\Local\{8C8B8793-8F10-41EE-90FE-4AEACB6608C1}
    2012-04-30 15:47 - 2012-04-30 15:47 - 00000000 ____D C:\Users\Dan\AppData\Local\{AB5D2FEF-6F7B-4988-8826-4842EAB405E8}
    2012-04-30 15:47 - 2012-04-30 15:47 - 00000000 ____D C:\Users\Dan\AppData\Local\{4993FAFC-1D3D-4326-ADC0-81FC9B821EB3}
    2012-04-30 14:46 - 2012-04-30 14:46 - 00000000 ____D C:\Users\Dan\AppData\Local\{60174EF9-0620-4C3A-9692-D91154D97D73}
    2012-04-30 14:46 - 2012-04-30 14:46 - 00000000 ____D C:\Users\Dan\AppData\Local\{18DE761C-57EA-409F-8410-815252D4DD0A}
    2012-04-30 10:49 - 2012-04-30 10:49 - 00000000 ____D C:\Users\Dan\AppData\Local\{C029DF03-7825-4E31-A6C2-DACA75682BF4}
    2012-04-30 10:49 - 2012-04-30 10:49 - 00000000 ____D C:\Users\Dan\AppData\Local\{A485A112-BD8E-4649-A5C9-29D606C42C9E}
    2012-04-29 21:48 - 2012-04-29 21:48 - 00000000 ____D C:\Users\Dan\AppData\Local\{BBD264C2-C839-4382-9927-DE9C72444F06}
    2012-04-29 21:48 - 2012-04-29 21:48 - 00000000 ____D C:\Users\Dan\AppData\Local\{0EBEB2A2-709A-481E-8E69-D666140EF983}
    2012-04-29 19:52 - 2012-04-29 19:52 - 00000000 ____D C:\Users\Dan\AppData\Local\{BDCC9454-3C85-477B-BB84-DE5FCE8D284E}
    2012-04-29 19:51 - 2012-04-29 19:51 - 00000000 ____D C:\Users\Dan\AppData\Local\{0B30BA46-60F2-417A-AB3E-5269E1032450}
    2012-04-29 12:31 - 2012-04-29 12:31 - 00000000 ____D C:\Users\Dan\AppData\Local\{B84B927A-D5C2-4525-B1EA-385FC0C407B3}
    2012-04-29 12:31 - 2012-04-29 12:31 - 00000000 ____D C:\Users\Dan\AppData\Local\{AA4BBACB-6B3B-400D-B045-FE77829A24B3}
    2012-04-29 08:39 - 2012-04-29 08:39 - 00000000 ____D C:\Users\Dan\AppData\Local\{3CC6EFE8-05D6-4642-80DD-FFD719A5F149}
    2012-04-29 08:39 - 2012-04-29 08:38 - 00000000 ____D C:\Users\Dan\AppData\Local\{0009937B-2CBC-4541-896E-78459CC44C46}
    2012-04-27 19:55 - 2012-06-12 19:57 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-27 17:24 - 2012-04-27 17:24 - 00000000 ____D C:\Users\Dan\AppData\Local\{E6FDFD1F-CFDE-4D75-9A61-43FE14090EB4}
    2012-04-27 17:24 - 2012-04-27 17:24 - 00000000 ____D C:\Users\Dan\AppData\Local\{3A2005F5-4894-44EB-98A0-4E5A46EE326C}
    2012-04-27 10:06 - 2012-04-27 10:06 - 00000000 ____D C:\Users\Dan\AppData\Local\{F38308A0-5229-4EBE-B8DD-F218D322FF5D}
    2012-04-27 10:06 - 2012-04-27 10:05 - 00000000 ____D C:\Users\Dan\AppData\Local\{298FABAA-0918-4422-B1F2-FB5EDF6DD29B}
    2012-04-26 21:09 - 2012-04-26 21:09 - 00000000 ____D C:\Users\Dan\AppData\Local\{E8291985-017E-4AC3-A4B9-D7F4D80307BD}
    2012-04-26 21:09 - 2012-04-26 21:09 - 00000000 ____D C:\Users\Dan\AppData\Local\{46F47C33-AF48-4B9D-8FFF-85FA9F13E8E0}
    2012-04-26 14:55 - 2012-04-26 14:55 - 00000000 ____D C:\Users\Dan\AppData\Local\{F1A25581-EE4C-4AE8-92D0-A9089A781CBC}
    2012-04-26 14:55 - 2012-04-26 14:55 - 00000000 ____D C:\Users\Dan\AppData\Local\{63653B72-28ED-489A-AABB-65070735DDB0}
    2012-04-26 07:11 - 2012-04-26 07:11 - 00000000 ____D C:\Users\Dan\AppData\Local\{E966E06F-2308-4C65-81F1-1AF970DF3F1A}
    2012-04-26 07:11 - 2012-04-26 07:11 - 00000000 ____D C:\Users\Dan\AppData\Local\{C128A21D-17FE-40B0-B54F-7A636921E5AA}
    2012-04-25 21:41 - 2012-06-12 19:58 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-06-12 19:58 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-06-12 19:58 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 18:39 - 2012-04-24 18:39 - 00000000 ____D C:\Users\Dan\AppData\Local\{8AF06313-0CDF-48CF-A79D-93C656A8BA25}
    2012-04-24 18:39 - 2012-04-24 18:38 - 00000000 ____D C:\Users\Dan\AppData\Local\{EC70DF28-F63C-4B2F-AD8E-DCF980F4497B}
    2012-04-24 15:55 - 2012-04-24 15:55 - 00000000 ____D C:\Users\Dan\AppData\Local\{909B0BE0-9578-43E6-B07D-1403C104FFD8}
    2012-04-24 15:55 - 2012-04-24 15:55 - 00000000 ____D C:\Users\Dan\AppData\Local\{4A5F60C7-722A-41EB-95AF-2C2022344CAA}
    2012-04-23 21:54 - 2012-04-23 21:53 - 00000000 ____D C:\Users\Dan\AppData\Local\{22F5FF2D-6789-46BC-9C19-2F399E5A7FBF}
    2012-04-23 21:53 - 2012-04-23 21:53 - 00000000 ____D C:\Users\Dan\AppData\Local\{12D67E38-2F97-4B1F-9ECA-04C9839E997C}
    2012-04-23 21:37 - 2012-06-12 19:57 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 21:37 - 2012-06-12 19:57 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 21:37 - 2012-06-12 19:57 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 20:36 - 2012-06-12 19:57 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 20:36 - 2012-06-12 19:57 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 20:36 - 2012-06-12 19:57 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-22 21:32 - 2012-04-22 21:32 - 00000000 ____D C:\Users\Dan\AppData\Local\{490365DD-38BE-4540-9E73-7E0C8C9B5E7C}
    2012-04-22 21:32 - 2012-04-22 21:31 - 00000000 ____D C:\Users\Dan\AppData\Local\{A22DD622-BEA1-48A9-8ACB-BA540E9AD00E}
    2012-04-22 10:40 - 2012-04-22 10:40 - 00000000 ____D C:\Users\Dan\AppData\Local\{D3A7BD9D-C0DC-4051-8C47-0BDC00E90309}
    2012-04-22 10:39 - 2012-04-22 10:39 - 00000000 ____D C:\Users\Dan\AppData\Local\{4F8428A2-4A8B-4092-9B25-5C80C7EFC57C}
    2012-04-20 17:29 - 2012-04-20 17:29 - 00000000 ____D C:\Users\Dan\AppData\Local\{4F43F4D2-4BA1-4CA7-B523-507DB42F1B26}
    2012-04-20 17:29 - 2012-04-20 17:29 - 00000000 ____D C:\Users\Dan\AppData\Local\{2BB1498C-BE8F-4CA8-B73F-8600902CD89A}
    2012-04-19 21:42 - 2012-06-12 19:58 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-04-19 21:42 - 2012-06-12 19:58 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-04-19 21:42 - 2012-06-12 19:58 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-04-19 21:42 - 2012-06-12 19:58 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-04-19 21:42 - 2012-06-12 19:58 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-04-19 21:42 - 2012-06-12 19:58 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-04-19 21:42 - 2012-06-12 19:58 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-04-19 21:42 - 2012-06-12 19:58 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-04-19 21:33 - 2012-04-19 21:33 - 00000000 ____D C:\Users\Dan\AppData\Local\{6EA4B401-E6F8-4828-B5FF-AA47D086230D}
    2012-04-19 21:33 - 2012-04-19 21:32 - 00000000 ____D C:\Users\Dan\AppData\Local\{A0479E39-FA81-40E9-8763-D941F0541A29}
    2012-04-19 21:00 - 2012-06-12 19:58 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-04-19 21:00 - 2012-06-12 19:58 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-04-19 20:57 - 2012-06-12 19:58 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-04-19 20:57 - 2012-06-12 19:58 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-04-19 20:57 - 2012-06-12 19:58 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-04-19 20:56 - 2012-06-12 19:58 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-04-19 20:56 - 2012-06-12 19:58 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-04-19 20:56 - 2012-06-12 19:58 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-04-19 19:45 - 2012-06-12 19:58 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-04-19 19:16 - 2012-06-12 19:58 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-04-19 11:11 - 2012-04-19 11:11 - 00000000 ____D C:\Users\Dan\AppData\Local\{21D9A6BA-1B4C-4915-8363-3424479F2060}
    2012-04-19 11:11 - 2012-04-19 11:11 - 00000000 ____D C:\Users\Dan\AppData\Local\{1434EF10-79F6-4F99-839D-CD478189E8B0}
    2012-04-18 11:58 - 2012-04-18 11:58 - 00000000 ____D C:\Users\Dan\AppData\Local\{C12842F5-F8F3-4D33-A7E0-71186394220F}
    2012-04-18 11:58 - 2012-04-18 11:58 - 00000000 ____D C:\Users\Dan\AppData\Local\{6338DC90-05BD-49E5-8D21-714AD6C82B33}
    2012-04-18 09:08 - 2012-05-23 07:06 - 01451840 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
    2012-04-18 09:08 - 2012-05-23 07:06 - 00188736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
    2012-04-18 09:08 - 2012-05-23 07:06 - 00031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
    2012-04-17 21:19 - 2012-04-17 21:19 - 00000000 ____D C:\Users\Dan\AppData\Local\{D33586DB-6FC8-40C2-A3F3-701518E88373}
    2012-04-17 21:19 - 2012-04-17 21:19 - 00000000 ____D C:\Users\Dan\AppData\Local\{5E2E6EDC-C841-487E-B987-45A515DF7D53}
    2012-04-17 16:25 - 2012-04-17 16:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{AAFADF50-B809-4EAF-9265-2C0A60B8794A}
    2012-04-17 16:25 - 2012-04-17 16:25 - 00000000 ____D C:\Users\Dan\AppData\Local\{0D303FA9-FB7B-4831-A54B-969D94F92360}
    2012-04-17 10:39 - 2012-04-17 10:39 - 00000000 ____D C:\Users\Dan\AppData\Local\{C21878F1-3419-430A-8057-7CA7ED701451}
    2012-04-17 10:39 - 2012-04-17 10:39 - 00000000 ____D C:\Users\Dan\AppData\Local\{5053BBD0-F24C-4EBF-A303-345E37A08DB0}
    2012-04-16 21:49 - 2012-04-16 21:49 - 00000000 ____D C:\Users\Dan\AppData\Local\{E16274F0-C9DA-4E95-AA78-4B5C6F0904FE}
    2012-04-16 21:49 - 2012-04-16 21:48 - 00000000 ____D C:\Users\Dan\AppData\Local\{58551FC3-3DF2-4693-915F-58F76DE92487}
    2012-04-16 21:31 - 2012-06-12 19:58 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-04-16 20:34 - 2012-06-12 19:58 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-04-16 11:04 - 2012-04-16 11:04 - 00000000 ____D C:\Users\Dan\AppData\Local\{F7BA92DA-87F7-4891-B667-AD33AF1E0786}
    2012-04-16 11:04 - 2012-04-16 11:04 - 00000000 ____D C:\Users\Dan\AppData\Local\{2ADE152D-89FB-4490-90D6-ACF82AEC7353}
    2012-04-16 08:36 - 2012-04-16 08:36 - 00000000 ____D C:\Users\Dan\AppData\Local\{D75B642A-4C84-4187-B8D1-8E25CB55E3E9}
    2012-04-16 08:36 - 2012-04-16 08:35 - 00000000 ____D C:\Users\Dan\AppData\Local\{6C85B781-965A-4648-AF92-4ABFED4E52ED}
    2012-04-15 21:51 - 2012-04-15 21:51 - 00000000 ____D C:\Users\Dan\AppData\Local\{A58900E7-3FFB-47CA-8DBB-689A7481BB58}
    2012-04-15 21:51 - 2012-04-15 21:51 - 00000000 ____D C:\Users\Dan\AppData\Local\{9F99D7AF-69C0-4E98-8DD1-A332B3A5B89E}
    2012-04-15 19:55 - 2012-04-15 19:55 - 00000000 ____D C:\Users\Dan\AppData\Local\{DAAA2339-2ECF-4D21-8932-7A8FA5BF3AE1}
    2012-04-15 19:55 - 2012-04-15 19:54 - 00000000 ____D C:\Users\Dan\AppData\Local\{BEBD1596-6111-4EA2-B3C2-E1A329CA0555}
    2012-04-15 17:11 - 2012-04-15 17:11 - 00000000 ____D C:\Users\Dan\AppData\Local\{A7C50E0B-643C-4ABC-A62E-6A32AD9DA0A7}
    2012-04-15 17:11 - 2012-04-15 17:11 - 00000000 ____D C:\Users\Dan\AppData\Local\{16E650B0-CB2A-4E8B-8C6A-3BBBAB433C65}
    2012-04-15 12:01 - 2012-04-15 12:01 - 00000000 ____D C:\Users\Dan\AppData\Local\{E9996E5B-5E81-4C60-8757-A4D70AD93987}
    2012-04-15 12:01 - 2012-04-15 12:00 - 00000000 ____D C:\Users\Dan\AppData\Local\{C92D1E88-971C-429E-9407-E1372528925F}
    2012-04-15 10:30 - 2012-04-15 10:29 - 00000000 ____D C:\Users\Dan\AppData\Local\{200525F7-7A2C-40F3-B11F-0ED290724205}
    2012-04-15 10:29 - 2012-04-15 10:29 - 00000000 ____D C:\Users\Dan\AppData\Local\{8A23F49B-947D-499B-93BF-A9B1369C1F10}
    2012-04-15 06:53 - 2012-04-15 06:52 - 00000000 ____D C:\Users\Dan\AppData\Local\{001447A5-E8AC-4148-BF74-0CC2A3FE1312}
    2012-04-15 06:52 - 2012-04-15 06:52 - 00000000 ____D C:\Users\Dan\AppData\Local\{96615B36-7041-4119-AD51-A990AD086E67}
    2012-04-14 21:47 - 2012-04-14 21:47 - 00000000 ____D C:\Users\Dan\AppData\Local\{066F8E0B-8095-4A50-A862-4339E046BCC9}
    2012-04-14 21:47 - 2012-04-14 21:46 - 00000000 ____D C:\Users\Dan\AppData\Local\{B98BF740-8AFB-4EC7-8D5C-0F4E1B5B8F8D}
    2012-04-14 20:55 - 2012-04-14 20:55 - 00000000 ____D C:\Users\Dan\AppData\Local\{3620FBEB-5E27-4435-A9CF-E406A439C098}
    2012-04-12 13:18 - 2012-04-12 13:18 - 00000000 ____D C:\Users\Dan\AppData\Local\{289E7A9A-F7A4-4C5A-A9A0-68AE3E9FC9C5}
    2012-04-11 12:06 - 2012-04-11 12:06 - 00000000 ____D C:\Users\Dan\AppData\Local\{CFE8456A-0DC7-431D-9AD9-AC4DDE28BBF2}
    2012-04-10 18:35 - 2012-04-10 18:35 - 00000000 ____D C:\Users\Dan\AppData\Local\{5AC8C7B1-EAAA-4D8E-8FA1-5CB9EC0D83D8}
    2012-04-10 06:34 - 2012-04-10 06:34 - 00000000 ____D C:\Users\Dan\AppData\Local\{690F5274-1D0B-4683-BD0F-E913050653B3}
    2012-04-08 19:49 - 2012-04-08 19:49 - 00000000 ____D C:\Users\Dan\AppData\Local\{D3E9AA25-4DDE-4055-BEE1-18C40A245693}
    2012-04-07 17:26 - 2012-04-07 17:26 - 00000000 ____D C:\Users\Dan\AppData\Local\{9EB31EA6-FD66-4AB5-8581-B9FF10482522}
    2012-04-07 04:31 - 2012-06-12 19:57 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-04-07 03:26 - 2012-06-12 19:57 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-04-06 19:57 - 2012-04-06 19:57 - 00000000 ____D C:\Users\Dan\AppData\Local\{5CAF6C13-7703-46E0-B8DC-2A17AF897AE1}
    2012-04-06 12:36 - 2012-04-06 12:33 - 00000000 ____D C:\Users\Dan\Desktop\KS
    2012-04-06 07:56 - 2012-04-06 07:56 - 00000000 ____D C:\Users\Dan\AppData\Local\{9A92BE3D-A3E3-43E7-8CCF-3D4A68AB3306}
    2012-04-05 12:16 - 2012-04-05 12:15 - 00000000 ____D C:\Users\Dan\AppData\Local\{6D80198A-0CFF-4B1C-A60F-739592A12DB4}
    2012-04-04 14:56 - 2011-04-09 02:02 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-04-04 09:56 - 2012-04-04 09:56 - 00000000 ____D C:\Users\Dan\AppData\Local\{FBE0F65A-5C89-48CC-A291-1201A42955BF}
    2012-04-03 21:56 - 2012-04-03 21:56 - 00000000 ____D C:\Users\Dan\AppData\Local\{37CADD5A-0823-4C5D-99B9-AFD6E282D5C7}
    2012-04-02 08:38 - 2012-04-02 08:38 - 00000000 ____D C:\Users\Dan\AppData\Local\{D3F03256-E6FF-40A9-8A75-F5BFD18E95C9}
    2012-04-01 12:41 - 2012-04-01 12:40 - 00000000 ____D C:\Users\Dan\AppData\Local\{714DC18E-57DE-43E0-B0EE-752FA3D143B7}
    2012-03-31 18:17 - 2012-03-31 18:16 - 00000000 ____D C:\Users\Dan\AppData\Local\{D3BABD7A-
     
  8. LobowolfXXX

    LobowolfXXX TS Rookie Topic Starter Posts: 28

    B89B-438B-BCFB-EA6774C6FA24}
    2012-03-31 06:16 - 2012-03-31 06:16 - 00000000 ____D C:\Users\Dan\AppData\Local\{7623A18D-BB2D-4A8C-B611-CF8D92681865}
    2012-03-30 14:59 - 2011-10-13 11:03 - 00000000 ____D C:\Users\Dan\Desktop\Law
    2012-03-30 11:06 - 2012-03-30 11:06 - 00000000 ____D C:\Users\Dan\AppData\Local\{F9BCCF2E-9F0B-4527-81AD-0936220D2432}
    2012-03-30 03:35 - 2012-05-09 16:41 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-03-29 21:52 - 2012-03-29 21:52 - 00000000 ____D C:\Users\Dan\AppData\Local\{3FF4B51E-F29F-44C6-ACC2-9C5F69FBE8D6}
    2012-03-29 09:35 - 2012-03-29 09:35 - 00000000 ____D C:\Users\Dan\AppData\Local\{6743759E-CDE0-4370-BA20-36115B26DE69}
    2012-03-28 19:31 - 2012-03-28 19:31 - 00000000 ____D C:\Users\Dan\AppData\Local\{6FDA3A20-C643-40E2-988D-515306BE7139}
    2012-03-27 22:30 - 2012-03-27 22:30 - 00000000 ____D C:\Users\Dan\AppData\Local\{C12F1399-FCBA-4247-97A5-6417A2D321D3}
    2012-03-27 22:30 - 2012-03-27 22:30 - 00000000 ____D C:\Users\Dan\AppData\Local\{8CE4D224-C443-4309-BB39-6C3003381ACA}
    2012-03-27 10:29 - 2012-03-27 10:29 - 00000000 ____D C:\Users\Dan\AppData\Local\{7CBC2F91-A65B-4210-9865-CABD9F8DC4CE}
    2012-03-27 10:29 - 2012-03-27 10:29 - 00000000 ____D C:\Users\Dan\AppData\Local\{6A39E0D1-2491-4D50-B0C1-680B96825860}

    ZeroAccess:
    C:\Windows\Installer\{2530ad49-bb07-94ba-ed79-1caa08e8bbf1}
    C:\Windows\Installer\{2530ad49-bb07-94ba-ed79-1caa08e8bbf1}\@
    C:\Windows\Installer\{2530ad49-bb07-94ba-ed79-1caa08e8bbf1}\L
    C:\Windows\Installer\{2530ad49-bb07-94ba-ed79-1caa08e8bbf1}\U
    C:\Windows\Installer\{2530ad49-bb07-94ba-ed79-1caa08e8bbf1}\U\800000cb.@

    ZeroAccess:
    C:\Users\Dan\AppData\Local\{2530ad49-bb07-94ba-ed79-1caa08e8bbf1}
    C:\Users\Dan\AppData\Local\{2530ad49-bb07-94ba-ed79-1caa08e8bbf1}\@
    C:\Users\Dan\AppData\Local\{2530ad49-bb07-94ba-ed79-1caa08e8bbf1}\L
    C:\Users\Dan\AppData\Local\{2530ad49-bb07-94ba-ed79-1caa08e8bbf1}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 14%
    Total physical RAM: 4084.48 MB
    Available physical RAM: 3490 MB
    Total Pagefile: 4082.63 MB
    Available Pagefile: 3476.08 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: (TI105861W0D) (Fixed) (Total:453.79 GB) (Free:375.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive e: (DRAWMEATREE) (CDROM) (Total:7.04 GB) (Free:0 GB) UDF
    4 Drive f: (LATHAM) (Removable) (Total:0.49 GB) (Free:0.46 GB) FAT
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 503 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 1500 MB 1024 KB
    Partition 2 Primary 453 GB 1501 MB
    Partition 3 Primary 10 GB 455 GB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

    ======================================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C TI105861W0D NTFS Partition 453 GB Healthy

    ======================================================================================================

    Disk: 0
    Partition 3
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ======================================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 503 MB 16 KB

    ======================================================================================================

    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F LATHAM FAT Removable 503 MB Healthy

    ======================================================================================================

    ==========================================================

    Last Boot: 2011-09-27 17:34

    ======================= End Of Log ==========================
     
  9. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to UBCD and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
     
  10. LobowolfXXX

    LobowolfXXX TS Rookie Topic Starter Posts: 28

    Farbar Recovery Scan Tool Version: 24-06-2012
    Ran by SYSTEM at 2012-06-24 15:24:57
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
     
  11. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart computer normally and...

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  12. LobowolfXXX

    LobowolfXXX TS Rookie Topic Starter Posts: 28

    Here's the fixlog. I'm moving on to the other steps now.


    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 24-06-2012
    Ran by SYSTEM at 2012-06-24 15:53:54 Run:1
    Running from F:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\Installer\{2530ad49-bb07-94ba-ed79-1caa08e8bbf1} moved successfully.
    C:\Users\Dan\AppData\Local\{2530ad49-bb07-94ba-ed79-1caa08e8bbf1} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
     
  13. LobowolfXXX

    LobowolfXXX TS Rookie Topic Starter Posts: 28

    Combofix ran fine and finished, but I can't get back on the internet. My computer is saying that I'm connected to my home's wireless network (through which other computers are currently connected), but it's not letting me on.
     
  14. LobowolfXXX

    LobowolfXXX TS Rookie Topic Starter Posts: 28

    ComboFix 12-06-24.03 - Dan 06/24/2012 16:16:57.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4084.2428 [GMT -7:00]
    Running from: c:\users\Dan\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
    SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\657405y0j711t125n073v2rlu0r2
    c:\programdata\6c2c9f7c19cc348bc2ecb60e6fdb722fe298a6fd
    c:\programdata\uJ422WwP.exe
    c:\users\Dan\Documents\~WRL0003.tmp
    c:\users\Dan\Documents\~WRL0005.tmp
    c:\users\Dan\Documents\~WRL3676.tmp
    c:\users\Dan\Documents\~WRL3881.tmp
    c:\windows\system32\Thumbs.db
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-24 23:26 . 2012-06-24 23:26 -------- d-----w- c:\users\Dan\AppData\Roaming\TeamViewer
    2012-06-24 23:24 . 2012-06-24 23:24 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-24 21:37 . 2012-06-24 21:39 -------- d-----w- C:\FRST
    2012-06-23 23:01 . 2012-06-23 23:01 -------- d-----w- c:\program files\CCleaner
    2012-06-23 22:41 . 2012-06-23 22:54 -------- d-----w- c:\programdata\HitmanPro
    2012-06-23 04:23 . 2012-06-23 04:23 -------- d-sh--w- c:\programdata\oy8XOlg2sbfSWB
    2012-06-13 03:57 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-06-10 20:14 . 2012-06-10 20:14 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-10 20:14 . 2012-06-10 20:14 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-15 10:48 . 2012-05-23 15:06 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
    2012-05-15 10:48 . 2012-05-23 15:06 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2012-05-15 10:48 . 2012-05-23 15:06 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
    2012-05-15 10:48 . 2012-05-23 15:06 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2012-05-15 10:48 . 2012-05-23 15:06 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-05-15 10:48 . 2012-05-23 15:06 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-05-15 10:48 . 2012-05-23 15:06 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2012-05-15 10:48 . 2012-05-23 15:06 8139072 ----a-w- c:\windows\system32\nvcuda.dll
    2012-05-15 10:48 . 2012-05-23 15:06 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2012-05-15 10:48 . 2012-05-23 15:06 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2012-05-15 10:48 . 2012-05-23 15:06 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-05-15 10:48 . 2012-05-23 15:06 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
    2012-05-15 10:48 . 2012-05-23 15:06 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2012-05-15 10:48 . 2011-09-16 19:19 68928 ----a-w- c:\windows\system32\OpenCL.dll
    2012-05-15 10:48 . 2011-09-16 19:19 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2012-05-15 10:48 . 2011-09-12 15:16 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
    2012-05-15 10:48 . 2011-09-12 15:16 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
    2012-05-15 10:48 . 2010-01-16 08:02 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2012-05-15 10:48 . 2010-01-16 08:02 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2012-05-15 10:48 . 2009-12-07 01:30 2741568 ----a-w- c:\windows\system32\nvapi64.dll
    2012-05-15 10:48 . 2009-12-07 01:30 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2012-05-15 09:29 . 2010-01-18 05:44 889664 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-05-15 09:29 . 2010-01-18 05:44 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
    2012-05-15 09:29 . 2010-01-18 05:44 118080 ----a-w- c:\windows\system32\nvmctray.dll
    2012-05-15 09:29 . 2009-12-07 17:02 63296 ----a-w- c:\windows\system32\nvshext.dll
    2012-05-15 09:29 . 2010-01-18 05:44 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
    2012-05-15 09:28 . 2010-01-18 05:44 6151488 ----a-w- c:\windows\system32\nvcpl.dll
    2012-05-09 19:21 . 2012-05-17 05:12 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-05-09 19:21 . 2011-09-28 05:39 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-04-18 17:08 . 2012-05-23 15:06 31040 ----a-w- c:\windows\system32\nvhdap64.dll
    2012-04-18 17:08 . 2012-05-23 15:06 188736 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
    2012-04-18 17:08 . 2012-05-23 15:06 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
    2012-04-04 22:56 . 2011-04-09 10:02 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-30 11:35 . 2012-05-10 00:41 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll" [2012-06-11 1524056]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-14 39408]
    "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-04-19 15146376]
    "GameXN GO"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-09 347008]
    "b6jcgvAHL"="c:\programdata\oy8XOlg2sbfSWB\Y5xkSVzVWD4sthWP\L55sp76B5np740\tkKLFoADIKs6k\SUjBQoPeYelf\bPw84MTuWvN35R\rNGZaBBdw.exe" [2012-06-23 31231801]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
    "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
    "NortonOnlineBackupReminder"="c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256]
    "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-24 2454840]
    "HostManager"="c:\program files (x86)\Common Files\AOL\1277704962\ee\AOLSoftware.exe" [2010-02-10 41800]
    "BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
    "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-14 421160]
    "PrintServer Diagnostic"="c:\program files (x86)\Print Server2\PTP\PSDiagnostic.exe" [2004-11-25 266240]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    c:\users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-13 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
    @=""
    .
    R1 SASDIFSV;SASDIFSV;c:\users\Dan\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
    R1 SASKUTIL;SASKUTIL;c:\users\Dan\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-28 135664]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-28 135664]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]
    R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
    S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
    S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-03-25 810120]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
    S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2011-11-17 2560]
    S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-09-02 115056]
    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
    S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x]
    S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdgx64.sys [x]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
    S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
    S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-24 c:\windows\Tasks\Free File Viewer Update Checker.job
    - c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2010-11-11 19:25]
    .
    2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-28 05:37]
    .
    2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-28 05:37]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ThpSrv"="c:\windows\system32\thpsrv" [X]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]
    "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
    "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 709976]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-25 2839840]
    "VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\llnx2h19.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aolTB50CL-chromesbox-en-us
    FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-aolTB50CL-ab-en-us&query=
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
    Toolbar-Locked - (no file)
    HKLM-Run-HDMICtrlMan - c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
    HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
    HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
    HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
    HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
    HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    AddRemove-FoxTab Media Player - c:\program files (x86)\FoxTabFLVPlayer\Uninstall\Uninstall.exe
    AddRemove-Trader Workstation - c:\windows\system32\javaws.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
    "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$I&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F]
    "1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
    d5,42,54,3b,7e,24,3e,19,f8
    "2"=hex:74,3a,ea,7a,01,1a,f6,06,21,62,93,b5,cb,23,e3,91,85,38,0e,f8,ce,56,2c,
    d2,a4,f2,d0,33,2d,ee,33,13
    "3"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
    d5,be,55,66,4e,06,ba,4c,d8,66,9a,0f,4f,39,c4,a1,1d,fa,72,08,2f,25,9c,e8,b6,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$I&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F\D26BD25DC85E777542CA969E56548E46]
    "1"=hex:c0,52,20,b1,47,91,30,5f,58,6a,ea,d4,ff,71,4b,c6,a8,87,6f,5a,78,c6,5d,
    5b,22,26,64,2f,88,eb,a4,7b
    "2"=hex:2e,2a,64,cc,69,b1,fa,45
    "3"=hex:86,66,03,06,89,8e,9d,a3,06,17,94,c5,23,94,55,f5,00,b5,44,3b,73,36,0d,
    21,8f,76,99,bb,cd,2d,44,93,93,b6,87,bc,e5,d6,f1,26,47,22,e1,e5,51,d9,ec,95,\
    "4"=hex:2f,ad,a2,e7,8a,bf,05,5e
    "5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
    1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
    "6"=hex:c0,52,20,b1,47,91,30,5f,58,6a,ea,d4,ff,71,4b,c6,a8,87,6f,5a,78,c6,5d,
    5b,8c,75,7b,03,a2,57,45,f3,7d,9a,95,05,b8,ad,07,d6,8a,81,08,3a,da,7f,4f,29,\
    "7"=hex:9c,0f,26,c5,43,55,e2,9e,79,40,de,a7,ca,bc,f3,99,99,4d,91,38,55,4f,0b,
    a5,8f,9b,e5,fc,d6,5f,45,dd,f6,df,ab,53,85,3c,a2,16,6d,58,d5,44,e1,b2,db,fb,\
    "8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,dd,5f,b3,ed,0b,f3,84,
    77,45,a9,de,2e,a4,95,f6,88,d1,8e,cf,5a,45,90,66,fc,23,93,03,59,55,2d,c6,bd,\
    "9"=hex:81,20,8f,ab,28,6a,52,9c
    "18"=hex:4b,72,8f,bc,6c,3f,e4,15
    "10"=hex:81,20,8f,ab,28,6a,52,9c
    "11"=hex:81,20,8f,ab,28,6a,52,9c
    "12"=hex:05,0c,6b,5f,6a,e7,f2,0c,7b,5d,7e,4f,98,94,49,3c,08,30,53,db,b5,36,5a,
    12,fc,04,63,b0,bd,11,3b,3b,f2,cb,44,61,2e,42,17,38,30,b2,34,94,56,a2,ce,d2,\
    "13"=hex:55,c2,ec,dd,1b,5b,87,c5,9c,06,6b,0b,f0,a2,40,58,36,88,0f,00,5a,a1,f6,
    0b
    "14"=hex:dd,25,64,f3,20,04,ef,cb
    "24"=hex:81,20,8f,ab,28,6a,52,9c
    "26"=hex:81,20,8f,ab,28,6a,52,9c
    "27"=hex:81,20,8f,ab,28,6a,52,9c
    "19"=hex:f9,15,03,41,f4,b7,0c,d1,1a,2e,f4,1f,4d,6e,68,c4
    "22"=hex:81,20,8f,ab,28,6a,52,9c
    "15"=hex:89,16,99,f7,70,4e,1d,5f,63,c5,26,4f,e0,0c,92,99,f7,48,f8,1b,96,ca,89,
    e5,1a,ea,1e,5d,4c,7e,e8,e3,80,83,f8,2b,48,64,04,b0,ea,63,3d,68,13,28,07,a9,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$I&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB]
    "1"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,d6,9f,52,ce,23,dc,1a,
    c2
    "2"=hex:d1,c8,c3,5e,08,10,b9,8f,1e,fd,a6,7c,f5,6d,b0,f3,a6,71,8f,f8,ab,bd,bd,
    76,64,10,04,f0,92,77,f9,20
    "3"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,ac,98,11,9b,be,95,83,
    07,ae,ba,7e,d8,e6,d6,56,50,c4,dc,bb,7b,18,78,a4,de,04,5c,25,4e,9f,d7,39,6d
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$I&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB\DBF31101A5C3B93315CBBEA90ED13257]
    "1"=hex:05,63,4e,ca,af,1d,39,e0,e8,3b,06,bc,35,26,5b,04,02,70,fd,49,72,ea,3f,
    0d,c1,ed,7b,62,a7,87,bb,89
    "2"=hex:c6,d7,96,b5,5f,fa,3f,77
    "3"=hex:35,4f,bd,24,f4,ff,1d,e6,1f,8b,ea,de,24,6b,4b,03,7e,2c,ae,6b,69,82,4d,
    61,99,79,85,94,21,41,ce,93,21,d2,1a,d7,12,1f,8c,68,a6,a5,ff,ee,42,ec,f5,27,\
    "4"=hex:2f,ad,a2,e7,8a,bf,05,5e
    "5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
    1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
    "6"=hex:05,63,4e,ca,af,1d,39,e0,e8,3b,06,bc,35,26,5b,04,02,70,fd,49,72,ea,3f,
    0d,38,a0,6c,90,31,db,5a,af,1a,99,07,f1,ef,d1,93,a4,80,fd,34,8b,e9,c5,e1,a0,\
    "7"=hex:3b,e8,2f,01,6c,32,33,d8,e1,d7,f3,f6,0e,0a,fa,46,62,39,09,43,d3,da,73,
    d4,4e,db,d0,f9,b1,fb,0a,f1,d3,99,57,af,7d,98,93,fd,a5,1e,64,b6,5b,35,28,e1,\
    "8"=hex:63,5a,d7,1b,b1,d4,18,46,3c,25,e7,95,a9,cd,5a,04,96,a6,43,00,08,a7,a8,
    d1,a4,cd,ac,42,1d,60,62,ae,4b,ee,0e,92,e7,bf,f1,1a
    "9"=hex:81,20,8f,ab,28,6a,52,9c
    "18"=hex:4b,72,8f,bc,6c,3f,e4,15
    "10"=hex:81,20,8f,ab,28,6a,52,9c
    "11"=hex:81,20,8f,ab,28,6a,52,9c
    "12"=hex:fb,49,8e,8a,e1,88,6c,77,f4,d6,c4,14,d5,18,6b,97,ae,40,37,a0,e6,5c,11,
    15,86,b5,53,01,4d,75,1a,6a,2a,45,7d,7c,ac,a9,63,3d,fe,6c,e5,92,b2,eb,13,d4,\
    "13"=hex:d0,10,23,f6,a8,4f,4a,53,31,a8,38,4d,41,49,59,4a,98,82,a7,a2,6d,5a,ec,
    40
    "14"=hex:79,6a,b1,0b,fb,82,9f,17
    "24"=hex:81,20,8f,ab,28,6a,52,9c
    "26"=hex:81,20,8f,ab,28,6a,52,9c
    "27"=hex:81,20,8f,ab,28,6a,52,9c
    "19"=hex:0d,08,86,72,91,5d,e3,bf,a2,0d,fc,d5,c9,fe,2c,cd
    "22"=hex:81,20,8f,ab,28,6a,52,9c
    "15"=hex:3b,0c,4d,b3,79,79,33,9b,c4,65,a4,fd,16,13,8b,a4,a6,0d,9f,81,8c,50,22,
    8b,8f,9f,cf,80,b9,99,e0,68,80,4f,34,27,61,a4,f4,b6,b1,b8,33,2a,a1,80,e8,df,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Swearware\backup\winsock2\Parameters]
    @DACL=(02 0000)
    @SACL=
    "NameSpace_Callout"=expand:"%SystemRoot%\\System32\\fwpuclnt.dll"
    "WinSock_Registry_Version"="2.0"
    "AutodialDLL"="rasadhlp.dll"
    "Current_NameSpace_Catalog"="NameSpace_Catalog5"
    "Current_Protocol_Catalog"="Protocol_Catalog9"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\system32\DRIVERS\o2flash.exe
    c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-24 16:31:31 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-24 23:31
    .
    Pre-Run: 403,465,166,848 bytes free
    Post-Run: 402,833,612,800 bytes free
    .
    - - End Of File - - C318F2F71F9476337BDFF872EDFC4B94
     
  15. LobowolfXXX

    LobowolfXXX TS Rookie Topic Starter Posts: 28

    Still no internet access, though.
     
  16. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Let's see what's going on....

    Please download Farbar Service Scanner Download Link and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center/Action Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     
  17. LobowolfXXX

    LobowolfXXX TS Rookie Topic Starter Posts: 28

    Farbar Service Scanner Version: 24-06-2012 01
    Ran by Dan (administrator) on 24-06-2012 at 18:46:51
    Running from "E:\"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    There is no connection to network.
    Google IP is accessible.
    Attempt to access Google.com returned error: Other errors
    Yahoo IP is accessible.
    Attempt to access Yahoo.com returned error: Other errors

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  18. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    All those settings are fine.

    Please download MiniToolBox, save it to your desktop and run it.

    Checkmark following boxes:
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Devices (do NOT change any settings)
    • List Users, Partitions and Memory size
    Click Go and post the result.
     
  19. LobowolfXXX

    LobowolfXXX TS Rookie Topic Starter Posts: 28

    MiniToolBox by Farbar Version: 09-06-2012
    Ran by Dan (administrator) on 24-06-2012 at 19:22:58
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ***************************************************************************
    ========================= IE Proxy Settings: ==============================
    Proxy is not enabled.
    No Proxy Server is set.
    ========================= FF Proxy Settings: ==============================
    ========================= Hosts content: =================================
    127.0.0.1 localhost
    ========================= IP Configuration: ================================
    Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection 2 (Connected)
    Atheros AR8131 PCI-E Gigabit Ethernet Controller = Local Area Connection 2 (Media disconnected)

    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4
    reset
    set global

    popd
    # End of IPv4 configuration

    Windows IP Configuration
    Host Name . . . . . . . . . . . . : LawMonster
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Broadcast
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    Wireless LAN adapter Wireless Network Connection 2:
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC #2
    Physical Address. . . . . . . . . : 70-F1-A1-A7-6C-B5
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::c1fe:2880:94aa:1cda%15(Preferred)
    Autoconfiguration IPv4 Address. . : 169.254.28.218(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.0.0
    Default Gateway . . . . . . . . . :
    DHCPv6 IAID . . . . . . . . . . . : 359723425
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-9A-80-D6-C8-0A-A9-AE-04-29
    DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
    fec0:0:0:ffff::2%1
    fec0:0:0:ffff::3%1
    NetBIOS over Tcpip. . . . . . . . : Enabled
    Ethernet adapter Local Area Connection 2:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Atheros AR8131 PCI-E Gigabit Ethernet Controller
    Physical Address. . . . . . . . . : C8-0A-A9-AE-04-29
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Tunnel adapter Teredo Tunneling Pseudo-Interface:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Tunnel adapter isatap.{89AEED7C-6744-47E5-9429-8FBC86D5A94B}:
    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #8
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Server: UnKnown
    Address: fec0:0:0:ffff::1
    Ping request could not find host google.com. Please check the name and try again.
    Server: UnKnown
    Address: fec0:0:0:ffff::1
    Ping request could not find host yahoo.com. Please check the name and try again.
    Server: UnKnown
    Address: fec0:0:0:ffff::1
    Ping request could not find host bleepingcomputer.com. Please check the name and try again.
    Pinging 127.0.0.1 with 32 bytes of data:
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
    Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
    ===========================================================================
    Interface List
    15...70 f1 a1 a7 6c b5 ......Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC #2
    14...c8 0a a9 ae 04 29 ......Atheros AR8131 PCI-E Gigabit Ethernet Controller
    1...........................Software Loopback Interface 1
    23...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
    25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #8
    ===========================================================================
    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
    127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
    127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    169.254.0.0 255.255.0.0 On-link 169.254.28.218 281
    169.254.28.218 255.255.255.255 On-link 169.254.28.218 281
    169.254.255.255 255.255.255.255 On-link 169.254.28.218 281
    224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 169.254.28.218 281
    255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    255.255.255.255 255.255.255.255 On-link 169.254.28.218 281
    ===========================================================================
    Persistent Routes:
    None
    IPv6 Route Table
    ===========================================================================
    Active Routes:
    If Metric Network Destination Gateway
    1 306 ::1/128 On-link
    15 281 fe80::/64 On-link
    15 281 fe80::c1fe:2880:94aa:1cda/128
    On-link
    1 306 ff00::/8 On-link
    15 281 ff00::/8 On-link
    ===========================================================================
    Persistent Routes:
    None
    ========================= Winsock entries =====================================
    Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
    Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
    Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
    Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
    Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
    Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
    x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
    x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
    x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
    x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
    x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
    x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    ========================= Event log errors: ===============================
    Application errors:
    ==================
    Error: (06/24/2012 05:05:09 PM) (Source: CVHSVC) (User: )
    Description: Information only.
    (Patch task for {90140011-0062-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved
    Error: (06/24/2012 04:56:47 PM) (Source: TOSHIBA Service Station) (User: )
    Description: TSS Load: could not communicate with TMachInfo service
    Error: (06/24/2012 04:53:34 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
    Description: Product: Microsoft Works - Update 'Security Update for Microsoft Works 9 (KB2680317)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
    Error: (06/24/2012 04:53:34 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
    Description: Product: Microsoft Works -- Error 1606.Could not access network location %APPDATA%\.
    Error: (06/24/2012 04:53:34 PM) (Source: MsiInstaller) (User: SYSTEM)SYSTEM
    Description: Product: Microsoft Works -- Error 1606.Could not access network location %APPDATA%\.
    Error: (06/24/2012 04:50:30 PM) (Source: CVHSVC) (User: )
    Description: Information only.
    (Patch task for {90140011-0062-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved
    Error: (06/24/2012 04:42:03 PM) (Source: TOSHIBA Service Station) (User: )
    Description: TSS Load: could not communicate with TMachInfo service
    Error: (06/24/2012 04:36:09 PM) (Source: CVHSVC) (User: )
    Description: Information only.
    (Patch task for {90140011-0062-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved
    Error: (06/24/2012 04:21:55 PM) (Source: CVHSVC) (User: )
    Description: Information only.
    (Patch task for {90140011-0062-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved
    Error: (06/24/2012 04:13:25 PM) (Source: TOSHIBA Service Station) (User: )
    Description: TSS Load: could not communicate with TMachInfo service

    System errors:
    =============
    Error: (06/24/2012 04:59:39 PM) (Source: DCOM) (User: )
    Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}
    Error: (06/24/2012 04:55:07 PM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    SASDIFSV
    SASKUTIL
    Error: (06/24/2012 04:54:41 PM) (Source: Service Control Manager) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%10022
    Error: (06/24/2012 04:53:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Works 9 (KB2680317).
    Error: (06/24/2012 04:40:28 PM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    SASDIFSV
    SASKUTIL
    Error: (06/24/2012 04:40:06 PM) (Source: Service Control Manager) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%10022
    Error: (06/24/2012 04:39:59 PM) (Source: EventLog) (User: )
    Description: The previous system shutdown at 4:38:22 PM on ?6/?24/?2012 was unexpected.
    Error: (06/24/2012 04:26:07 PM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    SASDIFSV
    SASKUTIL
    Error: (06/24/2012 04:25:44 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Defender service terminated with the following error:
    %%126
    Error: (06/24/2012 04:25:36 PM) (Source: Service Control Manager) (User: )
    Description: The IPsec Policy Agent service terminated with the following error:
    %%10022

    Microsoft Office Sessions:
    =========================
    ========================= Devices: ================================
    Name: SASDIFSV
    Description: SASDIFSV
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: SASDIFSV
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.
    Name: SASKUTIL
    Description: SASKUTIL
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: SASKUTIL
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    ========================= Memory info: ===================================
    Percentage of memory in use: 42%
    Total physical RAM: 4084.48 MB
    Available physical RAM: 2359.61 MB
    Total Pagefile: 8167.15 MB
    Available Pagefile: 6284.23 MB
    Total Virtual: 4095.88 MB
    Available Virtual: 3970.88 MB
    ========================= Partitions: =====================================
    1 Drive c: (TI105861W0D) (Fixed) (Total:453.79 GB) (Free:375.2 GB) NTFS
    2 Drive d: (DRAWMEATREE) (CDROM) (Total:7.04 GB) (Free:0 GB) UDF
    3 Drive e: (LATHAM) (Removable) (Total:0.49 GB) (Free:0.46 GB) FAT
    ========================= Users: ========================================
    User accounts for \\LAWMONSTER
    Administrator Dan Guest

    **** End of log ****
     
  20. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    It looks to me like a matter of adjusting some settings as "Default Gateway" value is missing.

    Make sure, your settings are correct.
    1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
    2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
    3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
    4. For a wired network connection, right-click Local Area Connection, and then select Properties.
    For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
    5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol version 4 (TCP/IPv4), make sure it is checked, and then click Properties
    6. Make sure Obtain an IP Address Automatically and Obtain DNS server address Automatically are checked.
    7. Click on "Advanced" button and make sure "IP Settings" tab looks like this:
    [​IMG]
    Make sure "DNS" tab looks like this:
    [​IMG]
    Make sure "WINS" tab looks like this:
    [​IMG]
    8. Still in Control Panel double click on "Internet options" then "Connections" tab then "LAN Settings" button. Make sure "Automatically detect settings" is checked.
    If you made any changes OK your way out.
    Restart computer.


    If that doesn't work...
    Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
    Reconnect everything.
    Restart computer.

    If that doesn't work, bypass router, and connect computer straight to the modem.

    If that doesn't work...
    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Restart computer.

    If that doesn't work...
    Go Start>Run (Start search in Vista and 7), type in:
    cmd
    Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

    At Command Prompt, type in:
    netsh int ip reset reset.log
    Hit Enter.
    Type in:
    netsh winsock reset catalog
    Hit Enter.

    Restart computer.
     
  21. LobowolfXXX

    LobowolfXXX TS Rookie Topic Starter Posts: 28

    I got up to the "flush dns" command, but when I tried the "registerdns" command, I got the message ""The requested operation requires elevation."
     
  22. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    That's because you don't read my instructions carefully.

     
  23. LobowolfXXX

    LobowolfXXX TS Rookie Topic Starter Posts: 28

    Busted. So, now I got through registerdns, but at "release," I'm getting "Windows IP Configuration. An error occurred while releasing interface Wireless Network Connection 2: An address has not yet been associated with the network endpoint. No operation can be performed on Local Area Connection 2 while it has its media disconnected."
     
  24. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Skip it.
     
  25. LobowolfXXX

    LobowolfXXX TS Rookie Topic Starter Posts: 28

    Got through the rest, but still not connecting.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...