Inactive Need help with Trojan:win64/sirefef.w

DannyA

Posts: 15   +0
Like the other poster who was infected with this virus my computer auto restarts after boot even in safe mode.

W7 Home Premium 64bit

Posting FRST log.
 
Scan result of Farbar Recovery Scan Tool Version: 07-07-2012 02
Ran by SYSTEM at 06-07-2012 22:17:31
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2770432 2010-02-10] (VIA)
HKLM-x32\...\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [248832 2012-01-14] ()
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" [313768 2012-05-29] (Razer USA Ltd)
HKU\Dan&Haz\...\Run: [Google Update] "C:\Users\Dan&Haz\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-05] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs:

==================== Services (Whitelisted) ======

4 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [124256 2009-04-22] ()
2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04-01] ()
2 DragonSvc; C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [296808 2010-07-23] (Nuance Communications, Inc.)
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-06-27] (LogMeIn Inc.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [57617752 2009-03-30] (Microsoft Corporation)
4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe /StartService [222208 2008-08-18] (NVIDIA)
4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -I SQLEXPRESS [427880 2009-03-30] (Microsoft Corporation)
2 UDisk Monitor; C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [512000 2011-05-12] ()
2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe /StartService [158208 2008-08-01] (NVIDIA)

========================== Drivers (Whitelisted) =============

1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13368 2009-04-05] ()
3 bcgame; C:\Windows\System32\Drivers\bcgame.sys [35328 2007-08-14] (Belkin Corporation)
2 cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x64.sys [21480 2010-07-09] (Windows (R) Win 7 DDK provider)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [270912 2011-10-19] (DT Soft Ltd)
3 Generalusbserialser20675; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [122368 2011-05-09] (Incorporated)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 massfilter_hs; C:\Windows\System32\Drivers\massfilter_hs.sys [11776 2010-10-20] (HandSet Incorporated)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
3 netr28ux; C:\Windows\System32\Drivers\netr28ux.sys [1660480 2011-09-09] (Ralink Technology Corp.)
3 NVR0Dev; \??\C:\Windows\nvoclk64.sys [40480 2008-08-18] (NVidia Corp.)
2 NVR0FLASHDev; \??\C:\Windows\nvflsh64.sys [40480 2008-08-01] (NVidia Corp.)
3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
3 rzdaendpt; C:\Windows\System32\Drivers\rzdaendpt.sys [26112 2012-05-07] (Razer USA Ltd)
3 rzvkeyboard; C:\Windows\System32\Drivers\rzvkeyboard.sys [20992 2012-05-14] (Razer USA Ltd)
3 WPN111; C:\Windows\System32\DRIVERS\WPN111vx.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-06 19:46 - 2012-07-06 19:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28CD3126AC90F66D
2012-07-06 19:40 - 2012-07-06 19:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3220167DB9834ECF
2012-07-06 19:37 - 2012-07-06 19:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0EC778CA7C0F9938
2012-07-06 19:34 - 2012-07-06 19:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.54B800A5BF41515A
2012-07-06 19:31 - 2012-07-06 19:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A45F5576FD5DD3FA
2012-07-06 19:28 - 2012-07-06 19:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ED4FFE12C66D94B8
2012-07-06 19:23 - 2012-07-06 19:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F115BF7CA0A5820D
2012-07-06 19:21 - 2012-07-06 19:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8768063590A183EB
2012-07-06 19:18 - 2012-07-06 19:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.47EFC44464B42130
2012-07-06 19:15 - 2012-07-06 19:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ABBAD16F98675739
2012-07-06 19:12 - 2012-07-06 19:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.339A7B72E145642A
2012-07-06 19:06 - 2012-07-06 19:07 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-06 19:06 - 2012-07-06 19:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-06 19:03 - 2012-07-06 19:03 - 12621696 ____A (Microsoft Corporation) C:\Users\Dan&Haz\Downloads\mseinstall.exe
2012-07-06 18:44 - 2012-07-06 18:44 - 00000087 ____A C:\users\setup.log
2012-07-06 18:44 - 2012-07-06 18:44 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2012-07-06 18:44 - 2012-07-06 18:44 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_rzdaendpt_01009.Wdf
2012-07-05 22:46 - 2012-07-05 22:46 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-05 22:41 - 2012-07-05 22:41 - 00140832 ____A C:\Windows\SysWOW64\Drivers\str.sys
2012-07-05 20:00 - 2012-07-05 20:00 - 08571656 ____A (Razer USA Ltd.) C:\Users\Dan&Haz\Downloads\Razer_Synapse2_v1.02.16.exe
2012-07-05 20:00 - 2012-07-05 20:00 - 00000000 ____D C:\Users\Dan&Haz\AppData\Local\Razer
2012-07-05 20:00 - 2012-07-05 20:00 - 00000000 ____D C:\Users\All Users\Razer
2012-07-05 09:10 - 2012-07-06 19:15 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1357503399-807939844-3328423691-1000UA.job
2012-07-05 09:10 - 2012-07-06 09:15 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1357503399-807939844-3328423691-1000Core.job
2012-07-05 09:10 - 2012-07-05 09:10 - 00739824 ____A (Google Inc.) C:\Users\Dan&Haz\Downloads\ChromeSetup.exe
2012-07-05 09:07 - 2012-07-05 09:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-07-01 04:57 - 2012-07-01 04:57 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-06-29 23:09 - 2012-07-04 18:08 - 00000000 ____D C:\Users\Dan&Haz\AppData\Roaming\Skype
2012-06-29 23:09 - 2012-06-29 23:10 - 00000000 ____D C:\Users\All Users\Skype
2012-06-29 23:09 - 2012-06-29 23:09 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-06-29 23:08 - 2012-06-29 23:08 - 00946352 ____A (Skype Technologies S.A.) C:\Users\Dan&Haz\Downloads\SkypeSetup.exe
2012-06-25 19:03 - 2012-06-25 19:03 - 00000193 ____A C:\Windows\WORDPAD.INI
2012-06-21 06:35 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 06:35 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 06:35 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 06:35 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 06:35 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 06:35 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 06:35 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 06:35 - 2012-06-02 13:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 06:35 - 2012-06-02 13:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-20 05:45 - 2012-06-20 05:45 - 00000000 ____D C:\Users\All Users\boost_interprocess
2012-06-19 20:26 - 2012-06-19 20:27 - 00000000 ____D C:\Users\Dan&Haz\AppData\Roaming\vlc
2012-06-19 20:25 - 2012-06-19 20:25 - 00000000 ____D C:\Users\Dan&Haz\AppData\Local\Ilivid Player
2012-06-19 20:23 - 2012-06-19 20:23 - 00516136 ____A (Bandoo Media Inc) C:\Users\Dan&Haz\Downloads\iLividSetupV1.exe
2012-06-19 20:16 - 2012-06-19 20:16 - 01058312 ____A C:\Users\Dan&Haz\Downloads\Fleetwood_MAc_-_Rumours_(DTS-CD).rar_downloader.exe
2012-06-19 20:16 - 2012-06-19 20:16 - 01058312 ____A C:\Users\Dan&Haz\Downloads\Fleetwood_Mac_-_Rumours[1977]_Pa_La_Raza.rar_downloader.exe
2012-06-12 20:26 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-12 20:26 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-12 20:26 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-12 20:26 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-12 20:25 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-12 20:25 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-12 20:25 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-12 20:25 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-12 20:25 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-12 20:25 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-12 20:25 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-12 20:25 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-12 20:25 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-12 20:25 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-12 20:25 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-12 20:25 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-12 20:25 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-12 20:25 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-12 20:25 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-12 20:25 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-12 20:25 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-12 20:25 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-12 20:25 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-12 20:25 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-12 20:25 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-12 20:25 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-12 20:25 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-12 20:25 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-12 18:00 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 18:00 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-12 18:00 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-12 18:00 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-12 18:00 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-12 18:00 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-12 18:00 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-12 18:00 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-11 04:54 - 2012-06-11 04:54 - 00000000 ____D C:\Users\Dan&Haz\AppData\Local\Macromedia
2012-06-07 09:33 - 2012-06-07 09:33 - 00268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-07 09:33 - 2012-06-07 09:33 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-07 09:33 - 2012-06-07 09:33 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-07 09:33 - 2012-06-07 09:33 - 00000000 ____D C:\Program Files\Java
2012-06-07 09:30 - 2012-06-07 09:30 - 21865936 ____A (Oracle Corporation) C:\Users\Dan&Haz\Downloads\jre-7u4-windows-x64 (1).exe
2012-06-07 09:20 - 2012-04-04 16:47 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-06-07 09:07 - 2012-06-07 09:33 - 00955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-06-07 09:07 - 2012-06-07 09:33 - 00839112 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-06-07 09:07 - 2012-06-07 09:07 - 21865936 ____A (Oracle Corporation) C:\Users\Dan&Haz\Downloads\jre-7u4-windows-x64.exe
2012-06-07 08:44 - 2012-06-07 08:44 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-06-07 08:43 - 2012-04-04 16:47 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll


============ 3 Months Modified Files ========================

2012-07-06 20:07 - 2011-05-18 09:01 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-06 20:07 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-06 20:07 - 2009-07-13 20:51 - 02205595 ____A C:\Windows\setupact.log
2012-07-06 19:46 - 2012-07-06 19:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28CD3126AC90F66D
2012-07-06 19:40 - 2012-07-06 19:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3220167DB9834ECF
2012-07-06 19:37 - 2012-07-06 19:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0EC778CA7C0F9938
2012-07-06 19:34 - 2012-07-06 19:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.54B800A5BF41515A
2012-07-06 19:31 - 2012-07-06 19:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A45F5576FD5DD3FA
2012-07-06 19:28 - 2012-07-06 19:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ED4FFE12C66D94B8
2012-07-06 19:23 - 2012-07-06 19:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F115BF7CA0A5820D
2012-07-06 19:21 - 2012-07-06 19:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8768063590A183EB
2012-07-06 19:18 - 2012-07-06 19:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.47EFC44464B42130
2012-07-06 19:17 - 2011-05-18 09:01 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-06 19:15 - 2012-07-06 19:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ABBAD16F98675739
2012-07-06 19:15 - 2012-07-05 09:10 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1357503399-807939844-3328423691-1000UA.job
2012-07-06 19:12 - 2012-07-06 19:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.339A7B72E145642A
2012-07-06 19:08 - 2010-08-31 00:33 - 02075920 ____A C:\Windows\WindowsUpdate.log
2012-07-06 19:07 - 2012-02-15 17:43 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-06 19:07 - 2011-05-17 20:39 - 00889758 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-06 19:03 - 2012-07-06 19:03 - 12621696 ____A (Microsoft Corporation) C:\Users\Dan&Haz\Downloads\mseinstall.exe
2012-07-06 18:59 - 2012-04-15 04:53 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-06 18:53 - 2009-07-13 20:45 - 00015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-06 18:53 - 2009-07-13 20:45 - 00015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-06 18:44 - 2012-07-06 18:44 - 00000087 ____A C:\users\setup.log
2012-07-06 18:44 - 2012-07-06 18:44 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2012-07-06 18:44 - 2012-07-06 18:44 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_rzdaendpt_01009.Wdf
2012-07-06 18:44 - 2011-03-28 20:31 - 00089016 ____A C:\Windows\DPINST.LOG
2012-07-06 09:15 - 2012-07-05 09:10 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1357503399-807939844-3328423691-1000Core.job
2012-07-06 09:13 - 2010-08-31 01:04 - 00064528 ____A C:\Users\Dan&Haz\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-06 09:13 - 2009-07-13 20:45 - 04873640 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-06 09:12 - 2010-09-03 23:39 - 00195874 ____A C:\Windows\PFRO.log
2012-07-05 22:41 - 2012-07-05 22:41 - 00140832 ____A C:\Windows\SysWOW64\Drivers\str.sys
2012-07-05 20:00 - 2012-07-05 20:00 - 08571656 ____A (Razer USA Ltd.) C:\Users\Dan&Haz\Downloads\Razer_Synapse2_v1.02.16.exe
2012-07-05 09:10 - 2012-07-05 09:10 - 00739824 ____A (Google Inc.) C:\Users\Dan&Haz\Downloads\ChromeSetup.exe
2012-07-05 08:45 - 2012-04-15 04:53 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-05 08:45 - 2011-05-18 08:59 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-05 08:08 - 2010-09-07 20:51 - 00113152 ____A C:\Users\Dan&Haz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-01 10:46 - 2009-07-13 21:13 - 00876274 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-29 23:08 - 2012-06-29 23:08 - 00946352 ____A (Skype Technologies S.A.) C:\Users\Dan&Haz\Downloads\SkypeSetup.exe
2012-06-25 19:03 - 2012-06-25 19:03 - 00000193 ____A C:\Windows\WORDPAD.INI
2012-06-19 20:23 - 2012-06-19 20:23 - 00516136 ____A (Bandoo Media Inc) C:\Users\Dan&Haz\Downloads\iLividSetupV1.exe
2012-06-19 20:16 - 2012-06-19 20:16 - 01058312 ____A C:\Users\Dan&Haz\Downloads\Fleetwood_MAc_-_Rumours_(DTS-CD).rar_downloader.exe
2012-06-19 20:16 - 2012-06-19 20:16 - 01058312 ____A C:\Users\Dan&Haz\Downloads\Fleetwood_Mac_-_Rumours[1977]_Pa_La_Raza.rar_downloader.exe
2012-06-12 20:30 - 2010-09-03 23:28 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-09 09:25 - 2011-12-29 11:38 - 00006721 ____A C:\Windows\System32\RaCoInst.log
2012-06-07 09:33 - 2012-06-07 09:33 - 00268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-06-07 09:33 - 2012-06-07 09:33 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-06-07 09:33 - 2012-06-07 09:33 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-06-07 09:33 - 2012-06-07 09:07 - 00955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-06-07 09:33 - 2012-06-07 09:07 - 00839112 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-06-07 09:30 - 2012-06-07 09:30 - 21865936 ____A (Oracle Corporation) C:\Users\Dan&Haz\Downloads\jre-7u4-windows-x64 (1).exe
2012-06-07 09:20 - 2011-10-22 21:09 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-07 09:20 - 2011-10-22 21:09 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-07 09:07 - 2012-06-07 09:07 - 21865936 ____A (Oracle Corporation) C:\Users\Dan&Haz\Downloads\jre-7u4-windows-x64.exe
2012-06-02 14:19 - 2012-06-21 06:35 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 06:35 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 06:35 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 06:35 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 06:35 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 06:35 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 06:35 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 13:19 - 2012-06-21 06:35 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 13:15 - 2012-06-21 06:35 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 11:22 - 2012-06-02 11:22 - 00346092 ____A C:\Users\Dan&Haz\Downloads\SLCC in Sandy, UT, USA.kmz
2012-05-30 18:02 - 2012-05-30 18:02 - 00739816 ____A (Google Inc.) C:\Users\Dan&Haz\Downloads\GoogleEarthSetup.exe
2012-05-18 23:55 - 2012-05-18 23:55 - 02056909 ____A C:\Users\Dan&Haz\Documents\Untitled (2).wma
2012-05-18 23:45 - 2012-05-18 23:45 - 00067839 ____A C:\Users\Dan&Haz\Documents\Untitled.wma
2012-05-17 18:47 - 2012-06-12 20:25 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-12 20:25 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-12 20:25 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-12 20:25 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-12 20:25 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-12 20:25 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-12 20:25 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-12 20:25 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-12 20:25 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-12 20:25 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-12 20:25 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-12 20:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-12 20:26 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-12 20:25 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-12 20:25 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-12 20:25 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-12 20:25 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-12 20:25 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-12 20:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-12 20:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-12 20:25 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-12 20:25 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-12 20:25 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-12 20:25 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-12 20:25 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-12 20:26 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-12 20:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-12 20:25 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-14 18:50 - 2012-05-14 18:50 - 00094208 ____A (Razer USA Ltd) C:\Windows\System32\Drivers\rzudd.sys
2012-05-14 18:50 - 2012-05-14 18:50 - 00020992 ____A (Razer USA Ltd) C:\Windows\System32\Drivers\rzvkeyboard.sys
2012-05-14 18:36 - 2012-05-14 18:36 - 00354816 ____A (Razer USA Ltd) C:\Windows\SysWOW64\rzdevicedll.dll
2012-05-14 18:36 - 2012-05-14 18:36 - 00165888 ____A (Razer USA Ltd) C:\Windows\SysWOW64\rzaudiodll.dll
2012-05-14 18:36 - 2012-05-14 18:36 - 00142848 ____A (Razer USA Ltd) C:\Windows\SysWOW64\rztouchdll.dll
2012-05-14 17:32 - 2012-06-12 18:00 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 21:46 - 2011-03-14 19:44 - 00010285 ____A C:\Windows\IE9_main.log
2012-05-12 21:45 - 2012-05-12 21:45 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-05-12 21:45 - 2012-05-12 21:45 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-05-12 21:45 - 2012-05-12 21:45 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-05-12 21:45 - 2012-05-12 21:45 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-05-12 21:45 - 2012-05-12 21:45 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-05-12 21:45 - 2012-05-12 21:45 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-05-12 21:45 - 2012-05-12 21:45 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-05-12 21:45 - 2012-05-12 21:45 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-05-12 21:45 - 2012-05-12 21:45 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-05-12 21:45 - 2012-05-12 21:45 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-05-12 21:45 - 2012-05-12 21:45 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-05-12 21:45 - 2012-05-12 21:45 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-05-12 21:45 - 2012-05-12 21:45 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-05-12 21:45 - 2012-05-12 21:45 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-05-12 21:45 - 2012-05-12 21:45 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-05-12 21:45 - 2012-05-12 21:45 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-05-12 21:45 - 2012-05-12 21:45 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-05-12 21:45 - 2012-05-12 21:45 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-05-12 21:45 - 2012-05-12 21:45 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-05-12 21:45 - 2012-05-12 21:45 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-05-12 21:45 - 2012-05-12 21:45 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-05-07 18:46 - 2012-05-07 18:46 - 00026112 ____A (Razer USA Ltd) C:\Windows\System32\Drivers\rzdaendpt.sys
2012-05-07 18:46 - 2012-05-07 18:46 - 00007168 ____A (Razer USA Ltd) C:\Windows\System32\Drivers\rzkbdhid.sys
2012-05-04 03:06 - 2012-06-12 18:00 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-12 18:00 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-12 18:00 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-29 00:53 - 2012-04-29 00:53 - 04542800 ____A (Microsoft Corporation) C:\Users\Dan&Haz\Downloads\vs_proweb.exe
2012-04-27 19:55 - 2012-06-12 18:00 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-12 18:00 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-12 18:00 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-12 18:00 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-21 21:50 - 2009-07-13 21:08 - 00032604 ____A C:\Windows\Tasks\SCHEDLGU.TXT

ZeroAccess:
C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}
C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\@
C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\L
C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\n
C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U
C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U\00000001.@
C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U\80000000.@
C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U\800000cb.@

ZeroAccess:
C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}
C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\@
C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\L
C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U
C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U\00000001.@
C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U\800000cb.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4095.18 MB
Available physical RAM: 3447.91 MB
Total Pagefile: 4093.32 MB
Available Pagefile: 3444.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:297.99 GB) (Free:50.88 GB) NTFS
3 Drive f: () (Removable) (Total:0.92 GB) (Free:0.88 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 944 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 297 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 297 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 943 MB 67 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 943 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-06-28 04:01

======================= End Of Log ==========================
 
Seems like this one is keeping you busy, posting "services.exe" FRST search log.


Farbar Recovery Scan Tool Version: 07-07-2012 02
Ran by SYSTEM at 2012-07-07 00:03:50
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======
 
Hi there. Welcome to the TechSpot forums!

FRST64 Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
2012-07-06 19:46 - 2012-07-06 19:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28CD3126AC90F66D
2012-07-06 19:40 - 2012-07-06 19:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3220167DB9834ECF
2012-07-06 19:37 - 2012-07-06 19:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0EC778CA7C0F9938
2012-07-06 19:34 - 2012-07-06 19:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.54B800A5BF41515A
2012-07-06 19:31 - 2012-07-06 19:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A45F5576FD5DD3FA
2012-07-06 19:28 - 2012-07-06 19:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ED4FFE12C66D94B8
2012-07-06 19:23 - 2012-07-06 19:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F115BF7CA0A5820D
2012-07-06 19:21 - 2012-07-06 19:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8768063590A183EB
2012-07-06 19:18 - 2012-07-06 19:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.47EFC44464B42130
2012-07-06 19:15 - 2012-07-06 19:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ABBAD16F98675739
2012-07-06 19:12 - 2012-07-06 19:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.339A7B72E145642A
C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}
C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\@
C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\L
C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\n
C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U
C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U\00000001.@
C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U\80000000.@
C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U\800000cb.@
C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}
C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\@
C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\L
C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U
C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U\00000001.@
C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U\800000cb.@
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
end



NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


OTL Run
Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    CreateRestorePoint
    %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
    %AppData%\Local\
    %systemroot%\system32\sysprep
    *.xpi /md5
    %systemroot%\Downloaded Program Files\
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.exe /md5
    "%WinDir%\$NtUninstallKB*$." /30
    %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    %USERPROFILE%\AppData\Local\ /s
    %systemroot%\Installer\ /s
    %systemroot%\system32\Cache\ /s
    %systemroot%\system32\config\systemprofile\Application Data /s
    %PROGRAMFILES%\*.
    %appdata%\*.*
    /md5start
    volsnap.sys
    services.exe
    userinit.exe
    afd.sys
    tcpip.sys
    netbt.sys
    ipsec.sys
    dnsrslvr.dll
    ipnathlp.dll
    netman.dll
    WMIsvc.dll
    srsvc.dll
    sr.sys
    wscsvc.dll
    wuauserv.dll
    qmgr.dll
    es.dll
    cryptsvc.dll
    svchost.exe
    rpcss.dll
    tdx.sys
    wininit.exe
    winlogon.exe
    atapi.sys
    explorer.exe
    /md5stop
  • Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time
Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr
 
After Fixlist, PC booted smoothly and no more auto restarts, very nice.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 07-07-2012 02
Ran by SYSTEM at 2012-07-07 11:52:12 Run:1
Running from F:\

==============================================

C:\Windows\System32\services.exe.28CD3126AC90F66D moved successfully.
C:\Windows\System32\services.exe.3220167DB9834ECF moved successfully.
C:\Windows\System32\services.exe.0EC778CA7C0F9938 moved successfully.
C:\Windows\System32\services.exe.54B800A5BF41515A moved successfully.
C:\Windows\System32\services.exe.A45F5576FD5DD3FA moved successfully.
C:\Windows\System32\services.exe.ED4FFE12C66D94B8 moved successfully.
C:\Windows\System32\services.exe.F115BF7CA0A5820D moved successfully.
C:\Windows\System32\services.exe.8768063590A183EB moved successfully.
C:\Windows\System32\services.exe.47EFC44464B42130 moved successfully.
C:\Windows\System32\services.exe.ABBAD16F98675739 moved successfully.
C:\Windows\System32\services.exe.339A7B72E145642A moved successfully.
C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270} moved successfully.
C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\@ not found.
C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\L not found.
C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\n not found.
C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U not found.
C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U\00000001.@ not found.
C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U\80000000.@ not found.
C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U\800000cb.@ not found.
C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270} moved successfully.
C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\@ not found.
C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\L not found.
C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U not found.
C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U\00000001.@ not found.
C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U\800000cb.@ not found.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====
 
OTL logfile created on: 7/7/2012 12:03:36 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Dan&Haz\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 65.99% Memory free
8.00 Gb Paging File | 6.47 Gb Available in Paging File | 80.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 50.86 Gb Free Space | 17.07% Space Free | Partition Type: NTFS

Computer Name: DANHAZ-PC | User Name: Dan&Haz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/07 12:02:42 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Dan&Haz\Desktop\OTL.exe
PRC - [2012/07/05 11:10:29 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\Dan&Haz\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/05/29 18:21:44 | 000,313,768 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/14 13:56:42 | 000,248,832 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/08/03 04:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/05/12 15:23:38 | 000,512,000 | ---- | M] () -- C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
PRC - [2011/04/14 12:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
PRC - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
PRC - [2009/04/01 22:27:28 | 000,090,112 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2007/12/19 12:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/12 22:34:07 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
MOD - [2012/06/12 22:33:56 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
MOD - [2012/06/12 22:33:53 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012/06/12 22:33:49 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
MOD - [2012/06/12 22:33:47 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012/05/09 14:55:29 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll
MOD - [2012/05/09 14:53:56 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/05/09 14:53:55 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll
MOD - [2012/05/09 14:53:55 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiagnostics.ni.dll
MOD - [2012/05/09 14:53:53 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll
MOD - [2012/05/09 14:49:59 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
MOD - [2012/05/09 11:26:28 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
MOD - [2012/05/09 11:23:51 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012/05/09 11:23:49 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012/05/09 11:23:47 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012/05/09 11:23:46 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012/05/09 11:23:41 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012/01/14 13:56:42 | 000,248,832 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
MOD - [2011/04/14 12:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/10/23 22:02:43 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/07/05 10:45:31 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/14 16:20:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/14 20:43:29 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/08/03 04:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/05/12 15:23:38 | 000,512,000 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe -- (UDisk Monitor)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/22 12:01:30 | 000,124,256 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2009/04/01 22:27:28 | 000,090,112 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2008/08/18 10:02:00 | 000,222,208 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2008/08/01 12:11:20 | 000,158,208 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/14 20:50:36 | 000,020,992 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzvkeyboard.sys -- (rzvkeyboard)
DRV:64bit: - [2012/05/14 20:50:18 | 000,094,208 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2012/05/07 20:46:02 | 000,026,112 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzdaendpt.sys -- (rzdaendpt)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/19 04:17:46 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/09/09 15:45:30 | 001,660,480 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2011/05/10 03:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/05/09 19:09:00 | 000,122,368 | ---- | M] (Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT_U_USBSER.sys -- (Generalusbserialser20675)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/23 22:51:33 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/10/23 22:51:33 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/10/23 22:50:52 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/10/20 17:10:08 | 000,011,776 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV:64bit: - [2010/10/01 00:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010/07/09 13:19:02 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010/03/23 16:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2010/01/11 18:05:20 | 001,290,752 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/15 21:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 04:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/10 14:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 16:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/04 22:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007/08/14 11:36:58 | 000,035,328 | ---- | M] (Belkin Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcgame.sys -- (bcgame)
DRV:64bit: - [2006/11/28 21:46:20 | 000,043,328 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCAMp50a64.sys -- (PCAMp50a64)
DRV:64bit: - [2006/11/28 21:46:20 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCASp50a64.sys -- (PCASp50a64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/18 10:04:02 | 000,040,480 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclk64.sys -- (NVR0Dev)
DRV - [2008/08/01 12:08:28 | 000,040,480 | ---- | M] (NVidia Corp.) [Kernel | Auto | Running] -- C:\Windows\nvflsh64.sys -- (NVR0FLASHDev)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3007394

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?PC=BNHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5E 73 46 77 B1 51 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{sear...00842&mntrId=ea9625c600000000000000259cf4b638
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3007394
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=390&systemid=406&sr=0&q="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Dan&Haz\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dan&Haz\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dan&Haz\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/30 21:28:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/05 11:07:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/07 11:19:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Dan&Haz\AppData\Roaming\Move Networks [2010/09/19 22:10:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/30 21:28:03 | 000,000,000 | ---D | M]

[2012/06/23 20:28:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan&Haz\AppData\Roaming\Mozilla\Extensions
[2012/07/04 20:17:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan&Haz\AppData\Roaming\Mozilla\Firefox\Profiles\freq8eoz.default\extensions
[2011/01/13 16:00:07 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Dan&Haz\AppData\Roaming\Mozilla\Firefox\Profiles\freq8eoz.default\extensions\support@ancestry.com
[2011/08/16 10:06:22 | 000,000,863 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Roaming\Mozilla\Firefox\Profiles\freq8eoz.default\searchplugins\conduit.xml
[2012/06/19 22:23:52 | 000,002,519 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Roaming\Mozilla\Firefox\Profiles\freq8eoz.default\searchplugins\Search_Results.xml
[2012/07/05 11:07:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/30 01:10:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/09/19 22:10:36 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\DAN&HAZ\APPDATA\ROAMING\MOVE NETWORKS
[2012/06/14 16:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 09:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/06 09:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/09/02 20:33:11 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/06/14 16:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 16:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dan&Haz\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dan&Haz\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dan&Haz\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Dan&Haz\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/04/24 22:58:30 | 000,001,211 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {167d9323-f7cc-48f5-948a-6f012831a69f} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {167d9323-f7cc-48f5-948a-6f012831a69f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {167D9323-F7CC-48F5-948A-6F012831A69F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Activities present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\CommandBar present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Safety present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23B426C6-C70E-496C-A233-C3EDF1AAAF0F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BA48B9C-0F22-4054-87C7-0B26160F250C}: DhcpNameServer = 10.133.20.11 10.132.20.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A803AA94-A281-44DE-AF03-CB672F190D85}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFF05F74-64FC-4A99-ABA8-F4F2807D7AEE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8013F12-6917-4F95-8E01-153C95705CDD}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{14cd676e-57ce-11e0-a925-485b393b4cb4}\Shell - "" = AutoRun
O33 - MountPoints2\{35e9ebfa-29cb-11e1-85e0-485b393b4cb4}\Shell - "" = AutoRun
O33 - MountPoints2\{35e9ebfa-29cb-11e1-85e0-485b393b4cb4}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Setup.exe
O33 - MountPoints2\{73b03aa7-d013-11e0-9e7e-485b393b4cb4}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nostromo Loadout Manager.lnk - C:\Windows\Installer\{548C7B77-8B04-427E-ACD0-D0E6E6E59BCF}\NewShortcut2_548C7B778B04427EACD0D0E6E6E59BCF.exe - (Macrovision Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^Dan&Haz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Dan&Haz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: amd_dc_opt - hkey= - key= - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: DNS7reminder - hkey= - key= - C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig:64bit - StartUpReg: NVIDIA nTune - hkey= - key= - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Turbo Key - hkey= - key= - C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe ()
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.pspgru - C:\Windows\SysWow64\PSPGRU.acm (Philips Austria GmbH - Speech Processing)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/07 12:02:40 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Dan&Haz\Desktop\OTL.exe
[2012/07/07 00:17:26 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/06 21:06:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/07/06 21:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/06 00:46:20 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/07/05 22:00:57 | 000,000,000 | ---D | C] -- C:\Users\Dan&Haz\AppData\Local\Razer
[2012/07/05 22:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2012/07/05 11:11:12 | 000,000,000 | ---D | C] -- C:\Users\Dan&Haz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/05 11:07:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/07/01 06:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/07/01 06:57:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/06/30 01:09:45 | 000,000,000 | ---D | C] -- C:\Users\Dan&Haz\AppData\Roaming\Skype
[2012/06/30 01:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/06/30 01:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/06/30 01:09:34 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/06/30 01:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/06/21 08:35:22 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/21 08:35:22 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/21 08:35:22 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/21 08:35:15 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/21 08:35:15 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/21 08:35:15 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/21 08:35:02 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/21 08:35:02 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/20 07:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/06/19 22:26:15 | 000,000,000 | ---D | C] -- C:\Users\Dan&Haz\AppData\Roaming\vlc
[2012/06/19 22:25:16 | 000,000,000 | ---D | C] -- C:\Users\Dan&Haz\AppData\Local\Ilivid Player
[2012/06/12 22:26:00 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/12 22:26:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/12 22:25:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/12 22:25:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/12 22:25:58 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/12 22:25:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/12 22:25:57 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/12 22:25:57 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/12 22:25:56 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/12 22:25:56 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/12 22:25:55 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/12 22:25:55 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/12 22:25:55 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/12 20:00:42 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/12 20:00:42 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/12 20:00:42 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/12 20:00:38 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/12 20:00:37 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/12 20:00:37 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/11 06:54:11 | 000,000,000 | ---D | C] -- C:\Users\Dan&Haz\AppData\Local\Macromedia
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/07 12:06:47 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/07 12:06:47 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/07 12:02:42 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Dan&Haz\Desktop\OTL.exe
[2012/07/07 11:59:33 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/07 11:59:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/07 11:59:15 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/06 21:17:23 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/06 21:15:04 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1357503399-807939844-3328423691-1000UA.job
[2012/07/06 21:07:20 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/06 21:07:00 | 000,889,758 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/06 21:07:00 | 000,728,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/06 21:07:00 | 000,147,498 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/06 20:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/06 20:44:54 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
[2012/07/06 20:44:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzdaendpt_01009.Wdf
[2012/07/06 11:15:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1357503399-807939844-3328423691-1000Core.job
[2012/07/06 11:13:01 | 004,873,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/06 00:41:14 | 000,140,832 | ---- | M] () -- C:\Windows\SysWow64\drivers\str.sys
[2012/07/05 10:45:31 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/05 10:45:31 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/05 10:08:23 | 000,113,152 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/01 12:46:48 | 000,876,274 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/25 21:03:47 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2012/06/08 22:22:01 | 002,735,362 | ---- | M] () -- C:\Users\Dan&Haz\Desktop\DSCI4866 (2).jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/06 21:07:02 | 000,001,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/06 20:44:54 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
[2012/07/06 20:44:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzdaendpt_01009.Wdf
[2012/07/06 00:41:06 | 000,140,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\str.sys
[2012/07/05 11:10:31 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1357503399-807939844-3328423691-1000UA.job
[2012/07/05 11:10:30 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1357503399-807939844-3328423691-1000Core.job
[2012/07/05 11:07:49 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/25 21:03:47 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/06/24 05:30:01 | 002,804,776 | ---- | C] () -- C:\Users\Dan&Haz\Desktop\DSCI1893 (3).jpg
[2012/06/24 04:42:39 | 002,473,120 | ---- | C] () -- C:\Users\Dan&Haz\Desktop\DSCI4897 (2).jpg
[2012/06/24 04:42:18 | 002,057,247 | ---- | C] () -- C:\Users\Dan&Haz\Desktop\DSCI4908 (2).jpg
[2012/06/24 04:41:14 | 002,735,362 | ---- | C] () -- C:\Users\Dan&Haz\Desktop\DSCI4866 (2).jpg
[2012/06/23 12:36:54 | 000,002,093 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 3.4.1 64-bit.lnk
[2011/12/29 13:37:26 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/12/18 18:35:28 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe
[2011/12/18 18:35:28 | 000,000,704 | ---- | C] () -- C:\Windows\InnoTipLanguage.ini
[2011/11/06 09:41:21 | 000,001,835 | ---- | C] () -- C:\Users\Dan&Haz\AppData\Roaming\SAS7_000.DAT
[2011/08/03 04:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/07/16 15:48:07 | 000,000,017 | ---- | C] () -- C:\Windows\clofghls.dll
[2011/07/16 15:21:24 | 000,000,052 | ---- | C] () -- C:\Windows\mafosav.INI
[2011/05/17 22:39:07 | 000,889,758 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/12 13:08:41 | 000,001,940 | ---- | C] () -- C:\Users\Dan&Haz\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/11 00:57:56 | 000,000,338 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2011/01/11 00:57:17 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2010/12/31 23:09:36 | 000,007,597 | ---- | C] () -- C:\Users\Dan&Haz\AppData\Local\Resmon.ResmonCfg
[2010/11/26 17:45:44 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2010/09/30 22:02:09 | 000,022,754 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/09/30 21:17:13 | 000,208,102 | ---- | C] () -- C:\Windows\hpoins43.dat
[2010/09/17 00:37:06 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/09/07 22:51:42 | 000,113,152 | ---- | C] () -- C:\Users\Dan&Haz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/31 03:04:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/31 02:59:54 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/08/31 02:59:54 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/08/31 02:59:51 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/08/31 02:59:51 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/08/31 02:52:14 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/08/31 02:52:08 | 000,033,011 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/14 16:20:49 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/14 16:20:49 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/14 16:20:49 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/06/14 16:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/06/14 16:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/14 16:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Dan&Haz\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/06/28 04:28:57 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Dan&Haz\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/06/28 04:28:57 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Dan&Haz\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/06/28 04:28:57 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Dan&Haz\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/06/28 04:28:57 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/05/12 23:45:56 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/05/12 23:45:56 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/05/12 23:45:56 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/05/17 17:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/05/17 17:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/06/14 16:20:49 | 000,867,072 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/06/14 16:20:49 | 000,867,072 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/06/14 16:20:49 | 000,867,072 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/06/14 16:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/06/14 16:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/06/14 16:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\DAN&HAZ\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/06/28 04:28:57 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\DAN&HAZ\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/06/28 04:28:57 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\DAN&HAZ\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/06/28 04:28:57 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\DAN&HAZ\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/06/28 04:28:57 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/05/12 23:45:56 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/05/12 23:45:56 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/05/12 23:45:56 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/05/17 17:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/05/17 17:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/07/06 00:41:14 | 000,140,832 | ---- | M] () -- C:\Windows\system32\drivers\str.sys

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2012/07/05 11:19:39 | 000,209,213 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists
[2012/07/05 11:32:12 | 000,002,089 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Local State
[2012/07/05 11:24:59 | 002,860,128 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom
[2012/07/05 11:25:00 | 000,818,287 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Filter 2
[2012/07/05 11:11:24 | 000,006,144 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies
[2012/07/05 11:11:24 | 000,001,544 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal
[2012/07/05 11:25:00 | 000,134,356 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Safe Browsing Csd Whitelist
[2012/07/05 11:24:59 | 001,536,712 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Safe Browsing Download
[2012/07/05 11:25:00 | 000,016,668 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Safe Browsing Download Whitelist
[2012/07/05 11:12:03 | 044,265,472 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Archived History
[2012/07/05 11:12:03 | 000,016,384 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Archived History-journal
[2012/07/05 11:11:16 | 000,000,757 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
[2012/07/05 11:11:16 | 000,000,757 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
[2012/07/05 11:32:32 | 000,020,480 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cookies
[2012/07/05 11:32:32 | 000,012,896 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
[2012/07/05 11:32:25 | 000,222,479 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Current Session
[2012/07/05 11:32:44 | 000,000,008 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
[2012/07/05 11:30:45 | 000,020,480 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Favicons
[2012/07/05 11:30:45 | 000,012,848 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
 
[2012/07/05 11:31:28 | 013,795,328 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\History
[2012/07/05 11:12:10 | 003,481,600 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-04
[2012/07/05 11:12:10 | 006,156,288 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-05
[2012/07/05 11:12:10 | 002,924,544 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-06
[2012/07/05 11:31:28 | 000,360,448 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-07
[2012/07/05 11:31:46 | 000,016,928 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-07-journal
[2012/07/05 11:30:25 | 000,324,101 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
[2012/07/05 11:31:46 | 000,016,928 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\History-journal
[2012/07/05 11:26:45 | 000,143,034 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Last Session
[2012/07/05 11:27:03 | 000,000,008 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
[2012/07/05 11:12:11 | 000,012,288 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Login Data
[2012/07/05 11:12:11 | 000,000,512 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
[2012/07/05 11:30:55 | 000,034,816 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
[2012/07/05 11:30:55 | 000,016,384 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal
[2012/07/05 11:32:05 | 000,038,580 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Preferences
[2012/06/30 01:09:58 | 000,000,000 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad
[2012/07/05 11:12:13 | 000,000,180 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\README
[2012/07/05 11:30:55 | 000,012,288 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
[2012/07/05 11:30:55 | 000,012,824 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal
[2012/07/05 11:21:40 | 000,036,864 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Top Sites
[2012/07/05 11:21:40 | 000,012,824 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
[2012/07/05 11:32:44 | 004,194,176 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Visited Links
[2012/07/05 11:30:25 | 000,075,776 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Web Data
[2012/07/05 11:30:25 | 000,014,904 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
[2012/07/05 11:32:44 | 000,045,056 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
[2012/07/05 11:32:44 | 000,532,480 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
[2012/07/05 11:32:44 | 003,153,920 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
[2012/07/05 11:32:44 | 004,202,496 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
[2012/07/05 11:12:12 | 000,021,956 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001
[2012/07/05 11:12:12 | 000,022,604 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000002
[2012/07/05 11:12:12 | 000,042,198 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003
[2012/07/05 11:12:28 | 000,017,112 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000004
[2012/07/05 11:12:28 | 000,037,816 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000005
[2012/07/05 11:12:28 | 000,018,159 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000006
[2012/07/05 11:12:28 | 000,193,407 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000007
[2012/07/05 11:13:59 | 000,024,135 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000008
[2012/07/05 11:13:59 | 000,152,787 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000009
[2012/07/05 11:14:00 | 000,028,693 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000a
[2012/07/05 11:14:00 | 000,016,899 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000b
[2012/07/05 11:14:04 | 000,018,964 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
[2012/07/05 11:14:04 | 000,062,797 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
[2012/07/05 11:14:04 | 000,032,032 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
[2012/07/05 11:14:04 | 000,209,429 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
[2012/07/05 11:14:11 | 000,037,824 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
[2012/07/05 11:14:11 | 000,018,966 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011
[2012/07/05 11:14:11 | 000,018,159 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012
[2012/07/05 11:14:11 | 000,209,429 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000013
[2012/07/05 11:14:16 | 000,441,089 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000014
[2012/07/05 11:14:26 | 000,024,728 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000015
[2012/07/05 11:14:26 | 000,020,608 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000016
[2012/07/05 11:14:26 | 000,030,703 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000017
[2012/07/05 11:14:26 | 000,020,232 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000018
[2012/07/05 11:14:26 | 000,035,818 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000019
[2012/07/05 11:14:26 | 000,022,118 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001a
[2012/07/05 11:14:26 | 000,042,897 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001b
[2012/07/05 11:14:28 | 000,031,554 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001c
[2012/07/05 11:14:28 | 000,037,474 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001d
[2012/07/05 11:14:35 | 000,118,765 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001e
[2012/07/05 11:14:36 | 000,706,081 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001f
[2012/07/05 11:14:37 | 000,016,951 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000020
[2012/07/05 11:14:37 | 000,072,173 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000022
[2012/07/05 11:14:37 | 000,018,508 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000023
[2012/07/05 11:14:37 | 000,059,657 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000024
[2012/07/05 11:14:38 | 000,051,910 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000025
[2012/07/05 11:14:38 | 000,105,224 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000026
[2012/07/05 11:14:38 | 000,047,753 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000027
[2012/07/05 11:14:38 | 000,019,863 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000028
[2012/07/05 11:14:38 | 000,024,209 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000029
[2012/07/05 11:14:38 | 000,032,103 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002a
[2012/07/05 11:14:39 | 000,032,075 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002b
[2012/07/05 11:14:39 | 000,050,003 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002c
[2012/07/05 11:14:39 | 000,018,147 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002d
[2012/07/05 11:14:39 | 000,054,992 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002e
[2012/07/05 11:14:40 | 000,017,759 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002f
[2012/07/05 11:14:43 | 002,041,208 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000030
[2012/07/05 11:14:43 | 000,029,497 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000031
[2012/07/05 11:14:43 | 000,021,457 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000032
[2012/07/05 11:14:44 | 000,640,308 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000033
[2012/07/05 11:14:44 | 000,610,408 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000034
[2012/07/05 11:15:22 | 000,086,949 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000035
[2012/07/05 11:15:23 | 000,189,833 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000036
[2012/07/05 11:15:52 | 000,053,170 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000037
[2012/07/05 11:16:52 | 000,017,318 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000038
[2012/07/05 11:16:52 | 000,024,605 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000039
[2012/07/05 11:16:52 | 000,025,801 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003a
[2012/07/05 11:16:52 | 000,017,541 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003b
[2012/07/05 11:16:52 | 000,020,227 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003c
[2012/07/05 11:16:53 | 000,064,847 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003d
[2012/07/05 11:16:53 | 000,016,645 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003e
[2012/07/05 11:16:53 | 000,018,796 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003f
[2012/07/05 11:16:58 | 000,047,961 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000040
[2012/07/05 11:16:58 | 000,034,795 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000041
[2012/07/05 11:16:58 | 000,063,007 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000042
[2012/07/05 11:16:58 | 000,098,879 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000043
[2012/07/05 11:16:58 | 000,195,085 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000044
[2012/07/05 11:18:32 | 000,092,039 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000045
[2012/07/05 11:18:33 | 000,045,237 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000046
[2012/07/05 11:18:50 | 002,343,547 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000047
[2012/07/05 11:19:29 | 000,452,709 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000048
[2012/07/05 11:21:50 | 000,225,019 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004a
[2012/07/05 11:22:29 | 000,017,934 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004b
[2012/07/05 11:22:29 | 000,077,766 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004c
[2012/07/05 11:23:32 | 000,029,355 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004d
[2012/07/05 11:24:32 | 000,017,934 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004e
[2012/07/05 11:25:02 | 000,016,738 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004f
[2012/07/05 11:25:13 | 000,043,175 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000050
[2012/07/05 11:25:25 | 000,582,087 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000051
[2012/07/05 11:25:26 | 000,036,510 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000052
[2012/07/05 11:25:27 | 000,037,367 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000053
[2012/07/05 11:25:27 | 000,021,459 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000054
[2012/07/05 11:25:27 | 000,021,267 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000055
[2012/07/05 11:25:32 | 000,034,662 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000056
[2012/07/05 11:30:36 | 000,044,496 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000057
[2012/07/05 11:30:37 | 000,029,194 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000058
[2012/07/05 11:30:37 | 000,019,903 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000059
[2012/07/05 11:30:37 | 000,034,754 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005a
[2012/07/05 11:30:37 | 000,024,251 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005b
[2012/07/05 11:30:37 | 000,056,352 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005c
[2012/07/05 11:30:40 | 000,399,553 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005d
[2012/07/05 11:30:57 | 000,018,766 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005e
[2012/07/05 11:31:19 | 000,022,330 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005f
[2012/07/05 11:31:21 | 000,029,384 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000060
[2012/07/05 11:31:23 | 000,025,267 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000061
[2012/07/05 11:32:02 | 000,017,934 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000062
[2012/07/05 11:11:24 | 000,524,656 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\index
[2012/07/05 11:12:12 | 000,003,524 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\128.png
[2012/07/05 11:12:12 | 000,000,745 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\manifest.json
[2012/07/05 11:12:12 | 000,000,401 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ar\messages.json
[2012/07/05 11:12:12 | 000,000,427 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\bg\messages.json
[2012/07/05 11:12:12 | 000,000,250 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ca\messages.json
[2012/07/05 11:12:12 | 000,000,255 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\cs\messages.json
[2012/07/05 11:12:12 | 000,000,242 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\da\messages.json
[2012/07/05 11:12:12 | 000,000,226 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\de\messages.json
[2012/07/05 11:12:12 | 000,000,475 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\el\messages.json
[2012/07/05 11:12:12 | 000,000,227 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\en\messages.json
[2012/07/05 11:12:12 | 000,000,240 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\es\messages.json
[2012/07/05 11:12:12 | 000,000,222 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\fi\messages.json
[2012/07/05 11:12:12 | 000,000,236 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\fil\messages.json
[2012/07/05 11:12:12 | 000,000,249 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\fr\messages.json
[2012/07/05 11:12:12 | 000,000,419 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\he\messages.json
[2012/07/05 11:12:12 | 000,000,408 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\hi\messages.json
[2012/07/05 11:12:12 | 000,000,220 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\hr\messages.json
[2012/07/05 11:12:12 | 000,000,253 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\hu\messages.json
[2012/07/05 11:12:12 | 000,000,231 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\id\messages.json
[2012/07/05 11:12:12 | 000,000,224 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\it\messages.json
[2012/07/05 11:12:12 | 000,000,349 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ja\messages.json
[2012/07/05 11:12:12 | 000,000,323 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ko\messages.json
[2012/07/05 11:12:12 | 000,000,266 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\lt\messages.json
[2012/07/05 11:12:12 | 000,000,245 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\lv\messages.json
[2012/07/05 11:12:12 | 000,000,225 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\nl\messages.json
[2012/07/05 11:12:11 | 000,000,216 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\no\messages.json
[2012/07/05 11:12:12 | 000,000,274 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\pl\messages.json
[2012/07/05 11:12:12 | 000,000,237 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\pt_BR\messages.json
[2012/07/05 11:12:12 | 000,000,236 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\pt_PT\messages.json
[2012/07/05 11:12:12 | 000,000,248 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ro\messages.json
[2012/07/05 11:12:12 | 000,000,394 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ru\messages.json
[2012/07/05 11:12:12 | 000,000,241 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sk\messages.json
[2012/07/05 11:12:12 | 000,000,245 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sl\messages.json
[2012/07/05 11:12:12 | 000,000,437 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sr\messages.json
[2012/07/05 11:12:12 | 000,000,238 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sv\messages.json
[2012/07/05 11:12:12 | 000,000,365 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\th\messages.json
[2012/07/05 11:12:12 | 000,000,255 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\tr\messages.json
[2012/07/05 11:12:12 | 000,000,442 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\uk\messages.json
[2012/07/05 11:12:12 | 000,000,310 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\vi\messages.json
[2012/07/05 11:12:12 | 000,000,257 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\zh_CN\messages.json
[2012/07/05 11:12:12 | 000,000,269 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\zh_TW\messages.json
[2012/07/05 11:12:12 | 000,005,369 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\128.png
[2012/07/05 11:12:12 | 000,000,496 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\16.png
[2012/07/05 11:12:12 | 000,001,143 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\32.png
[2012/07/05 11:12:12 | 000,001,858 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\48.png
[2012/07/05 11:12:12 | 000,000,790 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\manifest.json
[2012/07/05 11:12:12 | 000,000,423 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ar\messages.json
[2012/07/05 11:12:12 | 000,000,515 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\bg\messages.json
[2012/07/05 11:12:12 | 000,000,330 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ca\messages.json
[2012/07/05 11:12:12 | 000,000,355 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\cs\messages.json
[2012/07/05 11:12:12 | 000,000,328 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\da\messages.json
[2012/07/05 11:12:12 | 000,000,307 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\de\messages.json
[2012/07/05 11:12:12 | 000,000,569 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\el\messages.json
[2012/07/05 11:12:12 | 000,000,314 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en\messages.json
[2012/07/05 11:12:12 | 000,000,314 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_GB\messages.json
[2012/07/05 11:12:12 | 000,000,314 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_US\messages.json
[2012/07/05 11:12:12 | 000,000,340 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es\messages.json
[2012/07/05 11:12:12 | 000,000,341 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es_419\messages.json
[2012/07/05 11:12:12 | 000,000,314 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\et\messages.json
[2012/07/05 11:12:12 | 000,000,305 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fi\messages.json
[2012/07/05 11:12:12 | 000,000,337 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fil\messages.json
[2012/07/05 11:12:12 | 000,000,329 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fr\messages.json
[2012/07/05 11:12:12 | 000,000,471 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\he\messages.json
[2012/07/05 11:12:12 | 000,000,326 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hi\messages.json
[2012/07/05 11:12:12 | 000,000,340 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hr\messages.json
[2012/07/05 11:12:12 | 000,000,336 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hu\messages.json
[2012/07/05 11:12:12 | 000,000,319 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\id\messages.json
[2012/07/05 11:12:12 | 000,000,324 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\it\messages.json
[2012/07/05 11:12:12 | 000,000,388 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ja\messages.json
[2012/07/05 11:12:12 | 000,000,380 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ko\messages.json
[2012/07/05 11:12:12 | 000,000,359 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lt\messages.json
[2012/07/05 11:12:12 | 000,000,360 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lv\messages.json
[2012/07/05 11:12:12 | 000,000,323 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\nl\messages.json
[2012/07/05 11:12:11 | 000,000,300 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\no\messages.json
[2012/07/05 11:12:12 | 000,000,336 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pl\messages.json
[2012/07/05 11:12:12 | 000,000,332 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_BR\messages.json
[2012/07/05 11:12:12 | 000,000,331 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_PT\messages.json
[2012/07/05 11:12:12 | 000,000,332 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ro\messages.json
[2012/07/05 11:12:12 | 000,000,471 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ru\messages.json
[2012/07/05 11:12:12 | 000,000,338 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sk\messages.json
[2012/07/05 11:12:12 | 000,000,329 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sl\messages.json
[2012/07/05 11:12:12 | 000,000,483 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sr\messages.json
[2012/07/05 11:12:12 | 000,000,333 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sv\messages.json
[2012/07/05 11:12:12 | 000,000,472 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\th\messages.json
[2012/07/05 11:12:12 | 000,000,330 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\tr\messages.json
[2012/07/05 11:12:12 | 000,000,501 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\uk\messages.json
[2012/07/05 11:12:12 | 000,000,363 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\vi\messages.json
[2012/07/05 11:12:12 | 000,000,346 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_CN\messages.json
[2012/07/05 11:12:12 | 000,000,346 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_TW\messages.json
[2012/07/05 11:12:12 | 000,005,920 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\128.png
[2012/07/05 11:12:11 | 000,000,755 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\manifest.json
[2012/07/05 11:12:12 | 000,000,556 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ar\messages.json
[2012/07/05 11:12:12 | 000,000,492 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\bg\messages.json
[2012/07/05 11:12:12 | 000,000,262 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ca\messages.json
[2012/07/05 11:12:12 | 000,000,289 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\cs\messages.json
[2012/07/05 11:12:12 | 000,000,240 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\da\messages.json
[2012/07/05 11:12:12 | 000,000,239 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\de\messages.json
[2012/07/05 11:12:12 | 000,000,624 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\el\messages.json
[2012/07/05 11:12:12 | 000,000,215 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\en\messages.json
[2012/07/05 11:12:12 | 000,000,281 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\es\messages.json
[2012/07/05 11:12:12 | 000,000,284 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fi\messages.json
[2012/07/05 11:12:12 | 000,000,234 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fil\messages.json
[2012/07/05 11:12:12 | 000,000,272 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fr\messages.json
[2012/07/05 11:12:12 | 000,000,391 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hi\messages.json
[2012/07/05 11:12:12 | 000,000,246 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hr\messages.json
[2012/07/05 11:12:12 | 000,000,234 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hu\messages.json
[2012/07/05 11:12:12 | 000,000,242 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\id\messages.json
[2012/07/05 11:12:12 | 000,000,260 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\it\messages.json
[2012/07/05 11:12:12 | 000,000,364 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ja\messages.json
[2012/07/05 11:12:12 | 000,000,328 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ko\messages.json
[2012/07/05 11:12:12 | 000,000,269 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\lt\messages.json
[2012/07/05 11:12:12 | 000,000,262 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\lv\messages.json
[2012/07/05 11:12:12 | 000,000,232 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\nl\messages.json
[2012/07/05 11:12:11 | 000,000,210 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\no\messages.json
[2012/07/05 11:12:12 | 000,000,292 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\pl\messages.json
[2012/07/05 11:12:12 | 000,000,230 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\pt_BR\messages.json
[2012/07/05 11:12:12 | 000,000,231 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\pt_PT\messages.json
[2012/07/05 11:12:12 | 000,000,281 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ro\messages.json
[2012/07/05 11:12:12 | 000,000,482 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ru\messages.json
[2012/07/05 11:12:11 | 000,000,210 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\se\messages.json
[2012/07/05 11:12:12 | 000,000,238 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\sk\messages.json
[2012/07/05 11:12:12 | 000,000,249 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\sl\messages.json
[2012/07/05 11:12:12 | 000,000,511 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\sr\messages.json
[2012/07/05 11:12:12 | 000,000,471 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\th\messages.json
[2012/07/05 11:12:12 | 000,000,250 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\tr\messages.json
[2012/07/05 11:12:12 | 000,000,536 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\uk\messages.json
[2012/07/05 11:12:12 | 000,000,257 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\vi\messages.json
[2012/07/05 11:12:12 | 000,000,339 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\zh_CN\messages.json
[2012/07/05 11:12:12 | 000,000,321 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\zh_TW\messages.json
[4 C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp files -> C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp -> ]
[2 C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp files -> C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp -> ]
[2012/07/05 11:32:33 | 000,038,912 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_fb-zc1.cityville.zynga.com_0.localstorage
[2012/07/05 11:32:33 | 000,016,384 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_fb-zc1.cityville.zynga.com_0.localstorage-journal
[2012/07/05 11:12:11 | 000,000,000 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css
 
< %USERPROFILE%\AppData\Local\ /s >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %PROGRAMFILES%\*. >
[2011/07/01 09:11:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2011/07/10 22:50:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AMD
[2011/11/03 10:25:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2010/08/31 04:11:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ASUS
[2011/11/21 20:14:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Audio MP3 Editor
[2012/01/29 14:33:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Belkin
[2011/12/30 19:42:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bethesda Softworks
[2011/08/21 20:47:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BitTorrent
[2012/06/30 01:09:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2011/10/08 13:15:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
[2010/09/30 21:28:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Coupons
[2011/10/19 04:17:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012/01/28 20:02:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Electronic Arts
[2011/12/18 18:36:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Froyo_Android_Driver
[2012/05/30 20:03:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2010/09/30 21:28:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP
[2011/08/27 23:22:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Photo Creations
[2012/04/29 03:06:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HTML Help Workshop
[2012/04/29 03:11:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\IIS
[2012/03/09 08:48:43 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/06/13 02:04:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2012/06/07 11:20:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2012/07/01 06:57:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/05/23 23:55:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/01/13 15:59:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MFInstall
[2011/12/18 19:56:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2012/04/29 03:11:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft ASP.NET
[2012/04/29 03:08:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft F#
[2012/04/29 03:14:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SDKs
[2012/07/06 21:06:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Security Client
[2012/05/09 11:19:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/04/29 03:17:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server
[2012/04/29 03:14:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/09/04 01:11:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework
[2012/04/29 03:14:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012/04/29 03:13:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0
[2012/04/29 03:03:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2011/05/17 22:39:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft XNA
[2012/04/29 03:17:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2010/09/07 22:49:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Movie Maker 2.6
[2012/07/05 11:07:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2012/07/05 11:07:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/04/29 03:04:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2011/11/05 19:23:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nuance
[2002/01/01 02:24:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/05/22 12:03:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenOffice.org 3
[2012/06/07 10:44:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Oracle
[2011/11/03 10:26:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2012/07/06 20:44:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Razer
[2010/08/31 03:02:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2012/06/30 01:09:59 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2011/07/16 15:14:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\softendo.com
[2012/04/10 13:45:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\StarCraft II
[2012/07/05 23:07:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
[2010/09/05 16:23:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\support.com
[2010/08/31 03:03:28 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2011/11/12 10:30:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\The Elder Scrolls V Skyrim
[2009/07/13 22:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/08/31 02:53:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VIA
[2009/07/13 23:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/12/18 22:53:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2010/09/04 01:08:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live SkyDrive
[2011/06/28 10:28:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011/06/28 10:28:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2011/06/28 10:28:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2011/06/28 10:28:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2011/06/28 10:28:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar

< %appdata%\*.* >
[2011/11/19 07:27:00 | 000,001,835 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Roaming\SAS7_000.DAT

< MD5 for: AFD.SYS >
[2011/12/27 21:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/27 21:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/27 22:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2011/04/24 20:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009/07/13 17:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2011/12/27 22:01:12 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=CCA39961E76B491DDF44B1E90FC8971D -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
[2010/11/20 03:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/24 20:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/12/27 21:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
[2011/04/24 21:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011/04/24 20:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2010/11/20 07:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\SysNative\cryptsvc.dll
[2010/11/20 07:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2009/07/13 19:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009/07/13 19:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 06:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\SysWOW64\cryptsvc.dll
[2010/11/20 06:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2011/03/03 00:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\SysNative\dnsrslvr.dll
[2011/03/03 00:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsrslvr.dll
[2009/07/13 19:40:32 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=676108C4E3AA6F6B34633748BD0BEBD9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_3dd76e849c0a6a12\dnsrslvr.dll
[2011/03/03 00:17:10 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=85CF424C74A1D5EC33533E1DBFF9920A -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_3ddf452a9c04f6b8\dnsrslvr.dll
[2011/03/03 00:12:55 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=B2205BAEAE4C178ABEB1B149751FC2B9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsrslvr.dll
[2010/11/20 07:26:07 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=CD55F5355D8F55D44C9F4ED875705BD6 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsrslvr.dll
[2011/03/03 00:23:37 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=D8065FA366D28746EE3D75F08ED6B2FE -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_3eabc3f7b4f01eb1\dnsrslvr.dll

< MD5 for: ES.DLL >
[2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\SysNative\es.dll
[2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
[2012/06/28 04:27:57 | 000,008,216 | ---- | M] () MD5=8C4CBA187C451FAE0C9C1674B9C3AC39 -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\Application\20.0.1132.47\Locales\es.dll
[2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\SysWOW64\es.dll
[2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 00:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 00:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 00:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 00:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IPNATHLP.DLL >
[2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\SysNative\ipnathlp.dll
[2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\ipnathlp.dll

< MD5 for: NETBT.SYS >
[2010/11/20 03:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
[2010/11/20 03:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
[2009/07/13 17:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=9162B273A44AB9DCE5B44362731D062A -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_bc59ba0910f52e0c\netbt.sys

< MD5 for: NETMAN.DLL >
[2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\SysNative\netman.dll
[2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll

< MD5 for: QMGR.DLL >
[2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009/07/13 19:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: RPCSS.DLL >
[2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2009/07/13 19:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=7266972E86890E2B30C0C322E906B027 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=014A9CB92514E27C0107614DF764BC06 -- C:\FRST\Quarantine\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/24 23:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2011/09/29 11:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010/11/20 07:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2011/06/21 00:16:55 | 001,888,128 | ---- | M] (Microsoft Corporation) MD5=5279D4DD69C7C71524B8E7A5746D15CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys
[2010/06/14 00:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2012/03/30 04:19:17 | 001,877,872 | ---- | M] (Microsoft Corporation) MD5=5EFD096DEF47F8B88EF591DA92143440 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
[2011/04/24 23:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2012/03/30 05:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
[2012/03/30 04:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2010/06/14 00:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/13 19:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011/04/24 23:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011/06/21 00:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2011/09/29 10:17:51 | 001,886,064 | ---- | M] (Microsoft Corporation) MD5=AC3E29880DB5659532A1AA3439304A43 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[2012/03/30 05:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\SysNative\drivers\tcpip.sys
[2012/03/30 05:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2011/04/25 00:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011/06/21 00:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys
[2011/06/21 00:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2011/09/29 10:24:44 | 001,897,328 | ---- | M] (Microsoft Corporation) MD5=F18F56EFC0BFB9C87BA01C37B27F4DA5 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[2011/09/29 10:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: TDX.SYS >
[2009/07/13 17:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_4632b9f2f5c6af5e\tdx.sys
[2010/11/20 03:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SysNative\drivers\tdx.sys
[2010/11/20 03:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2010/11/20 07:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 07:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 07:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2009/07/13 19:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 19:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 19:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 19:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 19:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 01:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 00:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WMISVC.DLL >
[2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\SysNative\wbem\WMIsvc.dll
[2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7600.16385_none_fca7ad7710a22535\WMIsvc.dll
[2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_fed8c13f0d90a8cf\WMIsvc.dll

< MD5 for: WSCSVC.DLL >
[2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\SysNative\wscsvc.dll
[2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16385_none_76354f59cbc9dce8\wscsvc.dll
[2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_78666321c8b86082\wscsvc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A384652A

< End of report >



Man that was long.. Now the Extras.txt
 
OTL Extras logfile created on: 7/7/2012 12:03:36 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Dan&Haz\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 65.99% Memory free
8.00 Gb Paging File | 6.47 Gb Available in Paging File | 80.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 50.86 Gb Free Space | 17.07% Space Free | Partition Type: NTFS

Computer Name: DANHAZ-PC | User Name: Dan&Haz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5D068141-189F-39E2-A052-E40D4B561256}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{8BBA6F77-4A79-4E90-BD82-E24669ACF221}" = Adobe Photoshop Lightroom 3.4.1 64-bit
"{8DF9D3DF-6D03-A04F-217F-F2577D973DBE}" = ATI Catalyst Install Manager
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 280.26
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.1107
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D2D77DC2-8299-11D1-8949-444553540000}_is1" = ZTE Handset USB Driver 5.2066.1.8
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3356EDC7-9373-4D5D-852D-9AB7DBB5A7FC}" = GPU NOS
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B0CFB08-515C-4AD4-89DF-997BF8545622}" = Nuance Voice Recorder
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{548C7B77-8B04-427E-ACD0-D0E6E6E59BCF}" = Nostromo
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AE249BA3-2421-3996-5E9A-DF4A9F3551FC}" = Catalyst Control Center InstallProxy
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B83F7FA5-3191-4E39-A1F2-8A9038BD0B04}" = Turbo Key
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{EB0F4554-AD4F-4C8C-9764-66AC2CF8D184}" = AMD OverDrive
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Android USB Driver_is1" = Android USB Driver
"Audio MP3 Editor_is1" = Audio MP3 Editor 5.40
"BitTorrent" = BitTorrent
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DAEMON Tools Lite" = DAEMON Tools Lite
"Family Tree Builder" = MyHeritage Family Tree Builder
"HP Photo Creations" = HP Photo Creations
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
"Rage_is1" = Rage
"StarCraft II" = StarCraft II
"Steam App 105600" = Terraria
"Steam App 109400" = MicroVolts
"Steam App 209870" = Blacklight: Retribution
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 280" = Half-Life: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 400" = Portal
"Steam App 440" = Team Fortress 2
"Steam App 8400" = Geometry Wars: Retro Evolved
"WhiteSmoke_Bar Toolbar" = WhiteSmoke Bar Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/28/2012 6:34:01 AM | Computer Name = DanHaz-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 3/28/2012 6:35:02 AM | Computer Name = DanHaz-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 3/29/2012 4:56:12 PM | Computer Name = DanHaz-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 3/29/2012 4:57:52 PM | Computer Name = DanHaz-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 3/30/2012 7:37:35 AM | Computer Name = DanHaz-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 3/30/2012 7:39:15 AM | Computer Name = DanHaz-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 3/31/2012 8:05:15 AM | Computer Name = DanHaz-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 3/31/2012 8:06:53 AM | Computer Name = DanHaz-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 4/1/2012 2:31:58 AM | Computer Name = DanHaz-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 4/1/2012 2:33:39 AM | Computer Name = DanHaz-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 10/23/2010 7:28:01 PM | Computer Name = DanHaz-PC | Source = MCUpdate | ID = 0
Description = 5:28:00 PM - Failed to retrieve Broadband-2.enc (Error: BITS 0x80080005)


Error - 11/29/2010 2:03:44 AM | Computer Name = DanHaz-PC | Source = MCUpdate | ID = 0
Description = 11:03:39 PM - Error connecting to the internet. 11:03:39 PM - Unable
to contact server..

Error - 11/29/2010 3:03:50 AM | Computer Name = DanHaz-PC | Source = MCUpdate | ID = 0
Description = 12:03:49 AM - Error connecting to the internet. 12:03:49 AM - Unable
to contact server..

Error - 12/2/2010 4:01:07 AM | Computer Name = DanHaz-PC | Source = MCUpdate | ID = 0
Description = 1:00:59 AM - Error connecting to the internet. 1:00:59 AM - Unable
to contact server..

Error - 12/2/2010 7:44:40 PM | Computer Name = DanHaz-PC | Source = MCUpdate | ID = 0
Description = 4:44:38 PM - Error connecting to the internet. 4:44:40 PM - Unable
to contact server..

Error - 1/12/2011 2:16:21 PM | Computer Name = DanHaz-PC | Source = MCUpdate | ID = 0
Description = 11:16:20 AM - Error connecting to the internet. 11:16:21 AM - Unable
to contact server..

Error - 1/12/2011 2:16:31 PM | Computer Name = DanHaz-PC | Source = MCUpdate | ID = 0
Description = 11:16:26 AM - Error connecting to the internet. 11:16:26 AM - Unable
to contact server..

Error - 6/6/2011 3:04:55 AM | Computer Name = DanHaz-PC | Source = MCUpdate | ID = 0
Description = 1:04:55 AM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 6/17/2011 2:37:20 AM | Computer Name = DanHaz-PC | Source = MCUpdate | ID = 0
Description = 12:37:15 AM - Error connecting to the internet. 12:37:15 AM - Unable
to contact server..

Error - 7/21/2011 11:54:09 AM | Computer Name = DanHaz-PC | Source = MCUpdate | ID = 0
Description = 9:54:09 AM - Error connecting to the internet. 9:54:09 AM - Unable
to contact server..

[ System Events ]
Error - 7/6/2012 11:48:07 PM | Computer Name = DanHaz-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 7/6/2012 11:48:09 PM | Computer Name = DanHaz-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 7/7/2012 12:07:45 AM | Computer Name = DanHaz-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 7/7/2012 12:07:47 AM | Computer Name = DanHaz-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 7/7/2012 12:07:48 AM | Computer Name = DanHaz-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 7/7/2012 1:59:31 PM | Computer Name = DanHaz-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 7/7/2012 1:59:33 PM | Computer Name = DanHaz-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 7/7/2012 1:59:34 PM | Computer Name = DanHaz-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 7/7/2012 1:59:54 PM | Computer Name = DanHaz-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 7/7/2012 1:59:54 PM | Computer Name = DanHaz-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891


< End of report >
 
Hi again!

OTL FIXES

Warning: this OTL fix has active links. Please do not click on the links below, or your computer might become infected immediately!

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :OTL
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
    IE - HKLM\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - No CLSID value found
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3007394
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{sear...00842&mntrId=ea9625c600000000000000259cf4b638
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3007394
    FF - prefs.js..browser.search.defaultenginename: "Search Results"
    FF - prefs.js..browser.search.defaultthis.engineName: " "
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Search Results"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=390&systemid=406&sr=0&q="
    [2011/08/16 10:06:22 | 000,000,863 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Roaming\Mozilla\Firefox\Profiles\freq8eoz.default\searchplugins\conduit.xml
    [2012/06/19 22:23:52 | 000,002,519 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Roaming\Mozilla\Firefox\Profiles\freq8eoz.default\searchplugins\Search_Results.xml
    O2 - BHO: (no name) - {167d9323-f7cc-48f5-948a-6f012831a69f} - No CLSID value found.
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll File not found
    O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {167d9323-f7cc-48f5-948a-6f012831a69f} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {167D9323-F7CC-48F5-948A-6F012831A69F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
    O33 - MountPoints2\{14cd676e-57ce-11e0-a925-485b393b4cb4}\Shell - "" = AutoRun
    O33 - MountPoints2\{35e9ebfa-29cb-11e1-85e0-485b393b4cb4}\Shell - "" = AutoRun
    O33 - MountPoints2\{35e9ebfa-29cb-11e1-85e0-485b393b4cb4}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Setup.exe
    O33 - MountPoints2\{73b03aa7-d013-11e0-9e7e-485b393b4cb4}\Shell - "" = AutoRun
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:0FF263E8
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A384652A

    :commands
    [emptytemp]
    [reboot]
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

ComboFix

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.
 
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{167d9323-f7cc-48f5-948a-6f012831a69f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{167d9323-f7cc-48f5-948a-6f012831a69f}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "Search Results" removed from browser.search.defaultenginename
Prefs.js: " " removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search Results" removed from browser.search.order.1
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: searchtoolbar@zugo.com:1.2 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: "http://dts.search-results.com/sr?src=ffb&appid=390&systemid=406&sr=0&q=" removed from keyword.URL
C:\Users\Dan&Haz\AppData\Roaming\Mozilla\Firefox\Profiles\freq8eoz.default\searchplugins\conduit.xml moved successfully.
C:\Users\Dan&Haz\AppData\Roaming\Mozilla\Firefox\Profiles\freq8eoz.default\searchplugins\Search_Results.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{167d9323-f7cc-48f5-948a-6f012831a69f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{167d9323-f7cc-48f5-948a-6f012831a69f}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{167d9323-f7cc-48f5-948a-6f012831a69f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{167d9323-f7cc-48f5-948a-6f012831a69f}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{167D9323-F7CC-48F5-948A-6F012831A69F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{167D9323-F7CC-48F5-948A-6F012831A69F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14cd676e-57ce-11e0-a925-485b393b4cb4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14cd676e-57ce-11e0-a925-485b393b4cb4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35e9ebfa-29cb-11e1-85e0-485b393b4cb4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35e9ebfa-29cb-11e1-85e0-485b393b4cb4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35e9ebfa-29cb-11e1-85e0-485b393b4cb4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35e9ebfa-29cb-11e1-85e0-485b393b4cb4}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73b03aa7-d013-11e0-9e7e-485b393b4cb4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73b03aa7-d013-11e0-9e7e-485b393b4cb4}\ not found.
ADS C:\ProgramData\TEMP:0FF263E8 deleted successfully.
ADS C:\ProgramData\TEMP:A384652A deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dan&Haz
->Temp folder emptied: 576198877 bytes
->Temporary Internet Files folder emptied: 178718648 bytes
->Java cache emptied: 2212539 bytes
->FireFox cache emptied: 53417800 bytes
->Google Chrome cache emptied: 20930694 bytes
->Flash cache emptied: 554478743 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: TEMP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 363303001 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 57071644 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,723.00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07072012_151832

Files\Folders moved on Reboot...
C:\Users\Dan&Haz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Dan&Haz\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...


Combo fix coming up.
 
ComboFix 12-07-07.04 - Dan&Haz 07/07/2012 15:32:10.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2175 [GMT -6:00]
Running from: c:\users\Dan&Haz\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\drivers\str.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 )))))))))))))))))))))))))))))))
.
.
2012-07-07 21:39 . 2012-07-07 21:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-07 21:18 . 2012-07-07 21:18 -------- d-----w- C:\_OTL
2012-07-07 06:17 . 2012-07-07 06:17 -------- d-----w- C:\FRST
2012-07-07 03:06 . 2012-07-07 03:06 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-07 03:06 . 2012-07-07 03:07 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-06 06:46 . 2012-07-06 06:46 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-06 04:00 . 2012-07-06 04:00 -------- d-----w- c:\users\Dan&Haz\AppData\Local\Razer
2012-07-06 04:00 . 2012-07-06 04:00 -------- d-----w- c:\programdata\Razer
2012-07-01 12:57 . 2012-07-01 12:57 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-06-30 07:09 . 2012-07-05 02:08 -------- d-----w- c:\users\Dan&Haz\AppData\Roaming\Skype
2012-06-30 07:09 . 2012-06-30 07:09 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-06-30 07:09 . 2012-06-30 07:09 -------- d-----r- c:\program files (x86)\Skype
2012-06-30 07:09 . 2012-06-30 07:10 -------- d-----w- c:\programdata\Skype
2012-06-21 14:35 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 14:35 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 14:35 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 14:35 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 14:35 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 14:35 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 14:35 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 14:35 . 2012-06-02 21:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 14:35 . 2012-06-02 21:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 13:45 . 2012-06-20 13:45 -------- d-----w- c:\programdata\boost_interprocess
2012-06-20 04:26 . 2012-06-20 04:27 -------- d-----w- c:\users\Dan&Haz\AppData\Roaming\vlc
2012-06-20 04:25 . 2012-06-20 04:25 -------- d-----w- c:\users\Dan&Haz\AppData\Local\Ilivid Player
2012-06-19 23:35 . 2012-06-19 23:35 4967624 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-13 04:26 . 2012-05-18 01:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-13 04:26 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-13 02:00 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 02:00 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 02:00 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 02:00 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 02:00 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 02:00 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 02:00 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 02:00 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-11 12:54 . 2012-06-11 12:54 -------- d-----w- c:\users\Dan&Haz\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-07 21:40 . 2012-07-07 21:40 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F30A1DE-53D1-4C2B-9296-020F6D90CEBF}\offreg.dll
2012-07-05 16:45 . 2012-04-15 12:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-05 16:45 . 2011-05-18 16:59 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-18 09:12 . 2012-07-07 03:08 9013136 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F30A1DE-53D1-4C2B-9296-020F6D90CEBF}\mpengine.dll
2012-06-07 17:33 . 2012-06-07 17:07 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-07 17:33 . 2012-06-07 17:07 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-15 02:50 . 2012-05-15 02:50 20992 ----a-w- c:\windows\system32\drivers\rzvkeyboard.sys
2012-05-15 02:50 . 2012-05-15 02:50 94208 ----a-w- c:\windows\system32\drivers\rzudd.sys
2012-05-15 02:36 . 2012-05-15 02:36 142848 ----a-w- c:\windows\SysWow64\rztouchdll.dll
2012-05-15 02:36 . 2012-05-15 02:36 354816 ----a-w- c:\windows\SysWow64\rzdevicedll.dll
2012-05-15 02:36 . 2012-05-15 02:36 165888 ----a-w- c:\windows\SysWow64\rzaudiodll.dll
2012-05-13 05:45 . 2012-05-13 05:45 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-05-13 05:45 . 2012-05-13 05:45 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-05-13 05:45 . 2012-05-13 05:45 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-05-13 05:45 . 2012-05-13 05:45 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-05-13 05:45 . 2012-05-13 05:45 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-05-13 05:45 . 2012-05-13 05:45 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-05-13 05:45 . 2012-05-13 05:45 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-05-13 05:45 . 2012-05-13 05:45 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-05-13 05:45 . 2012-05-13 05:45 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-05-13 05:45 . 2012-05-13 05:45 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-05-13 05:45 . 2012-05-13 05:45 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-05-13 05:45 . 2012-05-13 05:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-05-13 05:45 . 2012-05-13 05:45 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-05-13 05:45 . 2012-05-13 05:45 448512 ----a-w- c:\windows\system32\html.iec
2012-05-13 05:45 . 2012-05-13 05:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-05-13 05:45 . 2012-05-13 05:45 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-05-13 05:45 . 2012-05-13 05:45 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-05-13 05:45 . 2012-05-13 05:45 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-13 05:45 . 2012-05-13 05:45 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-05-13 05:45 . 2012-05-13 05:45 222208 ----a-w- c:\windows\system32\msls31.dll
2012-05-13 05:45 . 2012-05-13 05:45 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-05-13 05:45 . 2012-05-13 05:45 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-05-13 05:45 . 2012-05-13 05:45 160256 ----a-w- c:\windows\system32\wextract.exe
2012-05-13 05:45 . 2012-05-13 05:45 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-05-13 05:45 . 2012-05-13 05:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-05-13 05:45 . 2012-05-13 05:45 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-05-13 05:45 . 2012-05-13 05:45 12288 ----a-w- c:\windows\system32\mshta.exe
2012-05-13 05:45 . 2012-05-13 05:45 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-05-13 05:45 . 2012-05-13 05:45 114176 ----a-w- c:\windows\system32\admparse.dll
2012-05-13 05:45 . 2012-05-13 05:45 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-13 05:45 . 2012-05-13 05:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-05-13 05:45 . 2012-05-13 05:45 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-05-08 02:46 . 2012-05-08 02:46 7168 ----a-w- c:\windows\system32\drivers\rzkbdhid.sys
2012-05-08 02:46 . 2012-05-08 02:46 26112 ----a-w- c:\windows\system32\drivers\rzdaendpt.sys
2012-04-30 09:13 . 2012-04-29 09:10 2377696 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-02-10 2770432]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2012-01-14 248832]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-05-30 313768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05 250056]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-24 7883264]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-24 285696]
R3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2007-08-14 35328]
R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2010-03-23 12032]
R3 Generalusbserialser20675;USB Legacy Serial Communication 20675;c:\windows\system32\DRIVERS\CT_U_USBSER.sys [2011-05-10 122368]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 136176]
R3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2010-10-20 11776]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [2006-11-29 43328]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [2006-11-29 41280]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-04 1255736]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111vx.sys [x]
R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2009-04-22 124256]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-19 270912]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-24 203264]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-14 249648]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S2 UDisk Monitor;UDisk Monitor;c:\program files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [2011-05-12 512000]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 netr28ux;Ralink RT2870 Chipset Family Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2011-09-09 1660480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 rzdaendpt;%rzdaendpt.SvcDesc%;c:\windows\system32\DRIVERS\rzdaendpt.sys [2012-05-08 26112]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [2012-05-15 94208]
S3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys [2012-05-15 20992]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-01-12 1290752]
S3 VKbms;Razer Gaming Device;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 16:45]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 17:00]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 17:00]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1357503399-807939844-3328423691-1000Core.job
- c:\users\Dan&Haz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-05 17:10]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1357503399-807939844-3328423691-1000UA.job
- c:\users\Dan&Haz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-05 17:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?PC=BNHP
uLocal Page = c:\windows\system32\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Dan&Haz\AppData\Roaming\Mozilla\Firefox\Profiles\freq8eoz.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
c:\program files (x86)\Razer\DeathAdder\razerofa.exe
c:\program files (x86)\Razer\DeathAdder\vdDaemon.exe
.
**************************************************************************
.
Completion time: 2012-07-07 15:46:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-07 21:46
.
Pre-Run: 55,685,267,456 bytes free
Post-Run: 55,271,481,344 bytes free
.
- - End Of File - - B6326A20E7B7B8BA62E07A409B0B979A
 
Scan with Malwarebytes' Anti-Malware

Please open Malwarebytes' Anti-Malware, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
 
Sorry about the delay I've been procrastinating the 2 hour scan.




Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.08.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dan&Haz :: DANHAZ-PC [administrator]

Protection: Disabled

7/8/2012 3:24:00 PM
mbam-log-2012-07-08 (15-24-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220157
Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e783863f17f3c247b7e8ea16451c4226
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-11 10:36:10
# local_time=2012-07-11 04:36:10 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 11824551 93582938 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=270696
# found=2
# cleaned=2
# scan_time=6682
C:\Users\Dan&Haz\Downloads\Fleetwood_Mac_-_Rumours[1977]_Pa_La_Raza.rar_downloader.exe Win32/InstallCore.K application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Dan&Haz\Downloads\Fleetwood_MAc_-_Rumours_(DTS-CD).rar_downloader.exe Win32/InstallCore.K application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
 
Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death
 
Computer is running great, had to uninstall and reinstall MS security essentials as it got corrupted. Windows firewall is active so all should be good. I really appreciate your help.
 
Great to hear...and you're welcome. Semi-last steps here...

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name I.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive I.e. C
  • For a few moments the system will make some calculations:
    diskcleanup1.png
  • Select the More Options tab
    moreoptions.png
  • In the System Restore and Shadow Backups select Clean up
    moreoptions2.png
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Tell me in your next reply, if you have completed these tasks:
  • Cleaned System Restore
  • Ran OTC
  • Ran TFC
  • Ran Security Check
Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.
 
Hello. Are you still with us?

Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

Thanks.
 
Back