TechSpot

Need help with Trojan:win64/sirefef.w

By DannyA
Jul 7, 2012
  1. Like the other poster who was infected with this virus my computer auto restarts after boot even in safe mode.

    W7 Home Premium 64bit

    Posting FRST log.
     
  2. DannyA

    DannyA TS Rookie Topic Starter

    Scan result of Farbar Recovery Scan Tool Version: 07-07-2012 02
    Ran by SYSTEM at 06-07-2012 22:17:31
    Running from F:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2770432 2010-02-10] (VIA)
    HKLM-x32\...\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [248832 2012-01-14] ()
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" [313768 2012-05-29] (Razer USA Ltd)
    HKU\Dan&Haz\...\Run: [Google Update] "C:\Users\Dan&Haz\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-05] (Google Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    AppInit_DLLs:

    ==================== Services (Whitelisted) ======

    4 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [124256 2009-04-22] ()
    2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04-01] ()
    2 DragonSvc; C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [296808 2010-07-23] (Nuance Communications, Inc.)
    2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-06-27] (LogMeIn Inc.)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    2 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [57617752 2009-03-30] (Microsoft Corporation)
    4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
    2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe /StartService [222208 2008-08-18] (NVIDIA)
    4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -I SQLEXPRESS [427880 2009-03-30] (Microsoft Corporation)
    2 UDisk Monitor; C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [512000 2011-05-12] ()
    2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe /StartService [158208 2008-08-01] (NVIDIA)

    ========================== Drivers (Whitelisted) =============

    1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13368 2009-04-05] ()
    3 bcgame; C:\Windows\System32\Drivers\bcgame.sys [35328 2007-08-14] (Belkin Corporation)
    2 cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x64.sys [21480 2010-07-09] (Windows (R) Win 7 DDK provider)
    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [270912 2011-10-19] (DT Soft Ltd)
    3 Generalusbserialser20675; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [122368 2011-05-09] (Incorporated)
    3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
    3 massfilter_hs; C:\Windows\System32\Drivers\massfilter_hs.sys [11776 2010-10-20] (HandSet Incorporated)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
    3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
    3 netr28ux; C:\Windows\System32\Drivers\netr28ux.sys [1660480 2011-09-09] (Ralink Technology Corp.)
    3 NVR0Dev; \??\C:\Windows\nvoclk64.sys [40480 2008-08-18] (NVidia Corp.)
    2 NVR0FLASHDev; \??\C:\Windows\nvflsh64.sys [40480 2008-08-01] (NVidia Corp.)
    3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
    3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
    3 rzdaendpt; C:\Windows\System32\Drivers\rzdaendpt.sys [26112 2012-05-07] (Razer USA Ltd)
    3 rzvkeyboard; C:\Windows\System32\Drivers\rzvkeyboard.sys [20992 2012-05-14] (Razer USA Ltd)
    3 WPN111; C:\Windows\System32\DRIVERS\WPN111vx.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-06 19:46 - 2012-07-06 19:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28CD3126AC90F66D
    2012-07-06 19:40 - 2012-07-06 19:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3220167DB9834ECF
    2012-07-06 19:37 - 2012-07-06 19:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0EC778CA7C0F9938
    2012-07-06 19:34 - 2012-07-06 19:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.54B800A5BF41515A
    2012-07-06 19:31 - 2012-07-06 19:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A45F5576FD5DD3FA
    2012-07-06 19:28 - 2012-07-06 19:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ED4FFE12C66D94B8
    2012-07-06 19:23 - 2012-07-06 19:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F115BF7CA0A5820D
    2012-07-06 19:21 - 2012-07-06 19:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8768063590A183EB
    2012-07-06 19:18 - 2012-07-06 19:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.47EFC44464B42130
    2012-07-06 19:15 - 2012-07-06 19:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ABBAD16F98675739
    2012-07-06 19:12 - 2012-07-06 19:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.339A7B72E145642A
    2012-07-06 19:06 - 2012-07-06 19:07 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-07-06 19:06 - 2012-07-06 19:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-07-06 19:03 - 2012-07-06 19:03 - 12621696 ____A (Microsoft Corporation) C:\Users\Dan&Haz\Downloads\mseinstall.exe
    2012-07-06 18:44 - 2012-07-06 18:44 - 00000087 ____A C:\users\setup.log
    2012-07-06 18:44 - 2012-07-06 18:44 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_rzudd_01009.Wdf
    2012-07-06 18:44 - 2012-07-06 18:44 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_rzdaendpt_01009.Wdf
    2012-07-05 22:46 - 2012-07-05 22:46 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-07-05 22:41 - 2012-07-05 22:41 - 00140832 ____A C:\Windows\SysWOW64\Drivers\str.sys
    2012-07-05 20:00 - 2012-07-05 20:00 - 08571656 ____A (Razer USA Ltd.) C:\Users\Dan&Haz\Downloads\Razer_Synapse2_v1.02.16.exe
    2012-07-05 20:00 - 2012-07-05 20:00 - 00000000 ____D C:\Users\Dan&Haz\AppData\Local\Razer
    2012-07-05 20:00 - 2012-07-05 20:00 - 00000000 ____D C:\Users\All Users\Razer
    2012-07-05 09:10 - 2012-07-06 19:15 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1357503399-807939844-3328423691-1000UA.job
    2012-07-05 09:10 - 2012-07-06 09:15 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1357503399-807939844-3328423691-1000Core.job
    2012-07-05 09:10 - 2012-07-05 09:10 - 00739824 ____A (Google Inc.) C:\Users\Dan&Haz\Downloads\ChromeSetup.exe
    2012-07-05 09:07 - 2012-07-05 09:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-07-01 04:57 - 2012-07-01 04:57 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
    2012-06-29 23:09 - 2012-07-04 18:08 - 00000000 ____D C:\Users\Dan&Haz\AppData\Roaming\Skype
    2012-06-29 23:09 - 2012-06-29 23:10 - 00000000 ____D C:\Users\All Users\Skype
    2012-06-29 23:09 - 2012-06-29 23:09 - 00000000 ___RD C:\Program Files (x86)\Skype
    2012-06-29 23:08 - 2012-06-29 23:08 - 00946352 ____A (Skype Technologies S.A.) C:\Users\Dan&Haz\Downloads\SkypeSetup.exe
    2012-06-25 19:03 - 2012-06-25 19:03 - 00000193 ____A C:\Windows\WORDPAD.INI
    2012-06-21 06:35 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-21 06:35 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-21 06:35 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-21 06:35 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-21 06:35 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-21 06:35 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-21 06:35 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-21 06:35 - 2012-06-02 13:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-21 06:35 - 2012-06-02 13:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-20 05:45 - 2012-06-20 05:45 - 00000000 ____D C:\Users\All Users\boost_interprocess
    2012-06-19 20:26 - 2012-06-19 20:27 - 00000000 ____D C:\Users\Dan&Haz\AppData\Roaming\vlc
    2012-06-19 20:25 - 2012-06-19 20:25 - 00000000 ____D C:\Users\Dan&Haz\AppData\Local\Ilivid Player
    2012-06-19 20:23 - 2012-06-19 20:23 - 00516136 ____A (Bandoo Media Inc) C:\Users\Dan&Haz\Downloads\iLividSetupV1.exe
    2012-06-19 20:16 - 2012-06-19 20:16 - 01058312 ____A C:\Users\Dan&Haz\Downloads\Fleetwood_MAc_-_Rumours_(DTS-CD).rar_downloader.exe
    2012-06-19 20:16 - 2012-06-19 20:16 - 01058312 ____A C:\Users\Dan&Haz\Downloads\Fleetwood_Mac_-_Rumours[1977]_Pa_La_Raza.rar_downloader.exe
    2012-06-12 20:26 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-12 20:26 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-12 20:26 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-12 20:26 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-12 20:25 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-12 20:25 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-12 20:25 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-12 20:25 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-12 20:25 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-12 20:25 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-12 20:25 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-12 20:25 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-12 20:25 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-12 20:25 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-12 20:25 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-12 20:25 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-12 20:25 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-12 20:25 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-12 20:25 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-12 20:25 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-12 20:25 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-12 20:25 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-12 20:25 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-12 20:25 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-12 20:25 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-12 20:25 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-12 20:25 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-12 20:25 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-12 18:00 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-12 18:00 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-12 18:00 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-12 18:00 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-12 18:00 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-12 18:00 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-12 18:00 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-12 18:00 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-11 04:54 - 2012-06-11 04:54 - 00000000 ____D C:\Users\Dan&Haz\AppData\Local\Macromedia
    2012-06-07 09:33 - 2012-06-07 09:33 - 00268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2012-06-07 09:33 - 2012-06-07 09:33 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-06-07 09:33 - 2012-06-07 09:33 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-06-07 09:33 - 2012-06-07 09:33 - 00000000 ____D C:\Program Files\Java
    2012-06-07 09:30 - 2012-06-07 09:30 - 21865936 ____A (Oracle Corporation) C:\Users\Dan&Haz\Downloads\jre-7u4-windows-x64 (1).exe
    2012-06-07 09:20 - 2012-04-04 16:47 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-06-07 09:07 - 2012-06-07 09:33 - 00955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2012-06-07 09:07 - 2012-06-07 09:33 - 00839112 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2012-06-07 09:07 - 2012-06-07 09:07 - 21865936 ____A (Oracle Corporation) C:\Users\Dan&Haz\Downloads\jre-7u4-windows-x64.exe
    2012-06-07 08:44 - 2012-06-07 08:44 - 00000000 ____D C:\Program Files (x86)\Oracle
    2012-06-07 08:43 - 2012-04-04 16:47 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll


    ============ 3 Months Modified Files ========================

    2012-07-06 20:07 - 2011-05-18 09:01 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-06 20:07 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-06 20:07 - 2009-07-13 20:51 - 02205595 ____A C:\Windows\setupact.log
    2012-07-06 19:46 - 2012-07-06 19:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28CD3126AC90F66D
    2012-07-06 19:40 - 2012-07-06 19:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3220167DB9834ECF
    2012-07-06 19:37 - 2012-07-06 19:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0EC778CA7C0F9938
    2012-07-06 19:34 - 2012-07-06 19:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.54B800A5BF41515A
    2012-07-06 19:31 - 2012-07-06 19:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A45F5576FD5DD3FA
    2012-07-06 19:28 - 2012-07-06 19:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ED4FFE12C66D94B8
    2012-07-06 19:23 - 2012-07-06 19:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F115BF7CA0A5820D
    2012-07-06 19:21 - 2012-07-06 19:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8768063590A183EB
    2012-07-06 19:18 - 2012-07-06 19:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.47EFC44464B42130
    2012-07-06 19:17 - 2011-05-18 09:01 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-06 19:15 - 2012-07-06 19:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ABBAD16F98675739
    2012-07-06 19:15 - 2012-07-05 09:10 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1357503399-807939844-3328423691-1000UA.job
    2012-07-06 19:12 - 2012-07-06 19:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.339A7B72E145642A
    2012-07-06 19:08 - 2010-08-31 00:33 - 02075920 ____A C:\Windows\WindowsUpdate.log
    2012-07-06 19:07 - 2012-02-15 17:43 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-07-06 19:07 - 2011-05-17 20:39 - 00889758 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-06 19:03 - 2012-07-06 19:03 - 12621696 ____A (Microsoft Corporation) C:\Users\Dan&Haz\Downloads\mseinstall.exe
    2012-07-06 18:59 - 2012-04-15 04:53 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-06 18:53 - 2009-07-13 20:45 - 00015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-06 18:53 - 2009-07-13 20:45 - 00015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-06 18:44 - 2012-07-06 18:44 - 00000087 ____A C:\users\setup.log
    2012-07-06 18:44 - 2012-07-06 18:44 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_rzudd_01009.Wdf
    2012-07-06 18:44 - 2012-07-06 18:44 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_rzdaendpt_01009.Wdf
    2012-07-06 18:44 - 2011-03-28 20:31 - 00089016 ____A C:\Windows\DPINST.LOG
    2012-07-06 09:15 - 2012-07-05 09:10 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1357503399-807939844-3328423691-1000Core.job
    2012-07-06 09:13 - 2010-08-31 01:04 - 00064528 ____A C:\Users\Dan&Haz\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-07-06 09:13 - 2009-07-13 20:45 - 04873640 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-06 09:12 - 2010-09-03 23:39 - 00195874 ____A C:\Windows\PFRO.log
    2012-07-05 22:41 - 2012-07-05 22:41 - 00140832 ____A C:\Windows\SysWOW64\Drivers\str.sys
    2012-07-05 20:00 - 2012-07-05 20:00 - 08571656 ____A (Razer USA Ltd.) C:\Users\Dan&Haz\Downloads\Razer_Synapse2_v1.02.16.exe
    2012-07-05 09:10 - 2012-07-05 09:10 - 00739824 ____A (Google Inc.) C:\Users\Dan&Haz\Downloads\ChromeSetup.exe
    2012-07-05 08:45 - 2012-04-15 04:53 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-05 08:45 - 2011-05-18 08:59 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-05 08:08 - 2010-09-07 20:51 - 00113152 ____A C:\Users\Dan&Haz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-07-01 10:46 - 2009-07-13 21:13 - 00876274 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-29 23:08 - 2012-06-29 23:08 - 00946352 ____A (Skype Technologies S.A.) C:\Users\Dan&Haz\Downloads\SkypeSetup.exe
    2012-06-25 19:03 - 2012-06-25 19:03 - 00000193 ____A C:\Windows\WORDPAD.INI
    2012-06-19 20:23 - 2012-06-19 20:23 - 00516136 ____A (Bandoo Media Inc) C:\Users\Dan&Haz\Downloads\iLividSetupV1.exe
    2012-06-19 20:16 - 2012-06-19 20:16 - 01058312 ____A C:\Users\Dan&Haz\Downloads\Fleetwood_MAc_-_Rumours_(DTS-CD).rar_downloader.exe
    2012-06-19 20:16 - 2012-06-19 20:16 - 01058312 ____A C:\Users\Dan&Haz\Downloads\Fleetwood_Mac_-_Rumours[1977]_Pa_La_Raza.rar_downloader.exe
    2012-06-12 20:30 - 2010-09-03 23:28 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-09 09:25 - 2011-12-29 11:38 - 00006721 ____A C:\Windows\System32\RaCoInst.log
    2012-06-07 09:33 - 2012-06-07 09:33 - 00268744 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2012-06-07 09:33 - 2012-06-07 09:33 - 00189384 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2012-06-07 09:33 - 2012-06-07 09:33 - 00188872 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2012-06-07 09:33 - 2012-06-07 09:07 - 00955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
    2012-06-07 09:33 - 2012-06-07 09:07 - 00839112 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
    2012-06-07 09:30 - 2012-06-07 09:30 - 21865936 ____A (Oracle Corporation) C:\Users\Dan&Haz\Downloads\jre-7u4-windows-x64 (1).exe
    2012-06-07 09:20 - 2011-10-22 21:09 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-06-07 09:20 - 2011-10-22 21:09 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-06-07 09:07 - 2012-06-07 09:07 - 21865936 ____A (Oracle Corporation) C:\Users\Dan&Haz\Downloads\jre-7u4-windows-x64.exe
    2012-06-02 14:19 - 2012-06-21 06:35 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-21 06:35 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-21 06:35 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-21 06:35 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-21 06:35 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-21 06:35 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-21 06:35 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 13:19 - 2012-06-21 06:35 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 13:15 - 2012-06-21 06:35 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 11:22 - 2012-06-02 11:22 - 00346092 ____A C:\Users\Dan&Haz\Downloads\SLCC in Sandy, UT, USA.kmz
    2012-05-30 18:02 - 2012-05-30 18:02 - 00739816 ____A (Google Inc.) C:\Users\Dan&Haz\Downloads\GoogleEarthSetup.exe
    2012-05-18 23:55 - 2012-05-18 23:55 - 02056909 ____A C:\Users\Dan&Haz\Documents\Untitled (2).wma
    2012-05-18 23:45 - 2012-05-18 23:45 - 00067839 ____A C:\Users\Dan&Haz\Documents\Untitled.wma
    2012-05-17 18:47 - 2012-06-12 20:25 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:16 - 2012-06-12 20:25 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:06 - 2012-06-12 20:25 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 17:59 - 2012-06-12 20:25 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 17:59 - 2012-06-12 20:25 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 17:58 - 2012-06-12 20:25 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 17:58 - 2012-06-12 20:25 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 17:56 - 2012-06-12 20:25 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 17:55 - 2012-06-12 20:25 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 17:55 - 2012-06-12 20:25 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 17:54 - 2012-06-12 20:25 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 17:51 - 2012-06-12 20:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 17:51 - 2012-06-12 20:26 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 17:47 - 2012-06-12 20:25 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 15:11 - 2012-06-12 20:25 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 14:48 - 2012-06-12 20:25 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 14:45 - 2012-06-12 20:25 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 14:36 - 2012-06-12 20:25 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 14:35 - 2012-06-12 20:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 14:35 - 2012-06-12 20:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 14:33 - 2012-06-12 20:25 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 14:31 - 2012-06-12 20:25 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 14:29 - 2012-06-12 20:25 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 14:29 - 2012-06-12 20:25 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-12 20:25 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 14:25 - 2012-06-12 20:26 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 14:24 - 2012-06-12 20:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 14:20 - 2012-06-12 20:25 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-14 18:50 - 2012-05-14 18:50 - 00094208 ____A (Razer USA Ltd) C:\Windows\System32\Drivers\rzudd.sys
    2012-05-14 18:50 - 2012-05-14 18:50 - 00020992 ____A (Razer USA Ltd) C:\Windows\System32\Drivers\rzvkeyboard.sys
    2012-05-14 18:36 - 2012-05-14 18:36 - 00354816 ____A (Razer USA Ltd) C:\Windows\SysWOW64\rzdevicedll.dll
    2012-05-14 18:36 - 2012-05-14 18:36 - 00165888 ____A (Razer USA Ltd) C:\Windows\SysWOW64\rzaudiodll.dll
    2012-05-14 18:36 - 2012-05-14 18:36 - 00142848 ____A (Razer USA Ltd) C:\Windows\SysWOW64\rztouchdll.dll
    2012-05-14 17:32 - 2012-06-12 18:00 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-12 21:46 - 2011-03-14 19:44 - 00010285 ____A C:\Windows\IE9_main.log
    2012-05-12 21:45 - 2012-05-12 21:45 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2012-05-12 21:45 - 2012-05-12 21:45 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
    2012-05-12 21:45 - 2012-05-12 21:45 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2012-05-12 21:45 - 2012-05-12 21:45 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2012-05-12 21:45 - 2012-05-12 21:45 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
    2012-05-12 21:45 - 2012-05-12 21:45 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
    2012-05-12 21:45 - 2012-05-12 21:45 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2012-05-12 21:45 - 2012-05-12 21:45 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2012-05-12 21:45 - 2012-05-12 21:45 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
    2012-05-12 21:45 - 2012-05-12 21:45 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2012-05-12 21:45 - 2012-05-12 21:45 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2012-05-12 21:45 - 2012-05-12 21:45 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2012-05-12 21:45 - 2012-05-12 21:45 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
    2012-05-12 21:45 - 2012-05-12 21:45 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2012-05-12 21:45 - 2012-05-12 21:45 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
    2012-05-12 21:45 - 2012-05-12 21:45 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2012-05-12 21:45 - 2012-05-12 21:45 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2012-05-12 21:45 - 2012-05-12 21:45 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
    2012-05-12 21:45 - 2012-05-12 21:45 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2012-05-12 21:45 - 2012-05-12 21:45 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2012-05-12 21:45 - 2012-05-12 21:45 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2012-05-07 18:46 - 2012-05-07 18:46 - 00026112 ____A (Razer USA Ltd) C:\Windows\System32\Drivers\rzdaendpt.sys
    2012-05-07 18:46 - 2012-05-07 18:46 - 00007168 ____A (Razer USA Ltd) C:\Windows\System32\Drivers\rzkbdhid.sys
    2012-05-04 03:06 - 2012-06-12 18:00 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:03 - 2012-06-12 18:00 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-12 18:00 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-04-29 00:53 - 2012-04-29 00:53 - 04542800 ____A (Microsoft Corporation) C:\Users\Dan&Haz\Downloads\vs_proweb.exe
    2012-04-27 19:55 - 2012-06-12 18:00 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-25 21:41 - 2012-06-12 18:00 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-06-12 18:00 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-06-12 18:00 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-21 21:50 - 2009-07-13 21:08 - 00032604 ____A C:\Windows\Tasks\SCHEDLGU.TXT

    ZeroAccess:
    C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}
    C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\@
    C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\L
    C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\n
    C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U
    C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U\00000001.@
    C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U\80000000.@
    C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U\800000cb.@

    ZeroAccess:
    C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}
    C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\@
    C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\L
    C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U
    C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U\00000001.@
    C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U\800000cb.@

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 15%
    Total physical RAM: 4095.18 MB
    Available physical RAM: 3447.91 MB
    Total Pagefile: 4093.32 MB
    Available Pagefile: 3444.18 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:297.99 GB) (Free:50.88 GB) NTFS
    3 Drive f: () (Removable) (Total:0.92 GB) (Free:0.88 GB) FAT
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 944 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 297 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 297 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 943 MB 67 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F FAT Removable 943 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-06-28 04:01

    ======================= End Of Log ==========================
     
  3. DannyA

    DannyA TS Rookie Topic Starter

    Seems like this one is keeping you busy, posting "services.exe" FRST search log.


    Farbar Recovery Scan Tool Version: 07-07-2012 02
    Ran by SYSTEM at 2012-07-07 00:03:50
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
     
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hi there. Welcome to the TechSpot forums!

    FRST64 Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt



    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.


    OTL Run
    Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in

      msconfig
      safebootminimal
      activex
      drivers32
      netsvcs
      CreateRestorePoint
      %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
      %AppData%\Local\
      %systemroot%\system32\sysprep
      *.xpi /md5
      %systemroot%\Downloaded Program Files\
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\system32\drivers\*.sys /90
      %systemroot%\System32\config\*.sav
      %SYSTEMDRIVE%\*.exe /md5
      "%WinDir%\$NtUninstallKB*$." /30
      %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
      %systemroot%\*. /mp /s
      %systemroot%\*. /rp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
      %USERPROFILE%\AppData\Local\ /s
      %systemroot%\Installer\ /s
      %systemroot%\system32\Cache\ /s
      %systemroot%\system32\config\systemprofile\Application Data /s
      %PROGRAMFILES%\*.
      %appdata%\*.*
      /md5start
      volsnap.sys
      services.exe
      userinit.exe
      afd.sys
      tcpip.sys
      netbt.sys
      ipsec.sys
      dnsrslvr.dll
      ipnathlp.dll
      netman.dll
      WMIsvc.dll
      srsvc.dll
      sr.sys
      wscsvc.dll
      wuauserv.dll
      qmgr.dll
      es.dll
      cryptsvc.dll
      svchost.exe
      rpcss.dll
      tdx.sys
      wininit.exe
      winlogon.exe
      atapi.sys
      explorer.exe
      /md5stop
    • Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time
    Note: in the event that OTL fails to run, please use alternate download links to try again:

    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr
     
  5. DannyA

    DannyA TS Rookie Topic Starter

    After Fixlist, PC booted smoothly and no more auto restarts, very nice.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 07-07-2012 02
    Ran by SYSTEM at 2012-07-07 11:52:12 Run:1
    Running from F:\

    ==============================================

    C:\Windows\System32\services.exe.28CD3126AC90F66D moved successfully.
    C:\Windows\System32\services.exe.3220167DB9834ECF moved successfully.
    C:\Windows\System32\services.exe.0EC778CA7C0F9938 moved successfully.
    C:\Windows\System32\services.exe.54B800A5BF41515A moved successfully.
    C:\Windows\System32\services.exe.A45F5576FD5DD3FA moved successfully.
    C:\Windows\System32\services.exe.ED4FFE12C66D94B8 moved successfully.
    C:\Windows\System32\services.exe.F115BF7CA0A5820D moved successfully.
    C:\Windows\System32\services.exe.8768063590A183EB moved successfully.
    C:\Windows\System32\services.exe.47EFC44464B42130 moved successfully.
    C:\Windows\System32\services.exe.ABBAD16F98675739 moved successfully.
    C:\Windows\System32\services.exe.339A7B72E145642A moved successfully.
    C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270} moved successfully.
    C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\@ not found.
    C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\L not found.
    C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\n not found.
    C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U not found.
    C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U\00000001.@ not found.
    C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U\80000000.@ not found.
    C:\Windows\Installer\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U\800000cb.@ not found.
    C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270} moved successfully.
    C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\@ not found.
    C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\L not found.
    C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U not found.
    C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U\00000001.@ not found.
    C:\Users\Dan&Haz\AppData\Local\{a20fc9e9-9dc0-869e-cdd1-4fe804175270}\U\800000cb.@ not found.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
     
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Great! Post the OTL log when you can, please.
     
  7. DannyA

    DannyA TS Rookie Topic Starter

    OTL logfile created on: 7/7/2012 12:03:36 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Dan&Haz\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 65.99% Memory free
    8.00 Gb Paging File | 6.47 Gb Available in Paging File | 80.91% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 297.99 Gb Total Space | 50.86 Gb Free Space | 17.07% Space Free | Partition Type: NTFS

    Computer Name: DANHAZ-PC | User Name: Dan&Haz | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/07 12:02:42 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Dan&Haz\Desktop\OTL.exe
    PRC - [2012/07/05 11:10:29 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\Dan&Haz\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
    PRC - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012/05/29 18:21:44 | 000,313,768 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
    PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/01/14 13:56:42 | 000,248,832 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
    PRC - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
    PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/08/03 04:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2011/05/12 15:23:38 | 000,512,000 | ---- | M] () -- C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
    PRC - [2011/04/14 12:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
    PRC - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
    PRC - [2009/04/01 22:27:28 | 000,090,112 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    PRC - [2007/12/19 12:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/12 22:34:07 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
    MOD - [2012/06/12 22:33:56 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
    MOD - [2012/06/12 22:33:53 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
    MOD - [2012/06/12 22:33:49 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
    MOD - [2012/06/12 22:33:47 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
    MOD - [2012/05/09 14:55:29 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll
    MOD - [2012/05/09 14:53:56 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c\System.Runtime.DurableInstancing.ni.dll
    MOD - [2012/05/09 14:53:55 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll
    MOD - [2012/05/09 14:53:55 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiagnostics.ni.dll
    MOD - [2012/05/09 14:53:53 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll
    MOD - [2012/05/09 14:49:59 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
    MOD - [2012/05/09 11:26:28 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
    MOD - [2012/05/09 11:23:51 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
    MOD - [2012/05/09 11:23:49 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
    MOD - [2012/05/09 11:23:47 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
    MOD - [2012/05/09 11:23:46 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
    MOD - [2012/05/09 11:23:41 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
    MOD - [2012/01/14 13:56:42 | 000,248,832 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
    MOD - [2011/04/14 12:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2010/10/23 22:02:43 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2012/07/05 10:45:31 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/06/27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012/06/14 16:20:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/11/14 20:43:29 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
    SRV - [2011/08/03 04:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2011/05/12 15:23:38 | 000,512,000 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe -- (UDisk Monitor)
    SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2010/07/23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/04/22 12:01:30 | 000,124,256 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
    SRV - [2009/04/01 22:27:28 | 000,090,112 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
    SRV - [2008/08/18 10:02:00 | 000,222,208 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
    SRV - [2008/08/01 12:11:20 | 000,158,208 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/05/14 20:50:36 | 000,020,992 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzvkeyboard.sys -- (rzvkeyboard)
    DRV:64bit: - [2012/05/14 20:50:18 | 000,094,208 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
    DRV:64bit: - [2012/05/07 20:46:02 | 000,026,112 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzdaendpt.sys -- (rzdaendpt)
    DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/10/19 04:17:46 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2011/09/09 15:45:30 | 001,660,480 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
    DRV:64bit: - [2011/05/10 03:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2011/05/09 19:09:00 | 000,122,368 | ---- | M] (Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT_U_USBSER.sys -- (Generalusbserialser20675)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/10/23 22:51:33 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2010/10/23 22:51:33 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010/10/23 22:50:52 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010/10/20 17:10:08 | 000,011,776 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)
    DRV:64bit: - [2010/10/01 00:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
    DRV:64bit: - [2010/07/09 13:19:02 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
    DRV:64bit: - [2010/03/23 16:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
    DRV:64bit: - [2010/01/11 18:05:20 | 001,290,752 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV:64bit: - [2009/07/15 21:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/24 04:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
    DRV:64bit: - [2009/06/10 14:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 16:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/05/04 22:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
    DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV:64bit: - [2007/08/14 11:36:58 | 000,035,328 | ---- | M] (Belkin Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcgame.sys -- (bcgame)
    DRV:64bit: - [2006/11/28 21:46:20 | 000,043,328 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCAMp50a64.sys -- (PCAMp50a64)
    DRV:64bit: - [2006/11/28 21:46:20 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCASp50a64.sys -- (PCASp50a64)
    DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2008/08/18 10:04:02 | 000,040,480 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclk64.sys -- (NVR0Dev)
    DRV - [2008/08/01 12:08:28 | 000,040,480 | ---- | M] (NVidia Corp.) [Kernel | Auto | Running] -- C:\Windows\nvflsh64.sys -- (NVR0FLASHDev)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
    IE - HKLM\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - No CLSID value found
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3007394

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?PC=BNHP
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5E 73 46 77 B1 51 CD 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{sear...00842&mntrId=ea9625c600000000000000259cf4b638
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3007394
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Search Results"
    FF - prefs.js..browser.search.defaultthis.engineName: " "
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Search Results"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
    FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=390&systemid=406&sr=0&q="
    FF - prefs.js..network.proxy.type: 0


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Dan&Haz\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dan&Haz\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dan&Haz\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/30 21:28:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/05 11:07:45 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/07 11:19:46 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Dan&Haz\AppData\Roaming\Move Networks [2010/09/19 22:10:36 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/30 21:28:03 | 000,000,000 | ---D | M]

    [2012/06/23 20:28:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan&Haz\AppData\Roaming\Mozilla\Extensions
    [2012/07/04 20:17:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan&Haz\AppData\Roaming\Mozilla\Firefox\Profiles\freq8eoz.default\extensions
    [2011/01/13 16:00:07 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Dan&Haz\AppData\Roaming\Mozilla\Firefox\Profiles\freq8eoz.default\extensions\support@ancestry.com
    [2011/08/16 10:06:22 | 000,000,863 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Roaming\Mozilla\Firefox\Profiles\freq8eoz.default\searchplugins\conduit.xml
    [2012/06/19 22:23:52 | 000,002,519 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Roaming\Mozilla\Firefox\Profiles\freq8eoz.default\searchplugins\Search_Results.xml
    [2012/07/05 11:07:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/06/30 01:10:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2010/09/19 22:10:36 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\DAN&HAZ\APPDATA\ROAMING\MOVE NETWORKS
    [2012/06/14 16:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2009/11/06 09:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
    [2009/11/06 09:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2011/09/02 20:33:11 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2012/06/14 16:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/06/14 16:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Dan&Haz\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dan&Haz\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dan&Haz\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Dan&Haz\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Gmail = C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2011/04/24 22:58:30 | 000,001,211 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
    O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
    O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
    O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
    O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (no name) - {167d9323-f7cc-48f5-948a-6f012831a69f} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll File not found
    O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {167d9323-f7cc-48f5-948a-6f012831a69f} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {167D9323-F7CC-48F5-948A-6F012831A69F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
    O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
    O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Activities present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\CommandBar present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Safety present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbar present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23B426C6-C70E-496C-A233-C3EDF1AAAF0F}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BA48B9C-0F22-4054-87C7-0B26160F250C}: DhcpNameServer = 10.133.20.11 10.132.20.11
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A803AA94-A281-44DE-AF03-CB672F190D85}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFF05F74-64FC-4A99-ABA8-F4F2807D7AEE}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8013F12-6917-4F95-8E01-153C95705CDD}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{14cd676e-57ce-11e0-a925-485b393b4cb4}\Shell - "" = AutoRun
    O33 - MountPoints2\{35e9ebfa-29cb-11e1-85e0-485b393b4cb4}\Shell - "" = AutoRun
    O33 - MountPoints2\{35e9ebfa-29cb-11e1-85e0-485b393b4cb4}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Setup.exe
    O33 - MountPoints2\{73b03aa7-d013-11e0-9e7e-485b393b4cb4}\Shell - "" = AutoRun
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
  8. DannyA

    DannyA TS Rookie Topic Starter

    MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
    MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nostromo Loadout Manager.lnk - C:\Windows\Installer\{548C7B77-8B04-427E-ACD0-D0E6E6E59BCF}\NewShortcut2_548C7B778B04427EACD0D0E6E6E59BCF.exe - (Macrovision Corporation)
    MsConfig:64bit - StartUpFolder: C:^Users^Dan&Haz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - - File not found
    MsConfig:64bit - StartUpFolder: C:^Users^Dan&Haz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe - ()
    MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    MsConfig:64bit - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: amd_dc_opt - hkey= - key= - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
    MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    MsConfig:64bit - StartUpReg: DNS7reminder - hkey= - key= - C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
    MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
    MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
    MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    MsConfig:64bit - StartUpReg: NVIDIA nTune - hkey= - key= - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
    MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
    MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
    MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    MsConfig:64bit - StartUpReg: Turbo Key - hkey= - key= - C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe ()
    MsConfig:64bit - State: "startup" - Reg Error: Key error.

    SafeBootMin:64bit: AppMgmt - Service
    SafeBootMin:64bit: Base - Driver Group
    SafeBootMin:64bit: Boot Bus Extender - Driver Group
    SafeBootMin:64bit: Boot file system - Driver Group
    SafeBootMin:64bit: File system - Driver Group
    SafeBootMin:64bit: Filter - Driver Group
    SafeBootMin:64bit: HelpSvc - Service
    SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
    SafeBootMin:64bit: PCI Configuration - Driver Group
    SafeBootMin:64bit: PNP Filter - Driver Group
    SafeBootMin:64bit: Primary disk - Driver Group
    SafeBootMin:64bit: sacsvr - Service
    SafeBootMin:64bit: SCSI Class - Driver Group
    SafeBootMin:64bit: System Bus Extender - Driver Group
    SafeBootMin:64bit: vmms - Service
    SafeBootMin:64bit: WinDefend - Service
    SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
    SafeBootMin: AppMgmt - Service
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vmms - Service
    SafeBootMin: WinDefend - Service
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
    ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
    ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
    ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.pspgru - C:\Windows\SysWow64\PSPGRU.acm (Philips Austria GmbH - Speech Processing)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/07 12:02:40 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Dan&Haz\Desktop\OTL.exe
    [2012/07/07 00:17:26 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/06 21:06:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/07/06 21:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/07/06 00:46:20 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
    [2012/07/05 22:00:57 | 000,000,000 | ---D | C] -- C:\Users\Dan&Haz\AppData\Local\Razer
    [2012/07/05 22:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
    [2012/07/05 11:11:12 | 000,000,000 | ---D | C] -- C:\Users\Dan&Haz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/07/05 11:07:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2012/07/01 06:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
    [2012/07/01 06:57:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
    [2012/06/30 01:09:45 | 000,000,000 | ---D | C] -- C:\Users\Dan&Haz\AppData\Roaming\Skype
    [2012/06/30 01:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2012/06/30 01:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2012/06/30 01:09:34 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
    [2012/06/30 01:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
    [2012/06/21 08:35:22 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
    [2012/06/21 08:35:22 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
    [2012/06/21 08:35:22 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
    [2012/06/21 08:35:15 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
    [2012/06/21 08:35:15 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
    [2012/06/21 08:35:15 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
    [2012/06/21 08:35:02 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
    [2012/06/21 08:35:02 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
    [2012/06/20 07:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
    [2012/06/19 22:26:15 | 000,000,000 | ---D | C] -- C:\Users\Dan&Haz\AppData\Roaming\vlc
    [2012/06/19 22:25:16 | 000,000,000 | ---D | C] -- C:\Users\Dan&Haz\AppData\Local\Ilivid Player
    [2012/06/12 22:26:00 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/06/12 22:26:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/06/12 22:25:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/06/12 22:25:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/06/12 22:25:58 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/06/12 22:25:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/06/12 22:25:57 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2012/06/12 22:25:57 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012/06/12 22:25:56 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012/06/12 22:25:56 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/06/12 22:25:55 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012/06/12 22:25:55 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/06/12 22:25:55 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/06/12 20:00:42 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
    [2012/06/12 20:00:42 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
    [2012/06/12 20:00:42 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
    [2012/06/12 20:00:38 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2012/06/12 20:00:37 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2012/06/12 20:00:37 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2012/06/11 06:54:11 | 000,000,000 | ---D | C] -- C:\Users\Dan&Haz\AppData\Local\Macromedia
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/07 12:06:47 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/07 12:06:47 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/07 12:02:42 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Dan&Haz\Desktop\OTL.exe
    [2012/07/07 11:59:33 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/07 11:59:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/07 11:59:15 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/06 21:17:23 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/06 21:15:04 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1357503399-807939844-3328423691-1000UA.job
    [2012/07/06 21:07:20 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/07/06 21:07:00 | 000,889,758 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/07/06 21:07:00 | 000,728,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/06 21:07:00 | 000,147,498 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/06 20:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/06 20:44:54 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
    [2012/07/06 20:44:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzdaendpt_01009.Wdf
    [2012/07/06 11:15:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1357503399-807939844-3328423691-1000Core.job
    [2012/07/06 11:13:01 | 004,873,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/07/06 00:41:14 | 000,140,832 | ---- | M] () -- C:\Windows\SysWow64\drivers\str.sys
    [2012/07/05 10:45:31 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2012/07/05 10:45:31 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/07/05 10:08:23 | 000,113,152 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/07/01 12:46:48 | 000,876,274 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/06/25 21:03:47 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
    [2012/06/08 22:22:01 | 002,735,362 | ---- | M] () -- C:\Users\Dan&Haz\Desktop\DSCI4866 (2).jpg
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/06 21:07:02 | 000,001,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/07/06 20:44:54 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
    [2012/07/06 20:44:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzdaendpt_01009.Wdf
    [2012/07/06 00:41:06 | 000,140,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\str.sys
    [2012/07/05 11:10:31 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1357503399-807939844-3328423691-1000UA.job
    [2012/07/05 11:10:30 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1357503399-807939844-3328423691-1000Core.job
    [2012/07/05 11:07:49 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/06/25 21:03:47 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
    [2012/06/24 05:30:01 | 002,804,776 | ---- | C] () -- C:\Users\Dan&Haz\Desktop\DSCI1893 (3).jpg
    [2012/06/24 04:42:39 | 002,473,120 | ---- | C] () -- C:\Users\Dan&Haz\Desktop\DSCI4897 (2).jpg
    [2012/06/24 04:42:18 | 002,057,247 | ---- | C] () -- C:\Users\Dan&Haz\Desktop\DSCI4908 (2).jpg
    [2012/06/24 04:41:14 | 002,735,362 | ---- | C] () -- C:\Users\Dan&Haz\Desktop\DSCI4866 (2).jpg
    [2012/06/23 12:36:54 | 000,002,093 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 3.4.1 64-bit.lnk
    [2011/12/29 13:37:26 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
    [2011/12/18 18:35:28 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe
    [2011/12/18 18:35:28 | 000,000,704 | ---- | C] () -- C:\Windows\InnoTipLanguage.ini
    [2011/11/06 09:41:21 | 000,001,835 | ---- | C] () -- C:\Users\Dan&Haz\AppData\Roaming\SAS7_000.DAT
    [2011/08/03 04:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2011/07/16 15:48:07 | 000,000,017 | ---- | C] () -- C:\Windows\clofghls.dll
    [2011/07/16 15:21:24 | 000,000,052 | ---- | C] () -- C:\Windows\mafosav.INI
    [2011/05/17 22:39:07 | 000,889,758 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/05/12 13:08:41 | 000,001,940 | ---- | C] () -- C:\Users\Dan&Haz\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2011/01/11 00:57:56 | 000,000,338 | ---- | C] () -- C:\Windows\MyHeritage.INI
    [2011/01/11 00:57:17 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
    [2010/12/31 23:09:36 | 000,007,597 | ---- | C] () -- C:\Users\Dan&Haz\AppData\Local\Resmon.ResmonCfg
    [2010/11/26 17:45:44 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
    [2010/09/30 22:02:09 | 000,022,754 | ---- | C] () -- C:\Windows\hpqins15.dat
    [2010/09/30 21:17:13 | 000,208,102 | ---- | C] () -- C:\Windows\hpoins43.dat
    [2010/09/17 00:37:06 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2010/09/07 22:51:42 | 000,113,152 | ---- | C] () -- C:\Users\Dan&Haz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/31 03:04:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/08/31 02:59:54 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
    [2010/08/31 02:59:54 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
    [2010/08/31 02:59:51 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
    [2010/08/31 02:59:51 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
    [2010/08/31 02:52:14 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2010/08/31 02:52:08 | 000,033,011 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

    ========== Custom Scans ==========

    < %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

    < %AppData%\Local\ >

    < %systemroot%\system32\sysprep >

    < *.xpi /md5 >

    < %systemroot%\Downloaded Program Files\ >

    < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/14 16:20:49 | 000,867,072 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/14 16:20:49 | 000,867,072 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/14 16:20:49 | 000,867,072 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/06/14 16:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/06/14 16:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/14 16:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Dan&Haz\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/06/28 04:28:57 | 001,250,328 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Dan&Haz\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/06/28 04:28:57 | 001,250,328 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Dan&Haz\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/06/28 04:28:57 | 001,250,328 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Dan&Haz\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/06/28 04:28:57 | 001,250,328 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/05/12 23:45:56 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/05/12 23:45:56 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/05/12 23:45:56 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/05/17 17:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/05/17 17:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/06/14 16:20:49 | 000,867,072 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/06/14 16:20:49 | 000,867,072 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/06/14 16:20:49 | 000,867,072 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/06/14 16:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/06/14 16:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/06/14 16:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\DAN&HAZ\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/06/28 04:28:57 | 001,250,328 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\DAN&HAZ\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/06/28 04:28:57 | 001,250,328 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\DAN&HAZ\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/06/28 04:28:57 | 001,250,328 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\DAN&HAZ\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/06/28 04:28:57 | 001,250,328 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/05/12 23:45:56 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/05/12 23:45:56 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/05/12 23:45:56 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/05/17 17:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/05/17 17:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /90 >
    [2012/07/06 00:41:14 | 000,140,832 | ---- | M] () -- C:\Windows\system32\drivers\str.sys

    < %systemroot%\System32\config\*.sav >

    < %SYSTEMDRIVE%\*.exe /md5 >

    < "%WinDir%\$NtUninstallKB*$." /30 >

    < %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

    < %systemroot%\*. /mp /s >

    < %systemroot%\*. /rp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
    [2012/07/05 11:19:39 | 000,209,213 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists
    [2012/07/05 11:32:12 | 000,002,089 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Local State
    [2012/07/05 11:24:59 | 002,860,128 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom
    [2012/07/05 11:25:00 | 000,818,287 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Filter 2
    [2012/07/05 11:11:24 | 000,006,144 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies
    [2012/07/05 11:11:24 | 000,001,544 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal
    [2012/07/05 11:25:00 | 000,134,356 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Safe Browsing Csd Whitelist
    [2012/07/05 11:24:59 | 001,536,712 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Safe Browsing Download
    [2012/07/05 11:25:00 | 000,016,668 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Safe Browsing Download Whitelist
    [2012/07/05 11:12:03 | 044,265,472 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Archived History
    [2012/07/05 11:12:03 | 000,016,384 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Archived History-journal
    [2012/07/05 11:11:16 | 000,000,757 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
    [2012/07/05 11:11:16 | 000,000,757 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
    [2012/07/05 11:32:32 | 000,020,480 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cookies
    [2012/07/05 11:32:32 | 000,012,896 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
    [2012/07/05 11:32:25 | 000,222,479 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Current Session
    [2012/07/05 11:32:44 | 000,000,008 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
    [2012/07/05 11:30:45 | 000,020,480 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Favicons
    [2012/07/05 11:30:45 | 000,012,848 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
     
  9. DannyA

    DannyA TS Rookie Topic Starter

    [2012/07/05 11:31:28 | 013,795,328 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\History
    [2012/07/05 11:12:10 | 003,481,600 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-04
    [2012/07/05 11:12:10 | 006,156,288 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-05
    [2012/07/05 11:12:10 | 002,924,544 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-06
    [2012/07/05 11:31:28 | 000,360,448 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-07
    [2012/07/05 11:31:46 | 000,016,928 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-07-journal
    [2012/07/05 11:30:25 | 000,324,101 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
    [2012/07/05 11:31:46 | 000,016,928 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\History-journal
    [2012/07/05 11:26:45 | 000,143,034 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Last Session
    [2012/07/05 11:27:03 | 000,000,008 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
    [2012/07/05 11:12:11 | 000,012,288 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Login Data
    [2012/07/05 11:12:11 | 000,000,512 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
    [2012/07/05 11:30:55 | 000,034,816 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
    [2012/07/05 11:30:55 | 000,016,384 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal
    [2012/07/05 11:32:05 | 000,038,580 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [2012/06/30 01:09:58 | 000,000,000 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad
    [2012/07/05 11:12:13 | 000,000,180 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\README
    [2012/07/05 11:30:55 | 000,012,288 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
    [2012/07/05 11:30:55 | 000,012,824 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal
    [2012/07/05 11:21:40 | 000,036,864 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Top Sites
    [2012/07/05 11:21:40 | 000,012,824 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
    [2012/07/05 11:32:44 | 004,194,176 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Visited Links
    [2012/07/05 11:30:25 | 000,075,776 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Web Data
    [2012/07/05 11:30:25 | 000,014,904 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
    [2012/07/05 11:32:44 | 000,045,056 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
    [2012/07/05 11:32:44 | 000,532,480 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
    [2012/07/05 11:32:44 | 003,153,920 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
    [2012/07/05 11:32:44 | 004,202,496 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
    [2012/07/05 11:12:12 | 000,021,956 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001
    [2012/07/05 11:12:12 | 000,022,604 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000002
    [2012/07/05 11:12:12 | 000,042,198 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003
    [2012/07/05 11:12:28 | 000,017,112 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000004
    [2012/07/05 11:12:28 | 000,037,816 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000005
    [2012/07/05 11:12:28 | 000,018,159 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000006
    [2012/07/05 11:12:28 | 000,193,407 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000007
    [2012/07/05 11:13:59 | 000,024,135 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000008
    [2012/07/05 11:13:59 | 000,152,787 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000009
    [2012/07/05 11:14:00 | 000,028,693 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000a
    [2012/07/05 11:14:00 | 000,016,899 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000b
    [2012/07/05 11:14:04 | 000,018,964 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
    [2012/07/05 11:14:04 | 000,062,797 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
    [2012/07/05 11:14:04 | 000,032,032 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
    [2012/07/05 11:14:04 | 000,209,429 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
    [2012/07/05 11:14:11 | 000,037,824 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
    [2012/07/05 11:14:11 | 000,018,966 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011
    [2012/07/05 11:14:11 | 000,018,159 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012
    [2012/07/05 11:14:11 | 000,209,429 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000013
    [2012/07/05 11:14:16 | 000,441,089 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000014
    [2012/07/05 11:14:26 | 000,024,728 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000015
    [2012/07/05 11:14:26 | 000,020,608 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000016
    [2012/07/05 11:14:26 | 000,030,703 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000017
    [2012/07/05 11:14:26 | 000,020,232 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000018
    [2012/07/05 11:14:26 | 000,035,818 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000019
    [2012/07/05 11:14:26 | 000,022,118 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001a
    [2012/07/05 11:14:26 | 000,042,897 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001b
    [2012/07/05 11:14:28 | 000,031,554 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001c
    [2012/07/05 11:14:28 | 000,037,474 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001d
    [2012/07/05 11:14:35 | 000,118,765 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001e
    [2012/07/05 11:14:36 | 000,706,081 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001f
    [2012/07/05 11:14:37 | 000,016,951 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000020
    [2012/07/05 11:14:37 | 000,072,173 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000022
    [2012/07/05 11:14:37 | 000,018,508 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000023
    [2012/07/05 11:14:37 | 000,059,657 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000024
    [2012/07/05 11:14:38 | 000,051,910 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000025
    [2012/07/05 11:14:38 | 000,105,224 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000026
    [2012/07/05 11:14:38 | 000,047,753 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000027
    [2012/07/05 11:14:38 | 000,019,863 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000028
    [2012/07/05 11:14:38 | 000,024,209 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000029
    [2012/07/05 11:14:38 | 000,032,103 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002a
    [2012/07/05 11:14:39 | 000,032,075 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002b
    [2012/07/05 11:14:39 | 000,050,003 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002c
    [2012/07/05 11:14:39 | 000,018,147 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002d
    [2012/07/05 11:14:39 | 000,054,992 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002e
    [2012/07/05 11:14:40 | 000,017,759 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002f
    [2012/07/05 11:14:43 | 002,041,208 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000030
    [2012/07/05 11:14:43 | 000,029,497 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000031
    [2012/07/05 11:14:43 | 000,021,457 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000032
    [2012/07/05 11:14:44 | 000,640,308 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000033
    [2012/07/05 11:14:44 | 000,610,408 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000034
    [2012/07/05 11:15:22 | 000,086,949 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000035
    [2012/07/05 11:15:23 | 000,189,833 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000036
    [2012/07/05 11:15:52 | 000,053,170 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000037
    [2012/07/05 11:16:52 | 000,017,318 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000038
    [2012/07/05 11:16:52 | 000,024,605 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000039
    [2012/07/05 11:16:52 | 000,025,801 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003a
    [2012/07/05 11:16:52 | 000,017,541 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003b
    [2012/07/05 11:16:52 | 000,020,227 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003c
    [2012/07/05 11:16:53 | 000,064,847 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003d
    [2012/07/05 11:16:53 | 000,016,645 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003e
    [2012/07/05 11:16:53 | 000,018,796 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003f
    [2012/07/05 11:16:58 | 000,047,961 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000040
    [2012/07/05 11:16:58 | 000,034,795 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000041
    [2012/07/05 11:16:58 | 000,063,007 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000042
    [2012/07/05 11:16:58 | 000,098,879 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000043
    [2012/07/05 11:16:58 | 000,195,085 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000044
    [2012/07/05 11:18:32 | 000,092,039 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000045
    [2012/07/05 11:18:33 | 000,045,237 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000046
    [2012/07/05 11:18:50 | 002,343,547 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000047
    [2012/07/05 11:19:29 | 000,452,709 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000048
    [2012/07/05 11:21:50 | 000,225,019 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004a
    [2012/07/05 11:22:29 | 000,017,934 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004b
    [2012/07/05 11:22:29 | 000,077,766 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004c
    [2012/07/05 11:23:32 | 000,029,355 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004d
    [2012/07/05 11:24:32 | 000,017,934 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004e
    [2012/07/05 11:25:02 | 000,016,738 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004f
    [2012/07/05 11:25:13 | 000,043,175 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000050
    [2012/07/05 11:25:25 | 000,582,087 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000051
    [2012/07/05 11:25:26 | 000,036,510 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000052
    [2012/07/05 11:25:27 | 000,037,367 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000053
    [2012/07/05 11:25:27 | 000,021,459 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000054
    [2012/07/05 11:25:27 | 000,021,267 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000055
    [2012/07/05 11:25:32 | 000,034,662 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000056
    [2012/07/05 11:30:36 | 000,044,496 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000057
    [2012/07/05 11:30:37 | 000,029,194 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000058
    [2012/07/05 11:30:37 | 000,019,903 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000059
    [2012/07/05 11:30:37 | 000,034,754 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005a
    [2012/07/05 11:30:37 | 000,024,251 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005b
    [2012/07/05 11:30:37 | 000,056,352 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005c
    [2012/07/05 11:30:40 | 000,399,553 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005d
    [2012/07/05 11:30:57 | 000,018,766 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005e
    [2012/07/05 11:31:19 | 000,022,330 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005f
    [2012/07/05 11:31:21 | 000,029,384 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000060
    [2012/07/05 11:31:23 | 000,025,267 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000061
    [2012/07/05 11:32:02 | 000,017,934 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000062
    [2012/07/05 11:11:24 | 000,524,656 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Cache\index
    [2012/07/05 11:12:12 | 000,003,524 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\128.png
    [2012/07/05 11:12:12 | 000,000,745 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\manifest.json
    [2012/07/05 11:12:12 | 000,000,401 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ar\messages.json
    [2012/07/05 11:12:12 | 000,000,427 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\bg\messages.json
    [2012/07/05 11:12:12 | 000,000,250 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ca\messages.json
    [2012/07/05 11:12:12 | 000,000,255 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\cs\messages.json
    [2012/07/05 11:12:12 | 000,000,242 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\da\messages.json
    [2012/07/05 11:12:12 | 000,000,226 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\de\messages.json
    [2012/07/05 11:12:12 | 000,000,475 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\el\messages.json
    [2012/07/05 11:12:12 | 000,000,227 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\en\messages.json
    [2012/07/05 11:12:12 | 000,000,240 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\es\messages.json
    [2012/07/05 11:12:12 | 000,000,222 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\fi\messages.json
    [2012/07/05 11:12:12 | 000,000,236 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\fil\messages.json
    [2012/07/05 11:12:12 | 000,000,249 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\fr\messages.json
    [2012/07/05 11:12:12 | 000,000,419 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\he\messages.json
    [2012/07/05 11:12:12 | 000,000,408 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\hi\messages.json
    [2012/07/05 11:12:12 | 000,000,220 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\hr\messages.json
    [2012/07/05 11:12:12 | 000,000,253 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\hu\messages.json
    [2012/07/05 11:12:12 | 000,000,231 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\id\messages.json
    [2012/07/05 11:12:12 | 000,000,224 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\it\messages.json
    [2012/07/05 11:12:12 | 000,000,349 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ja\messages.json
    [2012/07/05 11:12:12 | 000,000,323 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ko\messages.json
    [2012/07/05 11:12:12 | 000,000,266 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\lt\messages.json
    [2012/07/05 11:12:12 | 000,000,245 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\lv\messages.json
    [2012/07/05 11:12:12 | 000,000,225 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\nl\messages.json
    [2012/07/05 11:12:11 | 000,000,216 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\no\messages.json
    [2012/07/05 11:12:12 | 000,000,274 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\pl\messages.json
    [2012/07/05 11:12:12 | 000,000,237 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\pt_BR\messages.json
    [2012/07/05 11:12:12 | 000,000,236 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\pt_PT\messages.json
    [2012/07/05 11:12:12 | 000,000,248 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ro\messages.json
    [2012/07/05 11:12:12 | 000,000,394 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ru\messages.json
    [2012/07/05 11:12:12 | 000,000,241 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sk\messages.json
    [2012/07/05 11:12:12 | 000,000,245 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sl\messages.json
    [2012/07/05 11:12:12 | 000,000,437 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sr\messages.json
    [2012/07/05 11:12:12 | 000,000,238 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sv\messages.json
    [2012/07/05 11:12:12 | 000,000,365 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\th\messages.json
    [2012/07/05 11:12:12 | 000,000,255 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\tr\messages.json
    [2012/07/05 11:12:12 | 000,000,442 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\uk\messages.json
    [2012/07/05 11:12:12 | 000,000,310 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\vi\messages.json
    [2012/07/05 11:12:12 | 000,000,257 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\zh_CN\messages.json
    [2012/07/05 11:12:12 | 000,000,269 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\zh_TW\messages.json
    [2012/07/05 11:12:12 | 000,005,369 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\128.png
    [2012/07/05 11:12:12 | 000,000,496 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\16.png
    [2012/07/05 11:12:12 | 000,001,143 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\32.png
    [2012/07/05 11:12:12 | 000,001,858 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\48.png
    [2012/07/05 11:12:12 | 000,000,790 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\manifest.json
    [2012/07/05 11:12:12 | 000,000,423 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ar\messages.json
    [2012/07/05 11:12:12 | 000,000,515 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\bg\messages.json
    [2012/07/05 11:12:12 | 000,000,330 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ca\messages.json
    [2012/07/05 11:12:12 | 000,000,355 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\cs\messages.json
    [2012/07/05 11:12:12 | 000,000,328 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\da\messages.json
    [2012/07/05 11:12:12 | 000,000,307 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\de\messages.json
    [2012/07/05 11:12:12 | 000,000,569 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\el\messages.json
    [2012/07/05 11:12:12 | 000,000,314 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en\messages.json
    [2012/07/05 11:12:12 | 000,000,314 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_GB\messages.json
    [2012/07/05 11:12:12 | 000,000,314 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_US\messages.json
    [2012/07/05 11:12:12 | 000,000,340 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es\messages.json
    [2012/07/05 11:12:12 | 000,000,341 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es_419\messages.json
    [2012/07/05 11:12:12 | 000,000,314 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\et\messages.json
    [2012/07/05 11:12:12 | 000,000,305 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fi\messages.json
    [2012/07/05 11:12:12 | 000,000,337 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fil\messages.json
    [2012/07/05 11:12:12 | 000,000,329 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fr\messages.json
    [2012/07/05 11:12:12 | 000,000,471 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\he\messages.json
    [2012/07/05 11:12:12 | 000,000,326 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hi\messages.json
    [2012/07/05 11:12:12 | 000,000,340 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hr\messages.json
    [2012/07/05 11:12:12 | 000,000,336 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hu\messages.json
    [2012/07/05 11:12:12 | 000,000,319 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\id\messages.json
    [2012/07/05 11:12:12 | 000,000,324 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\it\messages.json
    [2012/07/05 11:12:12 | 000,000,388 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ja\messages.json
    [2012/07/05 11:12:12 | 000,000,380 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ko\messages.json
    [2012/07/05 11:12:12 | 000,000,359 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lt\messages.json
    [2012/07/05 11:12:12 | 000,000,360 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lv\messages.json
    [2012/07/05 11:12:12 | 000,000,323 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\nl\messages.json
    [2012/07/05 11:12:11 | 000,000,300 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\no\messages.json
    [2012/07/05 11:12:12 | 000,000,336 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pl\messages.json
    [2012/07/05 11:12:12 | 000,000,332 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_BR\messages.json
    [2012/07/05 11:12:12 | 000,000,331 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_PT\messages.json
    [2012/07/05 11:12:12 | 000,000,332 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ro\messages.json
    [2012/07/05 11:12:12 | 000,000,471 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ru\messages.json
    [2012/07/05 11:12:12 | 000,000,338 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sk\messages.json
    [2012/07/05 11:12:12 | 000,000,329 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sl\messages.json
    [2012/07/05 11:12:12 | 000,000,483 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sr\messages.json
    [2012/07/05 11:12:12 | 000,000,333 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sv\messages.json
    [2012/07/05 11:12:12 | 000,000,472 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\th\messages.json
    [2012/07/05 11:12:12 | 000,000,330 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\tr\messages.json
    [2012/07/05 11:12:12 | 000,000,501 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\uk\messages.json
    [2012/07/05 11:12:12 | 000,000,363 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\vi\messages.json
    [2012/07/05 11:12:12 | 000,000,346 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_CN\messages.json
    [2012/07/05 11:12:12 | 000,000,346 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_TW\messages.json
    [2012/07/05 11:12:12 | 000,005,920 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\128.png
    [2012/07/05 11:12:11 | 000,000,755 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\manifest.json
    [2012/07/05 11:12:12 | 000,000,556 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ar\messages.json
    [2012/07/05 11:12:12 | 000,000,492 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\bg\messages.json
    [2012/07/05 11:12:12 | 000,000,262 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ca\messages.json
    [2012/07/05 11:12:12 | 000,000,289 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\cs\messages.json
    [2012/07/05 11:12:12 | 000,000,240 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\da\messages.json
    [2012/07/05 11:12:12 | 000,000,239 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\de\messages.json
    [2012/07/05 11:12:12 | 000,000,624 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\el\messages.json
    [2012/07/05 11:12:12 | 000,000,215 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\en\messages.json
    [2012/07/05 11:12:12 | 000,000,281 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\es\messages.json
    [2012/07/05 11:12:12 | 000,000,284 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fi\messages.json
    [2012/07/05 11:12:12 | 000,000,234 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fil\messages.json
    [2012/07/05 11:12:12 | 000,000,272 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fr\messages.json
    [2012/07/05 11:12:12 | 000,000,391 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hi\messages.json
    [2012/07/05 11:12:12 | 000,000,246 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hr\messages.json
    [2012/07/05 11:12:12 | 000,000,234 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hu\messages.json
    [2012/07/05 11:12:12 | 000,000,242 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\id\messages.json
    [2012/07/05 11:12:12 | 000,000,260 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\it\messages.json
    [2012/07/05 11:12:12 | 000,000,364 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ja\messages.json
    [2012/07/05 11:12:12 | 000,000,328 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ko\messages.json
    [2012/07/05 11:12:12 | 000,000,269 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\lt\messages.json
    [2012/07/05 11:12:12 | 000,000,262 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\lv\messages.json
    [2012/07/05 11:12:12 | 000,000,232 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\nl\messages.json
    [2012/07/05 11:12:11 | 000,000,210 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\no\messages.json
    [2012/07/05 11:12:12 | 000,000,292 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\pl\messages.json
    [2012/07/05 11:12:12 | 000,000,230 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\pt_BR\messages.json
    [2012/07/05 11:12:12 | 000,000,231 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\pt_PT\messages.json
    [2012/07/05 11:12:12 | 000,000,281 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ro\messages.json
    [2012/07/05 11:12:12 | 000,000,482 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ru\messages.json
    [2012/07/05 11:12:11 | 000,000,210 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\se\messages.json
    [2012/07/05 11:12:12 | 000,000,238 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\sk\messages.json
    [2012/07/05 11:12:12 | 000,000,249 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\sl\messages.json
    [2012/07/05 11:12:12 | 000,000,511 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\sr\messages.json
    [2012/07/05 11:12:12 | 000,000,471 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\th\messages.json
    [2012/07/05 11:12:12 | 000,000,250 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\tr\messages.json
    [2012/07/05 11:12:12 | 000,000,536 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\uk\messages.json
    [2012/07/05 11:12:12 | 000,000,257 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\vi\messages.json
    [2012/07/05 11:12:12 | 000,000,339 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\zh_CN\messages.json
    [2012/07/05 11:12:12 | 000,000,321 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\zh_TW\messages.json
    [4 C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp files -> C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp -> ]
    [2 C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp files -> C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp -> ]
    [2012/07/05 11:32:33 | 000,038,912 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_fb-zc1.cityville.zynga.com_0.localstorage
    [2012/07/05 11:32:33 | 000,016,384 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_fb-zc1.cityville.zynga.com_0.localstorage-journal
    [2012/07/05 11:12:11 | 000,000,000 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css
     
  10. DannyA

    DannyA TS Rookie Topic Starter

    < %USERPROFILE%\AppData\Local\ /s >

    < %systemroot%\Installer\ /s >

    < %systemroot%\system32\Cache\ /s >

    < %systemroot%\system32\config\systemprofile\Application Data /s >

    < %PROGRAMFILES%\*. >
    [2011/07/01 09:11:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
    [2011/07/10 22:50:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AMD
    [2011/11/03 10:25:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
    [2010/08/31 04:11:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ASUS
    [2011/11/21 20:14:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Audio MP3 Editor
    [2012/01/29 14:33:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Belkin
    [2011/12/30 19:42:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bethesda Softworks
    [2011/08/21 20:47:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BitTorrent
    [2012/06/30 01:09:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
    [2011/10/08 13:15:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
    [2010/09/30 21:28:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Coupons
    [2011/10/19 04:17:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DAEMON Tools Lite
    [2012/01/28 20:02:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Electronic Arts
    [2011/12/18 18:36:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Froyo_Android_Driver
    [2012/05/30 20:03:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
    [2010/09/30 21:28:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP
    [2011/08/27 23:22:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Photo Creations
    [2012/04/29 03:06:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HTML Help Workshop
    [2012/04/29 03:11:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\IIS
    [2012/03/09 08:48:43 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
    [2012/06/13 02:04:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
    [2012/06/07 11:20:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
    [2012/07/01 06:57:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LogMeIn Hamachi
    [2012/05/23 23:55:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/01/13 15:59:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MFInstall
    [2011/12/18 19:56:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
    [2012/04/29 03:11:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft ASP.NET
    [2012/04/29 03:08:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft F#
    [2012/04/29 03:14:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SDKs
    [2012/07/06 21:06:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/05/09 11:19:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
    [2012/04/29 03:17:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server
    [2012/04/29 03:14:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    [2010/09/04 01:11:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework
    [2012/04/29 03:14:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Synchronization Services
    [2012/04/29 03:13:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0
    [2012/04/29 03:03:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
    [2011/05/17 22:39:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft XNA
    [2012/04/29 03:17:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
    [2010/09/07 22:49:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Movie Maker 2.6
    [2012/07/05 11:07:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/07/05 11:07:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2012/04/29 03:04:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
    [2011/11/05 19:23:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nuance
    [2002/01/01 02:24:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation
    [2012/05/22 12:03:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenOffice.org 3
    [2012/06/07 10:44:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Oracle
    [2011/11/03 10:26:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
    [2012/07/06 20:44:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Razer
    [2010/08/31 03:02:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
    [2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
    [2012/06/30 01:09:59 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
    [2011/07/16 15:14:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\softendo.com
    [2012/04/10 13:45:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\StarCraft II
    [2012/07/05 23:07:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
    [2010/09/05 16:23:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\support.com
    [2010/08/31 03:03:28 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
    [2011/11/12 10:30:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\The Elder Scrolls V Skyrim
    [2009/07/13 22:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
    [2010/08/31 02:53:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VIA
    [2009/07/13 23:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
    [2011/12/18 22:53:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
    [2010/09/04 01:08:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live SkyDrive
    [2011/06/28 10:28:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
    [2011/06/28 10:28:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
    [2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
    [2011/06/28 10:28:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
    [2011/06/28 10:28:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
    [2011/06/28 10:28:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar

    < %appdata%\*.* >
    [2011/11/19 07:27:00 | 000,001,835 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Roaming\SAS7_000.DAT

    < MD5 for: AFD.SYS >
    [2011/12/27 21:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
    [2011/12/27 21:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
    [2011/12/27 22:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
    [2011/04/24 20:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
    [2009/07/13 17:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
    [2011/12/27 22:01:12 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=CCA39961E76B491DDF44B1E90FC8971D -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
    [2010/11/20 03:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
    [2011/04/24 20:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
    [2011/12/27 21:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
    [2011/04/24 21:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
    [2011/04/24 20:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

    < MD5 for: ATAPI.SYS >
    [2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
    [2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
    [2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
    [2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

    < MD5 for: CRYPTSVC.DLL >
    [2010/11/20 07:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\SysNative\cryptsvc.dll
    [2010/11/20 07:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
    [2009/07/13 19:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
    [2009/07/13 19:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
    [2010/11/20 06:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\SysWOW64\cryptsvc.dll
    [2010/11/20 06:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll

    < MD5 for: DNSRSLVR.DLL >
    [2011/03/03 00:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\SysNative\dnsrslvr.dll
    [2011/03/03 00:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsrslvr.dll
    [2009/07/13 19:40:32 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=676108C4E3AA6F6B34633748BD0BEBD9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_3dd76e849c0a6a12\dnsrslvr.dll
    [2011/03/03 00:17:10 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=85CF424C74A1D5EC33533E1DBFF9920A -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_3ddf452a9c04f6b8\dnsrslvr.dll
    [2011/03/03 00:12:55 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=B2205BAEAE4C178ABEB1B149751FC2B9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsrslvr.dll
    [2010/11/20 07:26:07 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=CD55F5355D8F55D44C9F4ED875705BD6 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsrslvr.dll
    [2011/03/03 00:23:37 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=D8065FA366D28746EE3D75F08ED6B2FE -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_3eabc3f7b4f01eb1\dnsrslvr.dll

    < MD5 for: ES.DLL >
    [2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\SysNative\es.dll
    [2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
    [2012/06/28 04:27:57 | 000,008,216 | ---- | M] () MD5=8C4CBA187C451FAE0C9C1674B9C3AC39 -- C:\Users\Dan&Haz\AppData\Local\Google\Chrome\Application\20.0.1132.47\Locales\es.dll
    [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\SysWOW64\es.dll
    [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll

    < MD5 for: EXPLORER.EXE >
    [2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
    [2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
    [2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
    [2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
    [2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
    [2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2009/08/03 00:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2009/10/31 00:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [2009/08/02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
    [2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    [2009/10/31 00:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [2009/08/02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
    [2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    [2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
    [2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
    [2009/08/03 00:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
     
  11. DannyA

    DannyA TS Rookie Topic Starter

    < MD5 for: IPNATHLP.DLL >
    [2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\SysNative\ipnathlp.dll
    [2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\ipnathlp.dll

    < MD5 for: NETBT.SYS >
    [2010/11/20 03:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
    [2010/11/20 03:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
    [2009/07/13 17:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=9162B273A44AB9DCE5B44362731D062A -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_bc59ba0910f52e0c\netbt.sys

    < MD5 for: NETMAN.DLL >
    [2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\SysNative\netman.dll
    [2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll

    < MD5 for: QMGR.DLL >
    [2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
    [2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
    [2009/07/13 19:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

    < MD5 for: RPCSS.DLL >
    [2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
    [2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
    [2009/07/13 19:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=7266972E86890E2B30C0C322E906B027 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll

    < MD5 for: SERVICES.EXE >
    [2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=014A9CB92514E27C0107614DF764BC06 -- C:\FRST\Quarantine\services.exe
    [2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
    [2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

    < MD5 for: SVCHOST.EXE >
    [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
    [2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
    [2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
    [2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

    < MD5 for: TCPIP.SYS >
    [2011/04/24 23:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
    [2011/09/29 11:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
    [2010/11/20 07:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
    [2011/06/21 00:16:55 | 001,888,128 | ---- | M] (Microsoft Corporation) MD5=5279D4DD69C7C71524B8E7A5746D15CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys
    [2010/06/14 00:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
    [2012/03/30 04:19:17 | 001,877,872 | ---- | M] (Microsoft Corporation) MD5=5EFD096DEF47F8B88EF591DA92143440 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
    [2011/04/24 23:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
    [2012/03/30 05:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
    [2012/03/30 04:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
    [2010/06/14 00:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
    [2009/07/13 19:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
    [2011/04/24 23:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
    [2011/06/21 00:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
    [2011/09/29 10:17:51 | 001,886,064 | ---- | M] (Microsoft Corporation) MD5=AC3E29880DB5659532A1AA3439304A43 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
    [2012/03/30 05:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\SysNative\drivers\tcpip.sys
    [2012/03/30 05:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
    [2011/04/25 00:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
    [2011/06/21 00:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys
    [2011/06/21 00:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
    [2011/09/29 10:24:44 | 001,897,328 | ---- | M] (Microsoft Corporation) MD5=F18F56EFC0BFB9C87BA01C37B27F4DA5 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
    [2011/09/29 10:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

    < MD5 for: TDX.SYS >
    [2009/07/13 17:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_4632b9f2f5c6af5e\tdx.sys
    [2010/11/20 03:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SysNative\drivers\tdx.sys
    [2010/11/20 03:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

    < MD5 for: USERINIT.EXE >
    [2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
    [2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
    [2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
    [2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

    < MD5 for: VOLSNAP.SYS >
    [2010/11/20 07:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
    [2010/11/20 07:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
    [2010/11/20 07:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
    [2009/07/13 19:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

    < MD5 for: WININIT.EXE >
    [2009/07/13 19:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
    [2009/07/13 19:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
    [2009/07/13 19:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
    [2009/07/13 19:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

    < MD5 for: WINLOGON.EXE >
    [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
    [2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
    [2009/10/28 01:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
    [2009/10/28 00:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
     
  12. DannyA

    DannyA TS Rookie Topic Starter

    < MD5 for: WMISVC.DLL >
    [2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\SysNative\wbem\WMIsvc.dll
    [2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7600.16385_none_fca7ad7710a22535\WMIsvc.dll
    [2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_fed8c13f0d90a8cf\WMIsvc.dll

    < MD5 for: WSCSVC.DLL >
    [2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\SysNative\wscsvc.dll
    [2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16385_none_76354f59cbc9dce8\wscsvc.dll
    [2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_78666321c8b86082\wscsvc.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:0FF263E8
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A384652A

    < End of report >



    Man that was long.. Now the Extras.txt
     
  13. DannyA

    DannyA TS Rookie Topic Starter

    OTL Extras logfile created on: 7/7/2012 12:03:36 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Dan&Haz\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 65.99% Memory free
    8.00 Gb Paging File | 6.47 Gb Available in Paging File | 80.91% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 297.99 Gb Total Space | 50.86 Gb Free Space | 17.07% Space Free | Partition Type: NTFS

    Computer Name: DANHAZ-PC | User Name: Dan&Haz | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
    "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
    "{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
    "{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
    "{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
    "{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
    "{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
    "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
    "{5D068141-189F-39E2-A052-E40D4B561256}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
    "{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
    "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
    "{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
    "{8BBA6F77-4A79-4E90-BD82-E24669ACF221}" = Adobe Photoshop Lightroom 3.4.1 64-bit
    "{8DF9D3DF-6D03-A04F-217F-F2577D973DBE}" = ATI Catalyst Install Manager
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 280.26
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.1107
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
    "{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
    "{D2D77DC2-8299-11D1-8949-444553540000}_is1" = ZTE Handset USB Driver 5.2066.1.8
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
    "{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
    "{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
    "HP Imaging Device Functions" = HP Imaging Device Functions 14.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
    "HPExtendedCapabilities" = HP Customer Participation Program 14.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "Shop for HP Supplies" = Shop for HP Supplies
    "WinRAR archiver" = WinRAR 4.00 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
    "{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    "{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
    "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
    "{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
    "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
    "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
    "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
    "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
    "{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
    "{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3356EDC7-9373-4D5D-852D-9AB7DBB5A7FC}" = GPU NOS
    "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3B0CFB08-515C-4AD4-89DF-997BF8545622}" = Nuance Voice Recorder
    "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
    "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
    "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    "{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
    "{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
    "{548C7B77-8B04-427E-ACD0-D0E6E6E59BCF}" = Nostromo
    "{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
    "{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
    "{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
    "{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
    "{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
    "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
    "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
    "{AE249BA3-2421-3996-5E9A-DF4A9F3551FC}" = Catalyst Control Center InstallProxy
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
    "{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{B83F7FA5-3191-4E39-A1F2-8A9038BD0B04}" = Turbo Key
    "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
    "{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
    "{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
    "{EB0F4554-AD4F-4C8C-9764-66AC2CF8D184}" = AMD OverDrive
    "{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
    "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Android USB Driver_is1" = Android USB Driver
    "Audio MP3 Editor_is1" = Audio MP3 Editor 5.40
    "BitTorrent" = BitTorrent
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "Family Tree Builder" = MyHeritage Family Tree Builder
    "HP Photo Creations" = HP Photo Creations
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "InstallShield_{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
    "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
    "InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
    "LogMeIn Hamachi" = LogMeIn Hamachi
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
    "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
    "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Picasa 3" = Picasa 3
    "Rage_is1" = Rage
    "StarCraft II" = StarCraft II
    "Steam App 105600" = Terraria
    "Steam App 109400" = MicroVolts
    "Steam App 209870" = Blacklight: Retribution
    "Steam App 220" = Half-Life 2
    "Steam App 240" = Counter-Strike: Source
    "Steam App 280" = Half-Life: Source
    "Steam App 320" = Half-Life 2: Deathmatch
    "Steam App 32370" = Star Wars: Knights of the Old Republic
    "Steam App 400" = Portal
    "Steam App 440" = Team Fortress 2
    "Steam App 8400" = Geometry Wars: Retro Evolved
    "WhiteSmoke_Bar Toolbar" = WhiteSmoke Bar Toolbar
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "Move Media Player" = Move Media Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 3/28/2012 6:34:01 AM | Computer Name = DanHaz-PC | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    Error - 3/28/2012 6:35:02 AM | Computer Name = DanHaz-PC | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 3/29/2012 4:56:12 PM | Computer Name = DanHaz-PC | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    Error - 3/29/2012 4:57:52 PM | Computer Name = DanHaz-PC | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 3/30/2012 7:37:35 AM | Computer Name = DanHaz-PC | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    Error - 3/30/2012 7:39:15 AM | Computer Name = DanHaz-PC | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 3/31/2012 8:05:15 AM | Computer Name = DanHaz-PC | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    Error - 3/31/2012 8:06:53 AM | Computer Name = DanHaz-PC | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 4/1/2012 2:31:58 AM | Computer Name = DanHaz-PC | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    Error - 4/1/2012 2:33:39 AM | Computer Name = DanHaz-PC | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    [ Media Center Events ]
    Error - 10/23/2010 7:28:01 PM | Computer Name = DanHaz-PC | Source = MCUpdate | ID = 0
    Description = 5:28:00 PM - Failed to retrieve Broadband-2.enc (Error: BITS 0x80080005)


    Error - 11/29/2010 2:03:44 AM | Computer Name = DanHaz-PC | Source = MCUpdate | ID = 0
    Description = 11:03:39 PM - Error connecting to the internet. 11:03:39 PM - Unable
    to contact server..

    Error - 11/29/2010 3:03:50 AM | Computer Name = DanHaz-PC | Source = MCUpdate | ID = 0
    Description = 12:03:49 AM - Error connecting to the internet. 12:03:49 AM - Unable
    to contact server..

    Error - 12/2/2010 4:01:07 AM | Computer Name = DanHaz-PC | Source = MCUpdate | ID = 0
    Description = 1:00:59 AM - Error connecting to the internet. 1:00:59 AM - Unable
    to contact server..

    Error - 12/2/2010 7:44:40 PM | Computer Name = DanHaz-PC | Source = MCUpdate | ID = 0
    Description = 4:44:38 PM - Error connecting to the internet. 4:44:40 PM - Unable
    to contact server..

    Error - 1/12/2011 2:16:21 PM | Computer Name = DanHaz-PC | Source = MCUpdate | ID = 0
    Description = 11:16:20 AM - Error connecting to the internet. 11:16:21 AM - Unable
    to contact server..

    Error - 1/12/2011 2:16:31 PM | Computer Name = DanHaz-PC | Source = MCUpdate | ID = 0
    Description = 11:16:26 AM - Error connecting to the internet. 11:16:26 AM - Unable
    to contact server..

    Error - 6/6/2011 3:04:55 AM | Computer Name = DanHaz-PC | Source = MCUpdate | ID = 0
    Description = 1:04:55 AM - Failed to retrieve SportsSchedule (Error: The underlying
    connection was closed: Could not establish trust relationship for the SSL/TLS secure
    channel.)

    Error - 6/17/2011 2:37:20 AM | Computer Name = DanHaz-PC | Source = MCUpdate | ID = 0
    Description = 12:37:15 AM - Error connecting to the internet. 12:37:15 AM - Unable
    to contact server..

    Error - 7/21/2011 11:54:09 AM | Computer Name = DanHaz-PC | Source = MCUpdate | ID = 0
    Description = 9:54:09 AM - Error connecting to the internet. 9:54:09 AM - Unable
    to contact server..

    [ System Events ]
    Error - 7/6/2012 11:48:07 PM | Computer Name = DanHaz-PC | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1060

    Error - 7/6/2012 11:48:09 PM | Computer Name = DanHaz-PC | Source = Service Control Manager | ID = 7003
    Description = The IPsec Policy Agent service depends the following service: BFE.
    This service might not be installed.

    Error - 7/7/2012 12:07:45 AM | Computer Name = DanHaz-PC | Source = Service Control Manager | ID = 7003
    Description = The IKE and AuthIP IPsec Keying Modules service depends the following
    service: BFE. This service might not be installed.

    Error - 7/7/2012 12:07:47 AM | Computer Name = DanHaz-PC | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1060

    Error - 7/7/2012 12:07:48 AM | Computer Name = DanHaz-PC | Source = Service Control Manager | ID = 7003
    Description = The IPsec Policy Agent service depends the following service: BFE.
    This service might not be installed.

    Error - 7/7/2012 1:59:31 PM | Computer Name = DanHaz-PC | Source = Service Control Manager | ID = 7003
    Description = The IKE and AuthIP IPsec Keying Modules service depends the following
    service: BFE. This service might not be installed.

    Error - 7/7/2012 1:59:33 PM | Computer Name = DanHaz-PC | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1060

    Error - 7/7/2012 1:59:34 PM | Computer Name = DanHaz-PC | Source = Service Control Manager | ID = 7003
    Description = The IPsec Policy Agent service depends the following service: BFE.
    This service might not be installed.

    Error - 7/7/2012 1:59:54 PM | Computer Name = DanHaz-PC | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 7/7/2012 1:59:54 PM | Computer Name = DanHaz-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891


    < End of report >
     
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hi again!

    OTL FIXES

    Warning: this OTL fix has active links. Please do not click on the links below, or your computer might become infected immediately!

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

      :OTL
      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
      IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
      IE - HKLM\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - No CLSID value found
      IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
      IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
      IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3007394
      IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
      IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{sear...00842&mntrId=ea9625c600000000000000259cf4b638
      IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms}
      IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3007394
      FF - prefs.js..browser.search.defaultenginename: "Search Results"
      FF - prefs.js..browser.search.defaultthis.engineName: " "
      FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}"
      FF - prefs.js..browser.search.order.1: "Search Results"
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
      FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
      FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
      FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=390&systemid=406&sr=0&q="
      [2011/08/16 10:06:22 | 000,000,863 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Roaming\Mozilla\Firefox\Profiles\freq8eoz.default\searchplugins\conduit.xml
      [2012/06/19 22:23:52 | 000,002,519 | ---- | M] () -- C:\Users\Dan&Haz\AppData\Roaming\Mozilla\Firefox\Profiles\freq8eoz.default\searchplugins\Search_Results.xml
      O2 - BHO: (no name) - {167d9323-f7cc-48f5-948a-6f012831a69f} - No CLSID value found.
      O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll File not found
      O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
      O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
      O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {167d9323-f7cc-48f5-948a-6f012831a69f} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll File not found
      O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {167D9323-F7CC-48F5-948A-6F012831A69F} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O4 - HKLM..\Run: [] File not found
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
      O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
      O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
      O33 - MountPoints2\{14cd676e-57ce-11e0-a925-485b393b4cb4}\Shell - "" = AutoRun
      O33 - MountPoints2\{35e9ebfa-29cb-11e1-85e0-485b393b4cb4}\Shell - "" = AutoRun
      O33 - MountPoints2\{35e9ebfa-29cb-11e1-85e0-485b393b4cb4}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Setup.exe
      O33 - MountPoints2\{73b03aa7-d013-11e0-9e7e-485b393b4cb4}\Shell - "" = AutoRun
      @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:0FF263E8
      @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A384652A

      :commands
      [emptytemp]
      [reboot]
    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

    ComboFix

    Please visit this webpage for a tutorial on downloading and running ComboFix:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    See the area: Using ComboFix, and when done, post the log back here.
     
  15. DannyA

    DannyA TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{167d9323-f7cc-48f5-948a-6f012831a69f} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{167d9323-f7cc-48f5-948a-6f012831a69f}\ not found.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
    Prefs.js: "Search Results" removed from browser.search.defaultenginename
    Prefs.js: " " removed from browser.search.defaultthis.engineName
    Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
    Prefs.js: "Search Results" removed from browser.search.order.1
    Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
    Prefs.js: searchtoolbar@zugo.com:1.2 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
    Prefs.js: "http://dts.search-results.com/sr?src=ffb&appid=390&systemid=406&sr=0&q=" removed from keyword.URL
    C:\Users\Dan&Haz\AppData\Roaming\Mozilla\Firefox\Profiles\freq8eoz.default\searchplugins\conduit.xml moved successfully.
    C:\Users\Dan&Haz\AppData\Roaming\Mozilla\Firefox\Profiles\freq8eoz.default\searchplugins\Search_Results.xml moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{167d9323-f7cc-48f5-948a-6f012831a69f}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{167d9323-f7cc-48f5-948a-6f012831a69f}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{167d9323-f7cc-48f5-948a-6f012831a69f} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{167d9323-f7cc-48f5-948a-6f012831a69f}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{167D9323-F7CC-48F5-948A-6F012831A69F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{167D9323-F7CC-48F5-948A-6F012831A69F}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14cd676e-57ce-11e0-a925-485b393b4cb4}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14cd676e-57ce-11e0-a925-485b393b4cb4}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35e9ebfa-29cb-11e1-85e0-485b393b4cb4}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35e9ebfa-29cb-11e1-85e0-485b393b4cb4}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35e9ebfa-29cb-11e1-85e0-485b393b4cb4}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35e9ebfa-29cb-11e1-85e0-485b393b4cb4}\ not found.
    File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Setup.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73b03aa7-d013-11e0-9e7e-485b393b4cb4}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73b03aa7-d013-11e0-9e7e-485b393b4cb4}\ not found.
    ADS C:\ProgramData\TEMP:0FF263E8 deleted successfully.
    ADS C:\ProgramData\TEMP:A384652A deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Dan&Haz
    ->Temp folder emptied: 576198877 bytes
    ->Temporary Internet Files folder emptied: 178718648 bytes
    ->Java cache emptied: 2212539 bytes
    ->FireFox cache emptied: 53417800 bytes
    ->Google Chrome cache emptied: 20930694 bytes
    ->Flash cache emptied: 554478743 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56502 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    User: TEMP

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 200704 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 363303001 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 57071644 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,723.00 mb


    OTL by OldTimer - Version 3.2.53.1 log created on 07072012_151832

    Files\Folders moved on Reboot...
    C:\Users\Dan&Haz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...
    File C:\Users\Dan&Haz\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    Registry entries deleted on Reboot...


    Combo fix coming up.
     
  16. DannyA

    DannyA TS Rookie Topic Starter

    ComboFix 12-07-07.04 - Dan&Haz 07/07/2012 15:32:10.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2175 [GMT -6:00]
    Running from: c:\users\Dan&Haz\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\SysWow64\drivers\str.sys
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-07 21:39 . 2012-07-07 21:39 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-07 21:18 . 2012-07-07 21:18 -------- d-----w- C:\_OTL
    2012-07-07 06:17 . 2012-07-07 06:17 -------- d-----w- C:\FRST
    2012-07-07 03:06 . 2012-07-07 03:06 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-07-07 03:06 . 2012-07-07 03:07 -------- d-----w- c:\program files\Microsoft Security Client
    2012-07-06 06:46 . 2012-07-06 06:46 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-07-06 04:00 . 2012-07-06 04:00 -------- d-----w- c:\users\Dan&Haz\AppData\Local\Razer
    2012-07-06 04:00 . 2012-07-06 04:00 -------- d-----w- c:\programdata\Razer
    2012-07-01 12:57 . 2012-07-01 12:57 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
    2012-06-30 07:09 . 2012-07-05 02:08 -------- d-----w- c:\users\Dan&Haz\AppData\Roaming\Skype
    2012-06-30 07:09 . 2012-06-30 07:09 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2012-06-30 07:09 . 2012-06-30 07:09 -------- d-----r- c:\program files (x86)\Skype
    2012-06-30 07:09 . 2012-06-30 07:10 -------- d-----w- c:\programdata\Skype
    2012-06-21 14:35 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-21 14:35 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-21 14:35 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-21 14:35 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-21 14:35 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-21 14:35 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-21 14:35 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-21 14:35 . 2012-06-02 21:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-21 14:35 . 2012-06-02 21:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-20 13:45 . 2012-06-20 13:45 -------- d-----w- c:\programdata\boost_interprocess
    2012-06-20 04:26 . 2012-06-20 04:27 -------- d-----w- c:\users\Dan&Haz\AppData\Roaming\vlc
    2012-06-20 04:25 . 2012-06-20 04:25 -------- d-----w- c:\users\Dan&Haz\AppData\Local\Ilivid Player
    2012-06-19 23:35 . 2012-06-19 23:35 4967624 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    2012-06-13 04:26 . 2012-05-18 01:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-06-13 04:26 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-06-13 02:00 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-13 02:00 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-13 02:00 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-13 02:00 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-13 02:00 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-13 02:00 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-06-13 02:00 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
    2012-06-13 02:00 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-11 12:54 . 2012-06-11 12:54 -------- d-----w- c:\users\Dan&Haz\AppData\Local\Macromedia
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-07 21:40 . 2012-07-07 21:40 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F30A1DE-53D1-4C2B-9296-020F6D90CEBF}\offreg.dll
    2012-07-05 16:45 . 2012-04-15 12:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-05 16:45 . 2011-05-18 16:59 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-18 09:12 . 2012-07-07 03:08 9013136 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F30A1DE-53D1-4C2B-9296-020F6D90CEBF}\mpengine.dll
    2012-06-07 17:33 . 2012-06-07 17:07 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-06-07 17:33 . 2012-06-07 17:07 839112 ----a-w- c:\windows\system32\deployJava1.dll
    2012-05-15 02:50 . 2012-05-15 02:50 20992 ----a-w- c:\windows\system32\drivers\rzvkeyboard.sys
    2012-05-15 02:50 . 2012-05-15 02:50 94208 ----a-w- c:\windows\system32\drivers\rzudd.sys
    2012-05-15 02:36 . 2012-05-15 02:36 142848 ----a-w- c:\windows\SysWow64\rztouchdll.dll
    2012-05-15 02:36 . 2012-05-15 02:36 354816 ----a-w- c:\windows\SysWow64\rzdevicedll.dll
    2012-05-15 02:36 . 2012-05-15 02:36 165888 ----a-w- c:\windows\SysWow64\rzaudiodll.dll
    2012-05-13 05:45 . 2012-05-13 05:45 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-05-13 05:45 . 2012-05-13 05:45 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-05-13 05:45 . 2012-05-13 05:45 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-05-13 05:45 . 2012-05-13 05:45 85504 ----a-w- c:\windows\system32\iesetup.dll
    2012-05-13 05:45 . 2012-05-13 05:45 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-05-13 05:45 . 2012-05-13 05:45 76800 ----a-w- c:\windows\system32\tdc.ocx
    2012-05-13 05:45 . 2012-05-13 05:45 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-05-13 05:45 . 2012-05-13 05:45 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-05-13 05:45 . 2012-05-13 05:45 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-05-13 05:45 . 2012-05-13 05:45 603648 ----a-w- c:\windows\system32\vbscript.dll
    2012-05-13 05:45 . 2012-05-13 05:45 49664 ----a-w- c:\windows\system32\imgutil.dll
    2012-05-13 05:45 . 2012-05-13 05:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-05-13 05:45 . 2012-05-13 05:45 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-05-13 05:45 . 2012-05-13 05:45 448512 ----a-w- c:\windows\system32\html.iec
    2012-05-13 05:45 . 2012-05-13 05:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-05-13 05:45 . 2012-05-13 05:45 367104 ----a-w- c:\windows\SysWow64\html.iec
    2012-05-13 05:45 . 2012-05-13 05:45 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2012-05-13 05:45 . 2012-05-13 05:45 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2012-05-13 05:45 . 2012-05-13 05:45 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-05-13 05:45 . 2012-05-13 05:45 222208 ----a-w- c:\windows\system32\msls31.dll
    2012-05-13 05:45 . 2012-05-13 05:45 165888 ----a-w- c:\windows\system32\iexpress.exe
    2012-05-13 05:45 . 2012-05-13 05:45 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-05-13 05:45 . 2012-05-13 05:45 160256 ----a-w- c:\windows\system32\wextract.exe
    2012-05-13 05:45 . 2012-05-13 05:45 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-05-13 05:45 . 2012-05-13 05:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2012-05-13 05:45 . 2012-05-13 05:45 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-05-13 05:45 . 2012-05-13 05:45 12288 ----a-w- c:\windows\system32\mshta.exe
    2012-05-13 05:45 . 2012-05-13 05:45 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-05-13 05:45 . 2012-05-13 05:45 114176 ----a-w- c:\windows\system32\admparse.dll
    2012-05-13 05:45 . 2012-05-13 05:45 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2012-05-13 05:45 . 2012-05-13 05:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-05-13 05:45 . 2012-05-13 05:45 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2012-05-08 02:46 . 2012-05-08 02:46 7168 ----a-w- c:\windows\system32\drivers\rzkbdhid.sys
    2012-05-08 02:46 . 2012-05-08 02:46 26112 ----a-w- c:\windows\system32\drivers\rzdaendpt.sys
    2012-04-30 09:13 . 2012-04-29 09:10 2377696 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-02-10 2770432]
    "DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2012-01-14 248832]
    "Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-05-30 313768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 136176]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05 250056]
    R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-24 7883264]
    R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-24 285696]
    R3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2007-08-14 35328]
    R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2010-03-23 12032]
    R3 Generalusbserialser20675;USB Legacy Serial Communication 20675;c:\windows\system32\DRIVERS\CT_U_USBSER.sys [2011-05-10 122368]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 136176]
    R3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2010-10-20 11776]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
    R3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50a64.sys [2006-11-29 43328]
    R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [2006-11-29 41280]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-04 1255736]
    R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111vx.sys [x]
    R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2009-04-22 124256]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-19 270912]
    S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-24 203264]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
    S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
    S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-14 249648]
    S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
    S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
    S2 UDisk Monitor;UDisk Monitor;c:\program files (x86)\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [2011-05-12 512000]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
    S3 netr28ux;Ralink RT2870 Chipset Family Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2011-09-09 1660480]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
    S3 rzdaendpt;%rzdaendpt.SvcDesc%;c:\windows\system32\DRIVERS\rzdaendpt.sys [2012-05-08 26112]
    S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [2012-05-15 94208]
    S3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys [2012-05-15 20992]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-01-12 1290752]
    S3 VKbms;Razer Gaming Device;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
    2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 16:45]
    .
    2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 17:00]
    .
    2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 17:00]
    .
    2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1357503399-807939844-3328423691-1000Core.job
    - c:\users\Dan&Haz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-05 17:10]
    .
    2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1357503399-807939844-3328423691-1000UA.job
    - c:\users\Dan&Haz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-05 17:10]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.bing.com/?PC=BNHP
    uLocal Page = c:\windows\system32\blank.htm
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Dan&Haz\AppData\Roaming\Mozilla\Firefox\Profiles\freq8eoz.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    c:\program files (x86)\Razer\DeathAdder\razerofa.exe
    c:\program files (x86)\Razer\DeathAdder\vdDaemon.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-07 15:46:48 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-07 21:46
    .
    Pre-Run: 55,685,267,456 bytes free
    Post-Run: 55,271,481,344 bytes free
    .
    - - End Of File - - B6326A20E7B7B8BA62E07A409B0B979A
     
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Scan with Malwarebytes' Anti-Malware

    Please open Malwarebytes' Anti-Malware, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
     
  18. DannyA

    DannyA TS Rookie Topic Starter

    Sorry about the delay I've been procrastinating the 2 hour scan.




    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.08.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Dan&Haz :: DANHAZ-PC [administrator]

    Protection: Disabled

    7/8/2012 3:24:00 PM
    mbam-log-2012-07-08 (15-24-00).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 220157
    Time elapsed: 4 minute(s), 7 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=e783863f17f3c247b7e8ea16451c4226
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-07-11 10:36:10
    # local_time=2012-07-11 04:36:10 (-0700, Mountain Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=5893 16776574 100 94 11824551 93582938 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=270696
    # found=2
    # cleaned=2
    # scan_time=6682
    C:\Users\Dan&Haz\Downloads\Fleetwood_Mac_-_Rumours[1977]_Pa_La_Raza.rar_downloader.exe Win32/InstallCore.K application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Users\Dan&Haz\Downloads\Fleetwood_MAc_-_Rumours_(DTS-CD).rar_downloader.exe Win32/InstallCore.K application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
     
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
     
  20. DannyA

    DannyA TS Rookie Topic Starter

    Computer is running great, had to uninstall and reinstall MS security essentials as it got corrupted. Windows firewall is active so all should be good. I really appreciate your help.
     
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Great to hear...and you're welcome. Semi-last steps here...

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete

    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Please download TFC by OldTimer to your desktop
    • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • It will close all programs when run, so make sure you have saved all your work before you begin.
    • Click the Start
      button to begin the process. Depending on how often you clean temp
      files, execution time should be anywhere from a few seconds to a minute
      or two. Let it run uninterrupted to completion.
    • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Tell me in your next reply, if you have completed these tasks:
    • Cleaned System Restore
    • Ran OTC
    • Ran TFC
    • Ran Security Check
    Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.
     
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...