Trojan Horse in my Windows directory, read only so I cannot move to chest

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“{138A4072-9E64-46BD-B5F9-DB2BB395391F}” = LWS VideoEffects
“{1701BD02-09B9-B25B-8290-C7D6A33C5A75}” = AMD Catalyst Install Manager
“{1D8E6291-B0D5-35EC-8441-6616F567A0F7}” = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
“{2394E621-62FE-72DF-057F-F51EB4BD2077}” = AMD Accelerated Video Transcoding
“{26A24AE4-039D-4CA4-87B4-2F86416024FF}” = Java™ 6 Update 24 (64-bit)
“{503F672D-6C84-448A-8F8F-4BC35AC83441}” = AMD APP SDK Runtime
“{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}” = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
“{7C8B4C37-0C40-2BEA-C6F3-56EAD395BC56}” = ccc-utility64
“{8220EEFE-38CD-377E-8595-13398D740ACE}” = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
“{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}” = Microsoft Silverlight
“{8E34682C-8118-31F1-BC4C-98CD9675E1C2}” = Microsoft .NET Framework 4 Extended
“{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}” = Dell Edoc Viewer
“{90140000-006D-0409-1000-0000000FF1CE}” = Microsoft Office Click-to-Run 2010
“{9B48B0AC-C813-4174-9042-476A887592C7}” = Windows Live ID Sign-in Assistant
“{A44E3BC0-77C3-3F36-2034-4F8F578B7D1B}” = AMD Media Foundation Decoders
“{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}” = HP Officejet 6500 E710n-z Basic Device Software
“{B457D49F-00E2-0FF2-4234-C20FC0702E2E}” = AMD Fuel
“{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}” = SUPERAntiSpyware
“{E06357A3-5F44-B1AE-F4BA-9DAC26A209C9}” = ccc-utility64
“{E33AC780-456C-6295-E0F3-10A8D39A09FB}” = AMD Drag and Drop Transcoding
“{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}” = Ventrilo Client for Windows x64
“{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}” = Microsoft .NET Framework 4 Client Profile
“CCleaner” = CCleaner
“Microsoft .NET Framework 4 Client Profile” = Microsoft .NET Framework 4 Client Profile
“Microsoft .NET Framework 4 Extended” = Microsoft .NET Framework 4 Extended
“WinRAR archiver” = WinRAR 5.00 beta 4 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“{048298C9-A4D3-490B-9FF9-AB023A9238F3}” = Steam
“{08610298-29AE-445B-B37D-EFBE05802967}” = LWS Pictures And Video
“{0C976EC5-842F-4313-B2AB-EDDBCCD3A222}” = System Requirements Lab
“{0D29B7E9-CDFF-807D-1D4E-FFB77D809836}” = CCC Help Italian
“{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}” = Razer Synapse 2.0
“{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}” = TERA
“{10621ADB-04B8-94B5-0520-E799FBCFE366}” = CCC Help German
“{130E5108-547F-4482-91EE-F45C784E08C7}” = HP Officejet 6500 E710n-z Help
“{144D9816-818D-C36E-33A0-889A19C5EDA6}” = CCC Help Portuguese
“{15634701-BACE-4449-8B25-1567DA8C9FD3}” = CameraHelperMsi
“{15E63A3E-5FEC-FC64-C09D-757F2753DA10}” = CCC Help Italian
“{1651216E-E7AD-4250-92A1-FB8ED61391C9}” = LWS Help_main
“{16F3A269-C49C-3EA8-76B6-3006007CE201}” = CCC Help Portuguese
“{174A3B31-4C43-43DD-866F-73C9DB887B48}” = LWS Twitter
“{18BED011-2EEF-1148-E90C-D6556565B2EC}” = CCC Help Polish
“{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}” = Microsoft XNA Framework Redistributable 3.1
“{1A44135B-3127-9AEE-5686-F64DA4F262CA}” = Catalyst Control Center Graphics Previews Common
“{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
“{20C2435C-5B06-2E12-5087-116D8EF658B8}” = CCC Help Korean
“{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}” = LWS YouTube Plugin
“{23B8178A-5389-4E11-AA42-5136D91EE6FA}” = Warframe
“{26791563-0BDF-1FBE-CC21-994A09559CCE}” = Catalyst Control Center Graphics Previews Common
“{26A24AE4-039D-4CA4-87B4-2F83216033FF}” = Java™ 6 Update 35
“{26A24AE4-039D-4CA4-87B4-2F83217017FF}” = Java 7 Update 21
“{29EF24BB-EF96-0D83-4142-2488827609B1}” = CCC Help Dutch
“{2F2AE1BD-90B2-F4C0-3D32-4653B5B65AB1}” = Catalyst Control Center InstallProxy
“{2F56F921-7281-17D7-C628-EDC320DB1AF3}” = CCC Help French
“{33126DA3-B1C3-A57F-B8DD-8D10B00698DC}” = AMD VISION Engine Control Center
“{3A25676C-038C-504A-FA32-F971B36BF7EE}” = Catalyst Control Center Graphics Previews Vista
“{3B8FF075-F41B-89DD-41F7-B90A6A01B8F8}” = Catalyst Control Center Graphics Full New
“{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}” = Tribes Ascend Closed Beta
“{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}” = Hi-Rez Studios Authenticate and Update Service
“{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}” = erLT
“{43430FA5-AF68-4A2D-A7D4-891000008200}” = Street Fighter X Tekken
“{44453D07-5BDB-45F8-E3DF-20A7F76407D0}” = CCC Help Czech
“{466E1C7A-AEAF-2F55-26E2-A727B761AAB0}” = CCC Help Dutch
“{4A03706F-666A-4037-7777-5F2748764D10}” = Java Auto Updater
“{4CB0307C-565E-4441-86BE-0DF2E4FB828C}” = Microsoft Games for Windows Marketplace
“{4E4D0FA1-F880-4CCB-999A-501000008200}” = Dark Souls Prepare to Die Edition
“{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}” = Skype™ 6.3
“{5070FEB6-D861-648C-95EA-D08B15139677}” = CCC Help Turkish
“{507A4C55-8DAF-1607-0B3B-36F975039B2D}” = CCC Help Korean
“{50ED6ABB-078C-8B17-1181-DC6DDB4E52DC}” = Catalyst Control Center InstallProxy
“{5454085C-129F-416C-9C0B-8B1000058301}” = BioShock 2
“{56BB049F-DAD3-4D9E-BC83-E4D778EAE0BD}” = CCC Help Norwegian
“{56E55229-CBE7-211E-0CD1-AB3712AF177A}” = CCC Help Danish
“{57520FA0-DF38-46A1-8046-3B1000008500}” = Batman: Arkham City™ GOTY
“{5A336D74-E680-4986-96F4-E9CEBC784F56}” = Naga Firmware Updater 1.13
“{5AF4B3C4-C393-48D7-AC7E-8E7615579548}” = Adobe AIR
“{5CE2D957-59C2-4489-481E-2E38EAE59762}” = CCC Help Spanish
“{5DE28421-7661-5A77-F667-5FDC46170AD8}” = CCC Help Swedish
“{5DEB2BA0-0E1F-D5CB-A0C4-F738590BE973}” = Catalyst Control Center Core Implementation
“{5EA47F98-C7D2-2C53-0316-CF59E197116D}” = CCC Help Finnish
“{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}” = NCsoft Launcher
“{612C34C7-5E90-47D8-9B5C-0F717DD82726}” = swMSM
“{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}” = NVIDIA PhysX
“{6675371D-22CD-F426-DC4C-9DDF594D0BBE}” = CCC Help Chinese Traditional
“{6839108F-BC82-30BC-776F-D635EDA2B3D4}” = CCC Help Russian
“{6A7DF5D8-2DDA-56C0-CC4A-667EC297787D}” = CCC Help Thai
“{6B1ADEE1-1595-82C4-6FB9-97B65F68E9EE}” = CCC Help Swedish
“{6B206787-2964-D9D8-A1F6-7D98B6BCD7F9}” = CCC Help Hungarian
“{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}” = Roxio Creator Starter
“{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}” = LWS Gallery
“{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}” = Microsoft Visual C++ 2005 Redistributable
“{71E66D3F-A009-44AB-8784-75E2819BA4BA}” = LWS Motion Detection
“{7299052b-02a4-4627-81f2-1818da5d550d}” = Microsoft Visual C++ 2005 Redistributable
“{73EFFD76-009E-A554-AA1F-106DBE475525}” = CCC Help French
“{770657D0-A123-3C07-8E44-1C83EC895118}” = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
“{775FCAEB-C804-02B9-135F-D9A189A1CCDC}” = CCC Help English
“{77D41B26-31DE-4EBA-F974-26D67B728FDB}” = CCC Help Turkish
“{789289CA-F73A-4A16-A331-54D498CE069F}” = Ventrilo Client
“{7A8A86CF-71B4-4517-919F-43E493547346}” = CCC Help Danish
“{7D5BFB15-8BC7-2170-144F-7F585FE9FDF1}” = CCC Help Japanese
“{7E77E37C-1806-ADFD-C98B-5F1465781D8F}” = CCC Help Chinese Traditional
“{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}” = Microsoft Games for Windows - LIVE Redistributable
“{833FE2B0-DCD7-8995-6374-F69F1A84055F}” = CCC Help German
“{837b34e3-7c30-493c-8f6a-2b0f04e2912c}” = Microsoft Visual C++ 2005 Redistributable
“{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}” = LWS Launcher
“{8937D274-C281-42E4-8CDB-A0B2DF979189}” = LWS Webcam Software
“{8A0B485A-639F-751F-7CA9-744F15BC54F8}” = CCC Help Czech
“{8BFFC140-7C6F-CCB0-B85B-2AE63922C919}” = CCC Help Hungarian
“{8D0BED50-BD2B-5EBA-7F04-5513F1B9EC74}” = CCC Help Thai
“{8E4F1F84-B054-5875-ABF4-1246B3CFD48E}” = CCC Help Russian
“{90140011-0066-0409-0000-0000000FF1CE}” = Microsoft Office Starter 2010 - English
“{92606477-9366-4D3B-8AE3-6BE4B29727AB}” = League of Legends
“{93DE6349-A17B-8CA8-181F-6DB7A2E1F1C7}” = Catalyst Control Center Localization All
“{95140000-0070-0000-0000-0000000FF1CE}” = Microsoft Office 2010
“{9559F7CA-5E34-4237-A2D9-D856464AD727}” = Project64 1.6
“{97E21DF5-574A-67C2-6ECC-0AC11F0ABF3C}” = CCC Help Polish
“{98C7AEBC-350A-52D6-6886-76FB98C6A503}” = Catalyst Control Center Graphics Full Existing
“{9A25302D-30C0-39D9-BD6F-21E6EC160475}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
“{9BE518E6-ECC6-35A9-88E4-87755C07200F}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
“{9DAEA76B-E50F-4272-A595-0124E826553D}” = LWS WLM Plugin
“{9FD6F1A8-5550-46AF-8509-271DF0E768B5}” = Dual-Core Optimizer
“{A071F478-73E0-4143-AE55-4DD6BABD74F5}” = Far Cry 3 Blood Dragon
“{A3C76924-B911-4766-A1FD-367D13277CB3}_is1” = GrooveWalrus 0.370
“{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}” = Catalyst Control Center - Branding
“{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}” = IMinent Toolbar
“{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}” = Wizard101
“{AA31EA7B-7917-4000-949B-38E91F848A25}” = Internet Explorer
“{AC76BA86-7AD7-1033-7B44-AA1000000001}” = Adobe Reader X (10.1.6)
“{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}” = DirectX 9 Runtime
“{AFF8C8F4-E4BB-891F-8636-5E71F946C5B6}” = Catalyst Control Center InstallProxy
“{B051D1F8-8A3D-096B-1BC5-15F111F4EE2D}” = CCC Help Greek
“{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}” = Mumble 1.2.3
“{B556929F-79D5-E843-27D4-60B1586C4773}” = Grooveshark
“{B56BA529-977E-4276-0325-A94BF57E1B65}” = CCC Help Spanish
“{BE6F906F-9F86-5CED-E122-8C6A162295B8}” = Skins
“{C276D408-F88A-4E69-9CE3-B785CFA276BD}_is1” = “Tropico 4”
“{C3592426-531E-4110-911D-BFECE2CE284C}” = osu!
“{CA6BCA2F-EDEB-408F-850B-31404BE16A61}” = I.R.I.S. OCR
“{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}” = Microsoft .NET Framework 1.1
“{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}” = Dell Marketplace Webslice IE8
“{D1E89604-DFBE-2DF8-BE82-A0076107AA32}” = CCC Help Finnish
“{D40EB009-0499-459c-A8AF-C9C110766215}” = Logitech Webcam Software
“{D68006E1-F774-4504-9ECF-03B67793C475}” = XSplit
“{D770F4B4-C422-45D9-8CEE-1B4C66E68CA8}” = Dell Stage
“{D81F39D4-FDA9-4356-92B1-16081D8BF71A}” = Pokémon Trading Card Game Online
“{DAD5AC93-8518-4F46-A5FE-E63FEE791B6F}” = AMD OverDrive
“{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}” = Dell VideoStage
“{E04810F9-4BAC-C803-82F1-241041A44897}” = CCC Help English
“{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}” = Catalyst Control Center - Branding
“{E4335E82-17B3-460F-9E70-39D9BC269DB3}” = Dell PhotoStage
“{E50D9AC2-EB3C-3161-FF97-4E800D106D0E}” = CCC Help Norwegian
“{E5F05232-96B6-4552-A480-785A60A94B21}” = System Requirements Lab CYRI
“{E65DADC9-D6B1-6706-41DE-FA19149869E5}” = Catalyst Control Center Graphics Light
“{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}” = Nexon Game Manager
“{EBF60699-3D2E-6677-D504-5B4846171C8E}” = ccc-core-static
“{ED2A4AA9-11F8-8338-0B18-CD9C543E876E}” = CCC Help Chinese Standard
“{EED027B7-0DB6-404B-8F45-6DFEE34A0441}” = LWS Video Mask Maker
“{EF56258E-0326-48C5-A86C-3BAC26FC15DF}” = Roxio Creator Starter
“{F017778C-11C7-4E57-8124-F10C5AD74B1E}_is1” = Open Broadcaster Software version 0.452a
“{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}” = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
“{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}” = Realtek High Definition Audio Driver
“{F336F89D-8C5A-432C-8EA9-DA19377AD591}” = Dell MusicStage
“{F4044E58-9707-2918-1DA9-D3E400F0B699}” = CCC Help Japanese
“{F70ACEA1-05C5-6D98-9C0C-F3AD818E1E33}” = CCC Help Chinese Standard
“{F835D378-5073-8C86-70EF-9A3B739F9897}” = CCC Help Greek
“{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}” = Visual Studio 2008 x64 Redistributables
“{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}” = LWS Facebook
“{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
“{FFD3A1EB-F550-3309-7AFE-17E4BB778423}” = Catalyst Control Center Localization All

“Adobe AIR” = Adobe AIR
“Adobe Flash Player ActiveX” = Adobe Flash Player 11 ActiveX
“Adobe Flash Player Plugin” = Adobe Flash Player 11 Plugin
“Adobe Shockwave Player” = Adobe Shockwave Player 11.6
“Applian FLV and Media Player” = Applian FLV and Media Player 3.1.1.12
“avast” = avast! Free Antivirus
“BandiMPEG1” = Bandisoft MPEG-1 Decoder
“Cyphers” = Cyphers
“Diablo III” = Diablo III
“Dishonored_is1” = Dishonored
“F5 Networks Client Components” = BIG-IP Edge Client Components (All Users)
“GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}” = Dark Souls Prepare to Die Edition
“GFWL_{57520FA0-DF38-46A1-8046-3B1000008500}” = Batman: Arkham City™ GOTY
“GoToAssist” = GoToAssist 8.0.0.514
“GroovesharkDesktop.7F9BF17D6D9CB2159C78A6A6AB076EA0B1E0497C.1” = Grooveshark
“InfiniteCrisis” = InfiniteCrisis
“InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}” = Dell VideoStage
“Microsoft .NET Framework 1.1 (1033)” = Microsoft .NET Framework 1.1
“MMDoC-PDCLive” = Duel of Champions
“Monopoly Here & Now Edition” = Monopoly Here & Now Edition
“Mozilla Firefox 14.0.1 (x86 en-US)” = Mozilla Firefox 14.0.1 (x86 en-US)
“MozillaMaintenanceService” = Mozilla Maintenance Service
“Neverwinter” = Neverwinter
“Office14.Click2Run” = Microsoft Office Click-to-Run 2010
“Open Broadcaster Software” = Open Broadcaster Software
“OpenAL” = OpenAL
“Peggle Nights 1.0” = Peggle Nights 1.0
“PunkBusterSvc” = PunkBuster Services
“RaidCall” = RaidCall
“ShiftWindow_is1” = ShiftWindow 1.02
“Sleeping Dogs_is1” = Sleeping Dogs
“Snes9x” = Snes9x
“Sonic And All Stars Racing Transformed_is1” = Sonic And All Stars Racing Transformed
“Steam App 110400” = inMomentum
“Steam App 206210” = Gotham City Impostors: Free To Play
“Steam App 206500” = AirMech
“Steam App 215470” = Primal Carnage
“Steam App 219640” = Chivalry: Medieval Warfare
“Steam App 240” = Counter-Strike: Source
“Steam App 24240” = PAYDAY: The Heist
“Steam App 43110” = Metro 2033
“Steam App 440” = Team Fortress 2
“Steam App 550” = Left 4 Dead 2
“Steam App 55230” = Saints Row: The Third
“Steam App 7670” = BioShock
“Steam App 8850” = BioShock 2
“Steam App 97330” = Magic: The Gathering - Duels of the Planeswalkers 2013
“Super Hexagon_is1” = Super Hexagon
“Uplay” = Uplay
“uTorrent” = µTorrent
“VLC media player” = VLC media player 2.0.6

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“0b0d45f34cb2f7e6” = WinGrooves
“Google Chrome” = Google Chrome
“HappyCloud” = Happy Cloud Client
“Hawken” = Hawken
“SOE-C:/Users/Dondreius/AppData/Local/Sony Online Entertainment/ApplicationUpdater” = applicationupdater
“TeamSpeak 3 Client” = TeamSpeak 3 Client
“teraenmasse” = TERA
“UnityWebPlayer” = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/8/2013 7:30:20 PM | Computer Name = Dondreius-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 4/8/2013 7:30:22 PM | Computer Name = Dondreius-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Launcher.exe_unknown, version: 0.0.0.0,
time stamp: 0x511b7fbb Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015,
time stamp: 0x50b83c8a Exception code: 0xe0434352 Fault offset: 0x0000c41f Faulting
process id: 0x1ab8 Faulting application start time: 0x01ce34b1087c9a3a Faulting application
path: C:\Users\Dondreius\Desktop\Sonic and All Stars Racing Transformed\Launcher.exe
Faulting
module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 47fd384e-a0a4-11e2-85c2-f04da2ea25f9

Error - 4/9/2013 1:46:01 PM | Computer Name = Dondreius-PC | Source = Application Error | ID = 1000
Description = Faulting application name: fc3_blooddragon.exe, version: 0.1.0.1,
time stamp: 0x515ca139 Faulting module name: FC3.dll, version: 0.1.0.1, time stamp:
0x515ca109 Exception code: 0xc0000005 Fault offset: 0x000ca3bc Faulting process id:
0xd18 Faulting application start time: 0x01ce354a1626de06 Faulting application path:
C:\Users\Dondreius\Downloads\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe Faulting
module path: C:\Users\Dondreius\Downloads\Far Cry 3 Blood Dragon\bin\FC3.dll Report
Id: 571a2457-a13d-11e2-8b7a-f04da2ea25f9

Error - 4/9/2013 1:46:08 PM | Computer Name = Dondreius-PC | Source = Application Error | ID = 1000
Description = Faulting application name: fc3_blooddragon_d3d11.exe, version: 0.1.0.1,
time stamp: 0x515ca1e7 Faulting module name: FC3_d3d11.dll, version: 0.1.0.1, time
stamp: 0x515ca1a8 Exception code: 0xc0000005 Fault offset: 0x000c9ec5 Faulting process
id: 0x16d8 Faulting application start time: 0x01ce354a1c3343e2 Faulting application
path: C:\Users\Dondreius\Downloads\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
Faulting
module path: C:\Users\Dondreius\Downloads\Far Cry 3 Blood Dragon\bin\FC3_d3d11.dll
Report
Id: 5bb0ad99-a13d-11e2-8b7a-f04da2ea25f9

Error - 4/9/2013 1:50:02 PM | Computer Name = Dondreius-PC | Source = Application Error | ID = 1000
Description = Faulting application name: fc3_blooddragon.exe, version: 0.1.0.1,
time stamp: 0x515ca139 Faulting module name: FC3.dll, version: 0.1.0.1, time stamp:
0x515ca109 Exception code: 0xc0000005 Fault offset: 0x000ca3bc Faulting process id:
0x1494 Faulting application start time: 0x01ce354aa6f59f24 Faulting application path:
C:\Users\Dondreius\Downloads\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe Faulting
module path: C:\Users\Dondreius\Downloads\Far Cry 3 Blood Dragon\bin\FC3.dll Report
Id: e724cf45-a13d-11e2-8b7a-f04da2ea25f9

Error - 4/9/2013 2:03:19 PM | Computer Name = Dondreius-PC | Source = Application Hang | ID = 1002
Description = The program fc3_blooddragon.exe version 0.1.0.1 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1634 Start
Time: 01ce354c475ab232 Termination Time: 0 Application Path: C:\Program Files (x86)\Ubisoft\Far
Cry 3 Blood Dragon\bin\fc3_blooddragon.exe Report Id:

Error - 4/10/2013 10:48:44 AM | Computer Name = Dondreius-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: msxml3.dll, version: 8.110.7601.17988,
time stamp: 0x5091ff27 Exception code: 0xc0000005 Fault offset: 0x0002e64f Faulting
process id: 0x858 Faulting application start time: 0x01ce35fa7bafddbb Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\System32\msxml3.dll Report Id: bdca915f-a1ed-11e2-8118-f04da2ea25f9

Error - 4/11/2013 7:56:46 AM | Computer Name = Dondreius-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for “C:\Program Files (x86)\SplitMediaLabs\XSplit\Cultures\XSplitBroadcasterSrc.exe”.
Dependent
Assembly Native.XSplitBroadcaster.exe,type=“win32”,version=“1.0.0.0” could not
be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/13/2013 11:02:12 AM | Computer Name = Dondreius-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for “C:\Program Files (x86)\SplitMediaLabs\XSplit\Cultures\XSplitBroadcasterSrc.exe”.
Dependent
Assembly Native.XSplitBroadcaster.exe,type=“win32”,version=“1.0.0.0” could not
be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/16/2013 8:01:14 AM | Computer Name = Dondreius-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for “C:\Program Files (x86)\SplitMediaLabs\XSplit\Cultures\XSplitBroadcasterSrc.exe”.
Dependent
Assembly Native.XSplitBroadcaster.exe,type=“win32”,version=“1.0.0.0” could not
be found. Please use sxstrace.exe for detailed diagnosis.

[ Dell Events ]
Error - 5/16/2011 8:36:44 PM | Computer Name = Dondreius-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 5/25/2013 8:06:47 AM | Computer Name = Dondreius-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.2 service failed to start due to the following error:
%%2

Error - 5/25/2013 9:06:42 PM | Computer Name = Dondreius-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 5/26/2013 9:50:39 AM | Computer Name = Dondreius-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.2 service failed to start due to the following error:
%%2

Error - 5/27/2013 10:44:29 AM | Computer Name = Dondreius-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 5/27/2013 10:44:36 AM | Computer Name = Dondreius-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.2 service failed to start due to the following error:
%%2

Error - 5/27/2013 10:44:42 AM | Computer Name = Dondreius-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 5/27/2013 10:44:43 AM | Computer Name = Dondreius-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 5/27/2013 10:44:43 AM | Computer Name = Dondreius-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 5/27/2013 6:29:33 PM | Computer Name = Dondreius-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 5/27/2013 6:29:33 PM | Computer Name = Dondreius-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

< End of report >

Sorry that took so many posts. Also, I could not attach the MBR zip file because I got an error message saying that zip isn’t a valid file type for attaching.

Sorry that took so many posts. Also, I could not attach the MBR zip file because I got an error message saying that zip isn’t a valid file type for attaching.

Hi Drejer,

Also, I could not attach the MBR zip file because I got an error message saying that zip isn't a valid file type for attaching
Sorry about that. Rename MBR.dat to MBR.txt and attach it.

Your system has been infected by one or more Rootkits/Backdoor Trojans.

This may allow hackers to remotely control your computer, steal critical system information and Download and Execute files

More information on Remote Access Trojans can be found here.

I strongly suggest you do the following immediately:

[*] From a known clean computer, change all your online passwords – for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
[*] DO NOT change passwords or do any transactions while using the infected computer until it has been cleaned.

.
This tool should take care of most of it. We’ll check the services later and see which need to be fixed.

Please read through the instructions to familarize youself with what to expect when the tool runs.

It is vitally important that combofix is renamed before it is even started to download

Please download ComboFix from Link 1 to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your [u]desktop

[*]If you are using Firefox, make sure that your download settings are as follows:
-Tools->Options->Main tab
-Set to “Always ask me where to Save the files”.

[*]During the download, before you save it to your desktop, rename Combofix to jgh.exe

[]It is important you rename Combofix during the download, but not after.
[
]Please do not rename Combofix to other names, but only to the one indicated.
[]Close any open browsers.
[
]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix

[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Click on this link [color=green]to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don’t know how to disable it, please ask.


[*]Right click on ComboFix.exe (jgh.exe in your case), click Run as Administrator & follow the prompts.

Notes:

1.Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer’s settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
4. If after running combofix you recieve an message “Illegal operation attempted on a registery key that has been marked for deletion” or similar reboot the computer.

Please post back with
[*]combofix log
How is the computer?

Thanks

Here is the MBR file, working on the rest now.

Hi Drejer,

How you making out?

Hello, I ran into an error with the Combofix scan and reboot, and I ended up doing a factory reset on my computer unfortunately. After running Combofix and signing in, I couldn’t get any programs to run or use the internet. So I did a factory reset and everything is working again. What would you recommend we do next? Everything seems to be fine, Avast isn’t showing any virus attacks like before.

Hi Drejer,

You shouldn’t have had to do that. The problem you encountered was covered in the Combofix instructions.

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser. [b]3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. 4. If after running combofix you recieve an message "Illegal operation attempted on a registery key that has been marked for deletion" or similar reboot the computer[/b].

A factory restore should have been enough to clean the computer. You can post a new OTL log and we’ll see.

Oh no I remember reading that too ><

Will post a new OTL log after the scan is finished.

OTL logfile created on: 5/30/2013 12:26:47 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DJ\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.55 Gb Available Physical Memory | 75.90% Memory free
12.00 Gb Paging File | 10.44 Gb Available in Paging File | 87.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.66 Gb Total Space | 835.80 Gb Free Space | 91.08% Space Free | Partition Type: NTFS

Computer Name: DJ-PC | User Name: DJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\DJ\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.160\deploy\LoLLauncher.exe ()
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files (x86)\LeagueWindowFIx\LeagueWindowFix.exe ()
PRC - C:\Program Files (x86)\RaidCall\raidcall.exe (RAIDCALL.COM)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe ()
PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\LeagueWindowFIx\libgcc_s_dw2-1.dll ()
MOD - C:\Program Files (x86)\LeagueWindowFIx\libstdc+±6.dll ()
MOD - C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.160\deploy\LoLLauncher.exe ()
MOD - C:\Program Files (x86)\LeagueWindowFIx\mingwm10.dll ()
MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Program Files (x86)\LeagueWindowFIx\LeagueWindowFix.exe ()
MOD - C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe ()
MOD - C:\Program Files (x86)\RaidCall\skin.dll ()
MOD - C:\Program Files (x86)\RaidCall\crashreport.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\598a9987f519acb9efe5372a2c556af6\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ad29de17e87b1cefbfcf8a3dd41e0b5c\PresentationFramework.Classic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\eb5ff7b60b69cc300751f46c6af316ad\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\de2941860ca151f8f9dd719daa7f9650\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a937151be4e65fd89c55b4c603f7d902\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d80659eacd9554d9606881b0d35835cf\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f92c882fd4e7005c005e208daa04c28d\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b2e6d33df15f6ca262db09558982e0f2\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4be2653d1c9804d2ff6e6b66d22764e1\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll ()
MOD - c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll ()
MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()

========== Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) – C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AMD FUEL Service) – C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) – C:\WINDOWS\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (wlcrasvc) – C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) – C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (GoToAssist) – C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (RoxWatch12) – C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) – C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (NOBU) – C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (SftService) – C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (clr_optimization_v2.0.50727_32) – C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) – C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) – C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) – C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) – C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) – C:\WINDOWS\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) – C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) – C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) – C:\WINDOWS\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) – C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (atikmdag) – C:\WINDOWS\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) – C:\WINDOWS\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) – C:\WINDOWS\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) – C:\WINDOWS\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (AODDriver4.2) – C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (PxHlpa64) – C:\WINDOWS\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (AtiHdmiService) – C:\WINDOWS\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (k57nd60a) – C:\WINDOWS\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (amdsata) – C:\WINDOWS\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) – C:\WINDOWS\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) – C:\WINDOWS\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) – C:\WINDOWS\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) – C:\WINDOWS\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) – C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) – C:\WINDOWS\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) – C:\WINDOWS\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) – C:\WINDOWS\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) – C:\WINDOWS\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) – C:\WINDOWS\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) – C:\WINDOWS\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (WimFltr) – C:\WINDOWS\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) – C:\WINDOWS\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM..\SearchScopes{49606DC7-976D-4030-A74E-9FB5C842FA68}: “URL” = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM..\SearchScopes{49606DC7-976D-4030-A74E-9FB5C842FA68}: “URL” = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKCU..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins@raidcall.en/RCplugin: C:\Users\DJ\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/05/09 22:39:15 | 000,000,000 | —D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/05/09 22:39:18 | 000,000,000 | —D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/05/09 22:39:37 | 000,000,000 | —D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR - Extension: South Park = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiakcboakkfknbginpmpfkcdmcmpnfm\1.6_0
CHR - Extension: Google Drive = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR - Extension: YouTube = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR - Extension: Adblock Plus = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0
CHR - Extension: Google Search = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR - Extension: AdBlock = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0
CHR - Extension: avast! Online Security = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.7_0
CHR - Extension: Reddit Enhancement Suite = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.2.0.1_0
CHR - Extension: ScriptSafe = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.13_0
CHR - Extension: Gmail = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR - Extension: League Streams = C:\Users\DJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\plbfmpfcbppeepkmbgphjpgldpgglbob\1.2.1_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM…\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM…\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM…\Run: File not found
O4 - HKLM…\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM…\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM…\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM…\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM…\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM…\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM…\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKLM…\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra ‘Tools’ menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces{20373D08-50DF-43E3-AD48-C28687422CCB}: DhcpNameServer = 192.168.1.1 71.252.0.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk )
O35:64bit: - HKLM..comfile [open] – “%1” %

O35:64bit: - HKLM..exefile [open] – “%1” %*
O35 - HKLM..comfile [open] – “%1” %*
O35 - HKLM..exefile [open] – “%1” %*
O37:64bit: - HKLM.…com [@ = comfile] – “%1” %*
O37:64bit: - HKLM.…exe [@ = exefile] – “%1” %*
O37 - HKLM.…com [@ = comfile] – “%1” %*
O37 - HKLM.…exe [@ = exefile] – “%1” %*
O38 - SubSystems\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/05/30 00:24:15 | 000,602,112 | ---- | C] (OldTimer Tools) – C:\Users\DJ\Desktop\OTL.exe
[2013/05/30 00:07:20 | 000,000,000 | —D | C] – C:\Users\DJ\AppData\Roaming\dll-files.com
[2013/05/30 00:07:14 | 000,000,000 | —D | C] – C:\ProgramData\Logs
[2013/05/30 00:07:13 | 000,019,392 | ---- | C] (Dll-Files.com) – C:\Windows\SysNative\roboot64.exe
[2013/05/30 00:07:12 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer
[2013/05/30 00:07:11 | 000,000,000 | —D | C] – C:\Program Files (x86)\Dll-Files.com Fixer
[2013/05/30 00:05:34 | 001,493,528 | ---- | C] (Microsoft Corporation) – C:\Windows\SysWow64\D3DCompiler_39.dll
[2013/05/30 00:05:34 | 000,509,448 | ---- | C] (Microsoft Corporation) – C:\Windows\SysWow64\XAudio2_2.dll
[2013/05/30 00:05:34 | 000,467,984 | ---- | C] (Microsoft Corporation) – C:\Windows\SysWow64\d3dx10_39.dll
[2013/05/30 00:05:34 | 000,068,616 | ---- | C] (Microsoft Corporation) – C:\Windows\SysWow64\XAPOFX1_1.dll
[2013/05/30 00:05:33 | 003,851,784 | ---- | C] (Microsoft Corporation) – C:\Windows\SysWow64\D3DX9_39.dll
[2013/05/30 00:05:13 | 000,000,000 | -HSD | C] – C:\Windows\SysWow64\AI_RecycleBin
[2013/05/30 00:05:12 | 000,000,000 | —D | C] – C:\Riot Games
[2013/05/30 00:05:12 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
[2013/05/30 00:03:24 | 000,000,000 | —D | C] – C:\Program Files (x86)\LeagueWindowFIx
[2013/05/30 00:03:21 | 000,000,000 | —D | C] – C:\Users\DJ\AppData\Local\PMB Files
[2013/05/30 00:03:19 | 000,000,000 | —D | C] – C:\ProgramData\PMB Files
[2013/05/30 00:03:15 | 000,000,000 | —D | C] – C:\Program Files (x86)\Pando Networks
[2013/05/30 00:02:08 | 000,000,000 | —D | C] – C:\Users\DJ\AppData\Roaming\Riot Games
[2013/05/30 00:01:18 | 032,229,024 | ---- | C] (Riot Games) – C:\Users\DJ\Desktop\LeagueofLegends_NA_Installer_05_07_13.exe
[2013/05/29 23:57:40 | 000,000,000 | —D | C] – C:\Users\DJ\My Backup Files
[2013/05/29 23:45:27 | 000,000,000 | —D | C] – C:\Users\DJ\AppData\Roaming\raidcall
[2013/05/29 23:42:53 | 000,000,000 | —D | C] – C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
[2013/05/29 23:42:53 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
[2013/05/29 23:42:50 | 000,000,000 | —D | C] – C:\Program Files (x86)\RaidCall
[2013/05/29 23:29:31 | 000,000,000 | —D | C] – C:\Users\DJ\AppData\Local\Dell
[2013/05/29 23:20:25 | 000,000,000 | —D | C] – C:\Program Files (x86)\AMD AVT
[2013/05/29 23:20:09 | 000,000,000 | —D | C] – C:\Program Files\Common Files\ATI Technologies
[2013/05/29 23:20:09 | 000,000,000 | —D | C] – C:\Program Files (x86)\Common Files\ATI Technologies
[2013/05/29 23:19:43 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2013/05/29 23:18:23 | 000,000,000 | —D | C] – C:\ProgramData\AMD
[2013/05/29 23:16:54 | 000,000,000 | —D | C] – C:\Program Files\ATI Technologies
[2013/05/29 23:16:52 | 000,000,000 | —D | C] – C:\Program Files\ATI
[2013/05/29 23:11:57 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/05/29 23:11:33 | 000,000,000 | —D | C] – C:\AMD
[2013/05/29 23:10:12 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/05/29 23:10:11 | 000,378,432 | ---- | C] (AVAST Software) – C:\Windows\SysNative\drivers\aswSP.sys
[2013/05/29 23:10:11 | 000,033,400 | ---- | C] (AVAST Software) – C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/05/29 23:10:07 | 000,072,016 | ---- | C] (AVAST Software) – C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/05/29 23:10:06 | 000,064,288 | ---- | C] (AVAST Software) – C:\Windows\SysNative\drivers\aswTdi.sys
[2013/05/29 23:10:05 | 001,025,808 | ---- | C] (AVAST Software) – C:\Windows\SysNative\drivers\aswSnx.sys
[2013/05/29 23:09:56 | 000,287,840 | ---- | C] (AVAST Software) – C:\Windows\SysNative\aswBoot.exe
[2013/05/29 23:09:56 | 000,080,816 | ---- | C] (AVAST Software) – C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/05/29 23:08:51 | 000,041,664 | ---- | C] (AVAST Software) – C:\Windows\avastSS.scr
[2013/05/29 23:08:33 | 000,000,000 | —D | C] – C:\Program Files\AVAST Software
[2013/05/29 23:08:01 | 000,000,000 | —D | C] – C:\ProgramData\AVAST Software
[2013/05/29 23:04:52 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/29 23:04:10 | 000,000,000 | —D | C] – C:\Program Files (x86)\Google
[2013/05/29 23:04:08 | 000,000,000 | —D | C] – C:\Users\DJ\AppData\Local\Google
[2013/05/29 23:03:54 | 000,000,000 | —D | C] – C:\Users\DJ\AppData\Local\Deployment
[2013/05/29 23:03:54 | 000,000,000 | —D | C] – C:\Users\DJ\AppData\Local\Apps
[2013/05/29 23:03:02 | 000,000,000 | —D | C] – C:\Users\DJ\AppData\Roaming\Macromedia
[2013/05/29 23:03:01 | 000,000,000 | —D | C] – C:\Users\DJ\AppData\Roaming\Adobe
[2013/05/29 22:58:44 | 001,031,680 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\rdpcore.dll
[2013/05/29 22:58:44 | 000,826,368 | ---- | C] (Microsoft Corporation) – C:\Windows\SysWow64\rdpcore.dll
[2013/05/29 22:57:14 | 000,000,000 | —D | C] – C:\Users\DJ\AppData\Roaming\Dell
[2013/05/29 22:57:06 | 000,000,000 | —D | C] – C:\Users\DJ\AppData\Roaming\Dell Touch Zone
[2013/05/29 22:57:03 | 000,000,000 | —D | C] – C:\Users\DJ\AppData\Roaming\Roxio
[2013/05/29 22:56:51 | 000,000,000 | —D | C] – C:\Users\DJ\AppData\Roaming\ATI
[2013/05/29 22:56:51 | 000,000,000 | —D | C] – C:\Users\DJ\AppData\Local\ATI
[2013/05/29 22:56:19 | 000,000,000 | R–D | C] – C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/05/29 22:56:19 | 000,000,000 | R–D | C] – C:\Users\DJ\Searches
[2013/05/29 22:56:19 | 000,000,000 | R–D | C] – C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/05/29 22:56:18 | 000,000,000 | -H-D | C] – C:\Users\DJ\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/05/29 22:56:06 | 000,000,000 | —D | C] – C:\Users\DJ\AppData\Roaming\Identities
[2013/05/29 22:55:56 | 000,000,000 | R–D | C] – C:\Users\DJ\Contacts
[2013/05/29 22:55:55 | 000,000,000 | -HSD | C] – C:$RECYCLE.BIN

[2013/05/29 22:55:53 | 000,000,000 | —D | C] – C:\Users\DJ\AppData\Local\VirtualStore
[2013/05/29 22:53:09 | 002,622,464 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\wucltux.dll
[2013/05/29 22:53:09 | 000,057,880 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\wuauclt.exe
[2013/05/29 22:53:09 | 000,044,056 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\wups2.dll
[2013/05/29 22:52:54 | 000,701,976 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\wuapi.dll
[2013/05/29 22:52:54 | 000,099,840 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\wudriver.dll
[2013/05/29 22:52:54 | 000,038,424 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\wups.dll
[2013/05/29 22:52:36 | 000,000,000 | —D | C] – C:\Users\DJ\AppData\Local\Dell Edoc Viewer
[2013/05/29 22:52:19 | 000,186,752 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\wuwebv.dll
[2013/05/29 22:52:19 | 000,036,864 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\wuapp.exe
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] – C:\Users\DJ\AppData\Local\Temporary Internet Files
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] – C:\Users\DJ\Templates
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] – C:\Users\DJ\Start Menu
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] – C:\Users\DJ\SendTo
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] – C:\Users\DJ\Recent
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] – C:\Users\DJ\PrintHood
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] – C:\Users\DJ\NetHood
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] – C:\Users\DJ\Documents\My Videos
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] – C:\Users\DJ\Documents\My Pictures
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] – C:\Users\DJ\Documents\My Music
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] – C:\Users\DJ\My Documents
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] – C:\Users\DJ\Local Settings
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] – C:\Users\DJ\AppData\Local\History
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] – C:\Users\DJ\Cookies
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] – C:\Users\DJ\Application Data
[2013/05/29 22:52:15 | 000,000,000 | -HSD | C] – C:\Users\DJ\AppData\Local\Application Data
[2013/05/29 22:52:11 | 000,000,000 | --SD | C] – C:\Users\DJ\AppData\Roaming\Microsoft
[2013/05/29 22:52:11 | 000,000,000 | R–D | C] – C:\Users\DJ\Videos
[2013/05/29 22:52:11 | 000,000,000 | R–D | C] – C:\Users\DJ\Saved Games
[2013/05/29 22:52:11 | 000,000,000 | R–D | C] – C:\Users\DJ\Desktop\Play Games
[2013/05/29 22:52:11 | 000,000,000 | R–D | C] – C:\Users\DJ\Pictures
[2013/05/29 22:52:11 | 000,000,000 | R–D | C] – C:\Users\DJ\Music
[2013/05/29 22:52:11 | 000,000,000 | R–D | C] – C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/05/29 22:52:11 | 000,000,000 | R–D | C] – C:\Users\DJ\Links
[2013/05/29 22:52:11 | 000,000,000 | R–D | C] – C:\Users\DJ\Favorites
[2013/05/29 22:52:11 | 000,000,000 | R–D | C] – C:\Users\DJ\Downloads
[2013/05/29 22:52:11 | 000,000,000 | R–D | C] – C:\Users\DJ\Documents
[2013/05/29 22:52:11 | 000,000,000 | R–D | C] – C:\Users\DJ\Desktop
[2013/05/29 22:52:11 | 000,000,000 | R–D | C] – C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/05/29 22:52:11 | 000,000,000 | -H-D | C] – C:\Users\DJ\AppData
[2013/05/29 22:52:11 | 000,000,000 | —D | C] – C:\Users\DJ\AppData\Local\Temp
[2013/05/29 22:52:11 | 000,000,000 | —D | C] – C:\Users\DJ\AppData\Local\SoftThinks
[2013/05/29 22:52:11 | 000,000,000 | —D | C] – C:\Users\DJ\AppData\Local\Microsoft
[2013/05/29 22:52:11 | 000,000,000 | —D | C] – C:\Users\DJ\AppData\Roaming\Media Center Programs
[2013/05/29 22:45:01 | 000,000,000 | —D | C] – C:\Emergency
[2013/05/29 22:28:15 | 000,000,000 | —D | C] – C:\Windows\SMINST
[1 C:\Windows*.tmp files → C:\Windows*.tmp → ]

========== Files - Modified Within 30 Days ==========

[2013/05/30 00:24:37 | 000,602,112 | ---- | M] (OldTimer Tools) – C:\Users\DJ\Desktop\OTL.exe
[2013/05/30 00:09:00 | 000,000,890 | ---- | M] () – C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/30 00:07:32 | 000,107,520 | ---- | M] () – C:\Windows\SysWow64\libgcc_s_dw2-1.dll
[2013/05/30 00:07:26 | 000,000,286 | ---- | M] () – C:\Windows\tasks\DLL-Files.Com Fixer_Updates.job
[2013/05/30 00:07:25 | 000,000,270 | ---- | M] () – C:\Windows\tasks\DLL-Files.Com Fixer_MONTHLY.job
[2013/05/30 00:01:28 | 032,229,024 | ---- | M] (Riot Games) – C:\Users\DJ\Desktop\LeagueofLegends_NA_Installer_05_07_13.exe
[2013/05/29 23:42:53 | 000,001,009 | ---- | M] () – C:\Users\DJ\Desktop\RaidCall.lnk
[2013/05/29 23:42:43 | 005,517,176 | ---- | M] () – C:\Users\DJ\Desktop\raidcall_v7.2.4.exe
[2013/05/29 23:34:48 | 000,014,016 | -H-- | M] () – C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/29 23:34:48 | 000,014,016 | -H-- | M] () – C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/29 23:31:13 | 000,713,888 | ---- | M] () – C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/29 23:31:13 | 000,615,122 | ---- | M] () – C:\Windows\SysNative\perfh009.dat
[2013/05/29 23:31:13 | 000,103,496 | ---- | M] () – C:\Windows\SysNative\perfc009.dat
[2013/05/29 23:28:20 | 000,002,281 | ---- | M] () – C:\Users\DJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/29 23:28:06 | 000,000,886 | ---- | M] () – C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/29 23:26:34 | 000,000,422 | ---- | M] () – C:\Windows\tasks\SystemToolsDailyTest.job
[2013/05/29 23:26:33 | 000,000,564 | ---- | M] () – C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013/05/29 23:26:00 | 000,067,584 | --S- | M] () – C:\Windows\bootstat.dat
[2013/05/29 23:25:31 | 536,063,999 | -HS- | M] () – C:\hiberfil.sys
[2013/05/29 23:10:12 | 000,001,884 | ---- | M] () – C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/05/29 23:09:56 | 000,000,000 | ---- | M] () – C:\Windows\SysWow64\config.nt
[2013/05/29 23:04:52 | 000,002,257 | ---- | M] () – C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/29 23:02:52 | 000,001,439 | ---- | M] () – C:\Users\DJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/29 22:50:34 | 000,039,219 | ---- | M] () – C:\Windows\SysWow64\license.rtf
[2013/05/29 22:50:34 | 000,039,219 | ---- | M] () – C:\Windows\SysNative\license.rtf
[2013/05/29 22:45:17 | 000,000,452 | ---- | M] () – C:\Users\Public\Desktop\Emergency Backup.lnk
[2013/05/09 03:59:07 | 001,025,808 | ---- | M] (AVAST Software) – C:\Windows\SysNative\drivers\aswSnx.sys
[2013/05/09 03:59:07 | 000,378,432 | ---- | M] (AVAST Software) – C:\Windows\SysNative\drivers\aswSP.sys
[2013/05/09 03:59:07 | 000,189,936 | ---- | M] () – C:\Windows\SysNative\drivers\aswVmm.sys
[2013/05/09 03:59:07 | 000,072,016 | ---- | M] (AVAST Software) – C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/05/09 03:59:07 | 000,065,336 | ---- | M] () – C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/05/09 03:59:07 | 000,064,288 | ---- | M] (AVAST Software) – C:\Windows\SysNative\drivers\aswTdi.sys
[2013/05/09 03:59:06 | 000,080,816 | ---- | M] (AVAST Software) – C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/05/09 03:59:06 | 000,033,400 | ---- | M] (AVAST Software) – C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/05/09 03:58:37 | 000,041,664 | ---- | M] (AVAST Software) – C:\Windows\avastSS.scr
[2013/05/09 03:58:11 | 000,287,840 | ---- | M] (AVAST Software) – C:\Windows\SysNative\aswBoot.exe
[1 C:\Windows*.tmp files → C:\Windows*.tmp → ]

========== Files Created - No Company Name ==========

[2013/05/30 00:07:31 | 000,107,520 | ---- | C] () – C:\Windows\SysWow64\libgcc_s_dw2-1.dll
[2013/05/30 00:07:26 | 000,000,286 | ---- | C] () – C:\Windows\tasks\DLL-Files.Com Fixer_Updates.job
[2013/05/30 00:07:25 | 000,000,270 | ---- | C] () – C:\Windows\tasks\DLL-Files.Com Fixer_MONTHLY.job
[2013/05/29 23:42:53 | 000,001,009 | ---- | C] () – C:\Users\DJ\Desktop\RaidCall.lnk
[2013/05/29 23:42:41 | 005,517,176 | ---- | C] () – C:\Users\DJ\Desktop\raidcall_v7.2.4.exe
[2013/05/29 23:10:12 | 000,001,884 | ---- | C] () – C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/05/29 23:10:04 | 000,189,936 | ---- | C] () – C:\Windows\SysNative\drivers\aswVmm.sys
[2013/05/29 23:10:02 | 000,065,336 | ---- | C] () – C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/05/29 23:09:56 | 000,000,000 | ---- | C] () – C:\Windows\SysWow64\config.nt
[2013/05/29 23:04:52 | 000,002,281 | ---- | C] () – C:\Users\DJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/29 23:04:52 | 000,002,257 | ---- | C] () – C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/29 23:04:16 | 000,000,890 | ---- | C] () – C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/29 23:04:16 | 000,000,886 | ---- | C] () – C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/29 23:02:52 | 000,001,439 | ---- | C] () – C:\Users\DJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/29 22:56:27 | 000,001,371 | ---- | C] () – C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/05/29 22:56:20 | 000,001,445 | ---- | C] () – C:\Users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/05/29 22:55:29 | 000,000,422 | ---- | C] () – C:\Windows\tasks\SystemToolsDailyTest.job
[2013/05/29 22:55:27 | 000,000,564 | ---- | C] () – C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013/05/29 22:53:16 | 000,001,935 | ---- | C] () – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2013/05/29 22:52:11 | 000,000,290 | ---- | C] () – C:\Users\DJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/05/29 22:52:11 | 000,000,272 | ---- | C] () – C:\Users\DJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/05/29 22:46:34 | 536,063,999 | -HS- | C] () – C:\hiberfil.sys
[2013/05/29 22:45:17 | 000,000,452 | ---- | C] () – C:\Users\Public\Desktop\Emergency Backup.lnk
[2013/03/28 21:13:14 | 000,798,734 | ---- | C] () – C:\Windows\SysWow64\amdocl_ld32.exe
[2013/03/28 21:13:12 | 000,995,342 | ---- | C] () – C:\Windows\SysWow64\amdocl_as32.exe
[2013/03/28 20:38:08 | 000,204,952 | ---- | C] () – C:\Windows\SysWow64\ativvsvl.dat
[2013/03/28 20:38:08 | 000,157,144 | ---- | C] () – C:\Windows\SysWow64\ativvsva.dat
[2012/11/27 01:18:46 | 000,038,912 | ---- | C] () – C:\Windows\SysWow64\kdbsdk32.dll
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () – C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () – C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
“” = C:\WINDOWS\SysNative\shell32.dll – [2011/05/10 00:55:40 | 014,162,944 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
“” = %SystemRoot%\system32\shell32.dll – [2011/05/10 00:55:40 | 012,867,584 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
“” = C:\WINDOWS\SysNative\wbem\fastprox.dll – [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
“” = %systemroot%\system32\wbem\fastprox.dll – [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
“” = C:\WINDOWS\SysNative\wbem\wbemess.dll – [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
“ThreadingModel” = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/30 00:07:20 | 000,000,000 | —D | M] – C:\Users\DJ\AppData\Roaming\dll-files.com
[2013/05/29 23:45:27 | 000,000,000 | —D | M] – C:\Users\DJ\AppData\Roaming\raidcall
[2013/05/30 00:02:34 | 000,000,000 | —D | M] – C:\Users\DJ\AppData\Roaming\Riot Games

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%*.exe >

< MD5 for: EXPLORER.EXE >
[2011/05/10 00:55:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 – C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F – C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/05/10 00:55:38 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 – C:\WINDOWS\SysWOW64\explorer.exe
[2011/05/10 00:55:38 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 – C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/05/10 00:55:15 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 – C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2011/05/10 00:55:19 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 – C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/05/10 00:55:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE – C:\WINDOWS\explorer.exe
[2011/05/10 00:55:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE – C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011/05/10 00:55:19 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D – C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2011/05/10 00:55:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F – C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011/05/10 00:55:19 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 – C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 – C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/05/10 00:55:38 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 – C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/05/10 00:55:15 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 – C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/05/10 00:55:19 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 – C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2011/05/10 00:55:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 – C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

color=#A23BEC]< MD5 for: SERVICES >[/color]
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 – C:\WINDOWS\winsxs\amd64_microsoft-windows-w…nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB – C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB – C:\WINDOWS\winsxs\amd64_microsoft-windows-s…s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 – C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 – C:\WINDOWS\winsxs\amd64_microsoft-windows-s…ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 – C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 – C:\Windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 – C:\WINDOWS\winsxs\amd64_microsoft-windows-s…s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\SysNative\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\WINDOWS\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\WINDOWS\SysWOW64\services.msc
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\WINDOWS\winsxs\amd64_microsoft-windows-s…cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\WINDOWS\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\WINDOWS\winsxs\x86_microsoft-windows-s…cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\WINDOWS\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PNG >
[2010/07/30 18:36:38 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 – C:\Program Files\Dell Support Center\Images\icons\png\24_24\services.png

< MD5 for: SERVICES.PTXML >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 – C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 – C:\WINDOWS\winsxs\amd64_microsoft-windows-s…s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 – C:\WINDOWS\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 – C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D – C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D – C:\WINDOWS\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 – C:\WINDOWS\SysWOW64\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 – C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE – C:\Windows\SysNative\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE – C:\WINDOWS\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A – C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011/05/10 00:55:38 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE – C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/05/10 00:55:38 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A – C:\Windows\SysNative\winlogon.exe
[2011/05/10 00:55:38 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A – C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe