Trojan horse BackDoor.Generic12.BIXF and all the fixins

View previous topic View next topic Go down

Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by timecantkill on 17th August 2012, 12:42 am

So I turned on my laptop today when I got home to find AVG screaming at me every 5 min "multiple threat detection", a full virus vault ever being further filled, and constant messages that an individual threat had been detected. After trying to figure out what was up, all the while moving newly discovered threats to the virus vault and not figuring out whether more than one wuauclt.exe files were legit, I decided it was time to come back to you dudes once again. To give you a head start, here are some of the threats identified and the OTL log; oh, but let me say "thanks" in advance... Thanks:

c:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000032.@ Found Luhe.Sirefef.A
c:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000000.@ Trojan horse Generic_r.BAT
c:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\000000cb.@ Trojan horse BackDoor.Generic15.BIXF
c:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000008.@ Trojan horse Generic28.BZDH
c:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000004.@ Trojan horse BackDoor.Generic15.BIVV
c:\Windows\System32\services.exe Trojan horse Patched_c.LYT




Last edited by timecantkill on 17th August 2012, 1:43 am; edited 2 times in total (Reason for editing : Typos and wrong OTL Log)


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30103
# Likes # Likes : 0

View user profile

Back to top Go down

Actual OTL Log Pt 1

Post by timecantkill on 17th August 2012, 1:31 am

Oops, disregard that first OTL log. Forgot to use the script >_< I'll post the new one. Also, I noticed that the individual threats being found by AVG increase in recurrence when any browser is open and navigated.

Now, here's a word from our sponsors:

OTL logfile created on: 8/16/2012 8:49:13 PM - Run 5
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Age\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 56.57% Memory free
5.94 Gb Paging File | 4.57 Gb Available in Paging File | 76.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.68 Gb Total Space | 16.97 Gb Free Space | 7.55% Space Free | Partition Type: NTFS

Computer Name: MELVIN | User Name: Age | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/16 20:48:35 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Age\Downloads\OTL(1).com
PRC - [2012/06/11 17:59:44 | 000,335,888 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2012/01/17 21:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/27 20:57:02 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe
PRC - [2008/05/15 20:20:06 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008/05/15 20:20:06 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/04/30 22:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\intel\WiFi\bin\EvtEng.exe
PRC - [2008/04/30 22:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/29 00:48:08 | 000,098,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
PRC - [2008/04/02 14:07:56 | 000,147,456 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2008/04/02 14:07:54 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008/04/02 14:07:38 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008/03/03 17:45:48 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2008/02/22 20:38:50 | 000,122,880 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2008/02/22 20:38:50 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2009/04/11 02:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/30 22:22:34 | 000,057,344 | ---- | M] () -- C:\Program Files\Common Files\Intel\WirelessCommon\CustomUIResource.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2012/08/16 19:31:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/22 11:25:27 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/11 17:59:44 | 000,335,888 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm)
SRV - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/05/27 20:57:02 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/05/15 20:20:06 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/04/30 22:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/04/30 22:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/04/29 00:48:08 | 000,098,304 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkHDMIService)
SRV - [2008/04/02 14:07:58 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/04/02 14:07:56 | 000,147,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2008/04/02 14:07:54 | 000,184,320 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/04/02 14:07:38 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/03/04 23:58:30 | 000,063,328 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/03/04 23:56:42 | 000,350,048 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/03/04 23:54:50 | 000,104,288 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/03/03 17:45:48 | 000,333,088 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008/03/03 16:27:14 | 000,087,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2007/11/28 05:08:02 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2007/11/28 05:02:20 | 000,053,248 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2007/11/28 04:43:44 | 000,053,248 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2007/11/09 20:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/06/05 16:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Symioenr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Age\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011/05/27 19:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/08/26 15:48:16 | 000,011,264 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpGmb001.sys -- (HpGmb001)
DRV - [2008/06/12 04:23:08 | 000,113,152 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/05/12 20:05:19 | 003,537,408 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/28 09:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/04/27 21:19:55 | 000,142,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008/04/22 18:43:36 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/04/15 20:04:24 | 000,046,592 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/04/15 20:04:12 | 000,068,096 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/02/22 20:38:50 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/30 20:33:28 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/01/24 22:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/12/16 21:57:23 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/05/26 04:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/04/10 01:02:18 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT25USBAP.SYS -- (RT25USBAP)
DRV - [2005/05/27 05:46:20 | 000,913,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302AV.SYS -- (PID_08A0)
DRV - [2005/05/27 05:37:58 | 000,007,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 05:31:26 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2003/09/26 05:53:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes,DefaultScope = {CF739809-1C6C-47C0-85B9-569DBB141420}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = BF 3E 66 01 84 34 F3 43 A7 2C 7A 21 79 E4 2F 37 [binary data]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{2B68F2F3-3342-4A2A-81CA-8072852D359E}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.12514
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.5.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.4
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Age\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Age\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Age\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Age\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/02 20:00:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox [2012/02/05 18:35:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/22 11:25:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/14 19:05:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009/04/27 02:14:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{78D0CB9C-B2B9-48FC-ACF8-BEC50DBA6E70}: C:\Users\Age\AppData\Local\{78D0CB9C-B2B9-48FC-ACF8-BEC50DBA6E70}
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/22 11:25:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/14 19:05:22 | 000,000,000 | ---D | M]

[2008/12/22 17:21:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Age\AppData\Roaming\Mozilla\Extensions
[2012/07/11 19:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Age\AppData\Roaming\Mozilla\Firefox\Profiles\ukp2bmba.default\extensions
[2011/07/04 16:32:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Age\AppData\Roaming\Mozilla\Firefox\Profiles\ukp2bmba.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/04 16:32:07 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Age\AppData\Roaming\Mozilla\Firefox\Profiles\ukp2bmba.default\extensions\searchrecs@veoh.com
[2011/11/27 19:37:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/16 19:31:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/04/14 19:01:51 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
[2012/02/05 18:35:42 | 000,000,000 | ---D | M] ("RewardsArcade") -- C:\USERS\AGE\APPDATA\LOCAL\REWARDSARCADE\498\FIREFOX
[2012/07/11 19:31:13 | 000,163,080 | ---- | M] () (No name found) -- C:\USERS\AGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UKP2BMBA.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
[2012/07/22 11:25:28 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/11 19:14:08 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/16 22:28:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/16 22:28:31 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: [You must be registered and logged in to see this link.]
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: [You must be registered and logged in to see this link.]
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Age\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Age\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Age\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Age\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Age\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: VeohTV Plugin (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
CHR - plugin: Veoh Web Player Beta (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RewardsArcade = C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\
CHR - Extension: AVG Safe Search = C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Skype Click to Call = C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Skype Click to Call = C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

O1 HOSTS File: ([2011/08/26 19:04:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (RewardsArcade) - {597A9974-8CB0-4f41-B61F-ED065738A397} - C:\Program Files\RewardsArcade\RewardsArcade.dll (215 Apps)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\Windows\System32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [VMpTtray.exe] C:\Program Files\Sony\VAIO Media plus\VMpTtray.exe (Sony Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\system32\wshbth.dll File not found
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27AEC3A7-2ED6-4AFA-846E-65C3FDF6E729}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B63D4277-F1AC-4553-BD51-22515EA3DCA6}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Age\Documents\The KMPlayer\Capture\[Nutbladder]_Arakawa_Under_the_Bridge_×2_-_01_[5ef65288][00-22-46].JPG
O24 - Desktop BackupWallPaper: C:\Users\Age\Documents\The KMPlayer\Capture\[Nutbladder]_Arakawa_Under_the_Bridge_×2_-_01_[5ef65288][00-22-46].JPG
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk - - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^Age^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Aim - hkey= - key= - C:\Program Files\AIM\aim.exe (AOL Inc.)
MsConfig - StartUpReg: AML - hkey= - key= - C:\Program Files\Sony\VAIO Launcher\AML.exe (Sony)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: ISBMgr.exe - hkey= - key= - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: OpwareSE4 - hkey= - key= - C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SmartWiHelper - hkey= - key= - C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: VAIO Help and Support Demo - hkey= - key= - C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe ()
MsConfig - StartUpReg: VAIOMyMemCenter - hkey= - key= - C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe ()
MsConfig - StartUpReg: VAIORegistration - hkey= - key= - C:\Program Files\Sony\First Experience\WelcomeLauncher.exe (Sony Electronics, Inc.)
MsConfig - StartUpReg: VAIOSurvey - hkey= - key= - C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe ()
MsConfig - StartUpReg: VeohPlugin - hkey= - key= - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
MsConfig - StartUpReg: VWLASU - hkey= - key= - C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - StartUpReg: WrtMon.exe - hkey= - key= - File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8DB6C24B-0719-4D0E-983E-2B790EAA908B} - Browser Customizations
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/16 20:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/16 20:26:30 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 20:26:30 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 20:03:02 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/16 19:56:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-11734941-2268584939-366143686-1000UA.job
[2012/08/16 19:31:15 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/16 19:31:15 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/16 18:32:58 | 000,002,068 | ---- | M] () -- C:\Users\Age\Desktop\Google Chrome.lnk
[2012/08/16 18:32:58 | 000,002,030 | ---- | M] () -- C:\Users\Age\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/16 18:30:41 | 104,052,063 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/16 18:28:22 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/16 18:26:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/16 18:26:12 | 3082,850,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/12 23:56:08 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/08/12 23:56:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-11734941-2268584939-366143686-1000Core.job
[2012/08/11 17:42:55 | 000,381,460 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/08/08 18:41:45 | 000,411,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/06 19:39:18 | 000,174,133 | ---- | M] () -- C:\Users\Age\Desktop\Florida Discount Drug Card.jpg
[2012/08/04 22:58:37 | 000,034,816 | ---- | M] () -- C:\Users\Age\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/25 22:59:27 | 000,607,616 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/25 22:59:27 | 000,105,224 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/21 13:32:05 | 000,000,680 | ---- | M] () -- C:\Users\Age\AppData\Local\d3d9caps.dat
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/16 20:50:10 | 000,092,672 | ---- | C] () -- C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000032.@
[2012/08/16 19:46:09 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000000.@
[2012/08/16 19:45:54 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\000000cb.@
[2012/08/16 19:45:53 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000004.@
[2012/08/16 19:42:34 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000008.@
[2012/08/06 19:39:18 | 000,174,133 | ---- | C] () -- C:\Users\Age\Desktop\Florida Discount Drug Card.jpg
[2012/07/11 18:22:54 | 000,000,680 | ---- | C] () -- C:\Users\Age\AppData\Local\d3d9caps.dat
[2012/06/17 17:27:13 | 000,034,816 | ---- | C] () -- C:\Users\Age\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/11 21:08:18 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/01/10 19:21:07 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\@
[2011/10/21 00:45:06 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2011/03/31 23:00:32 | 000,000,048 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/03/31 22:05:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/31 22:05:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/31 22:05:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/31 22:05:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/31 22:05:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/14 23:34:18 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/02/14 23:31:19 | 000,053,248 | ---- | C] () -- C:\Windows\System32\InstMed.exe
[2010/12/26 22:51:55 | 000,014,484 | ---- | C] () -- C:\Users\Age\.recently-used.xbel
[2008/11/14 23:00:32 | 000,000,494 | -H-- | C] () -- C:\Users\Age\AppData\Roaming\wklnhst.dat

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >



I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30103
# Likes # Likes : 0

View user profile

Back to top Go down

Actual OTL Log Pt 2

Post by timecantkill on 17th August 2012, 1:32 am

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/22 11:25:25 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/22 11:25:25 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/22 11:25:25 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/22 11:25:28 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/22 11:25:28 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/22 11:25:28 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Age\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Age\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Age\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Age\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/28 18:29:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/28 18:29:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/28 18:29:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/22 11:25:25 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/22 11:25:25 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/22 11:25:25 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/22 11:25:28 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/22 11:25:28 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/22 11:25:28 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Age\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Age\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Age\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Age\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/28 18:29:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/28 18:29:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/28 18:29:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/06/04 11:26:04 | 000,440,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecdd.sys

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2012/04/29 11:12:27 | 000,083,074 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists
[2012/06/06 19:53:34 | 000,000,004 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
[2012/06/06 19:53:33 | 000,029,296 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Local State
[2012/04/29 11:10:25 | 007,132,592 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom
[2012/04/29 11:10:25 | 002,038,053 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Filter 2
[2012/06/06 19:52:12 | 000,006,144 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies
[2012/06/06 19:52:12 | 000,001,544 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal
[2012/04/29 11:10:25 | 000,134,356 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Safe Browsing Csd Whitelist
[2012/04/29 11:10:24 | 001,423,768 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Safe Browsing Download
[2012/04/29 11:10:25 | 000,014,108 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Safe Browsing Download Whitelist
[2012/06/06 19:53:33 | 000,061,440 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Archived History
[2012/06/06 19:53:33 | 000,016,384 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Archived History-journal
[2011/06/23 19:18:28 | 000,000,505 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
[2011/06/23 19:18:28 | 000,000,505 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
[2012/06/06 19:53:33 | 000,050,176 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cookies
[2012/06/06 19:53:33 | 000,014,960 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
[2012/06/06 19:53:33 | 000,010,807 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Current Session
[2012/06/06 19:53:33 | 000,009,743 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
[2012/02/06 23:46:34 | 000,007,168 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
[2012/06/06 19:53:33 | 000,047,104 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Favicons
[2012/06/06 19:53:33 | 000,016,384 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
[2012/04/28 14:55:16 | 000,150,798 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
[2012/06/06 19:53:33 | 000,122,880 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History
[2012/06/06 19:53:33 | 001,626,112 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-02
[2012/06/06 19:53:33 | 000,016,384 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-02-journal
[2012/04/28 14:58:49 | 000,331,776 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-03
[2012/06/06 19:52:21 | 000,110,592 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-04
[2012/06/06 19:52:21 | 000,016,384 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-04-journal
[2012/06/06 19:52:21 | 000,053,248 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-06
[2012/06/06 19:52:21 | 000,016,384 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-06-journal
[2012/06/06 19:53:33 | 000,003,039 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
[2012/06/06 19:53:33 | 000,016,384 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History-journal
[2012/04/29 11:30:02 | 000,341,305 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Last Session
[2012/04/29 11:30:02 | 000,013,052 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
[2012/04/29 11:30:00 | 000,012,288 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Login Data
[2012/06/06 19:52:04 | 000,017,408 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
[2012/06/06 19:52:04 | 000,006,704 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal
[2012/06/06 19:53:33 | 000,047,014 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Preferences
[2012/06/06 19:52:40 | 000,013,312 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
[2012/06/06 19:52:40 | 000,003,608 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal
[2012/06/06 19:53:02 | 000,000,180 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\README
[2012/04/29 11:06:26 | 000,012,288 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
[2012/06/06 19:52:21 | 000,065,536 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Top Sites
[2012/06/06 19:52:21 | 000,016,384 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
[2011/09/09 20:24:01 | 000,131,072 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Visited Links
[2012/06/06 19:52:03 | 000,081,920 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Web Data
[2012/06/06 19:52:03 | 000,004,624 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
[2012/06/06 19:53:33 | 000,155,648 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
[2012/06/06 19:53:33 | 003,153,920 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
[2012/06/06 19:53:33 | 003,153,920 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
[2012/06/06 19:53:33 | 008,396,800 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
[2012/03/03 13:48:02 | 000,024,502 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000409
[2012/03/03 13:48:02 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00040a
[2012/03/03 13:48:09 | 001,781,747 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00040b
[2012/03/03 13:48:13 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00040c
[2012/03/03 13:48:40 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00040d
[2012/03/03 13:49:21 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00040e
[2012/03/03 13:50:11 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00040f
[2012/03/03 13:50:48 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000410
[2012/03/03 13:51:26 | 000,578,700 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000411
[2012/03/03 13:52:34 | 000,022,175 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000412
[2012/03/03 13:52:35 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000413
[2012/03/03 13:52:57 | 014,132,004 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000414
[2012/03/03 13:57:56 | 000,023,438 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000415
[2012/03/03 13:57:56 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000416
[2012/03/03 14:01:39 | 013,283,313 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000417
[2012/03/03 14:03:14 | 000,021,589 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000419
[2012/03/03 14:03:14 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00041a
[2012/03/03 14:03:17 | 001,781,747 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00041b
[2012/03/03 14:03:18 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00041c
[2012/03/03 14:03:45 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00041d
[2012/03/03 14:04:19 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00041e
[2012/03/03 14:04:51 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00041f
[2012/03/03 14:05:29 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000420
[2012/03/03 14:06:04 | 000,479,628 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000421
[2012/03/03 14:07:04 | 000,021,555 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000422
[2012/03/03 14:07:05 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000423
[2012/03/03 14:10:20 | 021,538,611 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000424
[2012/03/03 14:11:35 | 000,021,703 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000425
[2012/03/03 14:11:36 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000426
[2012/03/03 14:11:54 | 015,364,183 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000427
[2012/03/03 14:14:24 | 000,024,933 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000428
[2012/03/03 14:14:54 | 000,022,171 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000429
[2012/03/03 14:14:55 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00042a
[2012/03/03 14:17:58 | 010,928,723 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00042b
[2012/03/03 14:19:32 | 000,020,171 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00042c
[2012/03/03 14:19:33 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00042d
[2012/03/03 14:22:09 | 009,728,254 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00042e
[2012/03/03 14:23:29 | 000,020,069 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00042f
[2012/03/03 14:23:30 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000430
[2012/03/03 14:23:46 | 001,781,747 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000431
[2012/03/03 14:24:05 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000432
[2012/03/03 14:24:47 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000433
[2012/03/03 14:25:51 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000434
[2012/03/03 14:26:03 | 000,928,898 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000435
[2012/03/03 14:29:01 | 001,039,254 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000436
[2012/03/03 14:30:17 | 000,020,593 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000437
[2012/03/03 14:30:18 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000438
[2012/03/03 14:33:36 | 008,647,795 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000439
[2012/03/03 14:34:25 | 000,022,482 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00043a
[2012/03/03 14:35:22 | 000,019,524 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00043b
[2012/03/03 14:35:23 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00043c
[2012/03/03 14:38:00 | 005,171,717 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00043d
[2012/03/03 14:39:28 | 000,020,191 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00043e
[2012/03/03 14:39:29 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00043f
[2012/03/03 14:42:12 | 005,991,631 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000440
[2012/03/03 14:43:52 | 000,020,919 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000441
[2012/03/03 14:43:53 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000442
[2012/03/03 14:46:51 | 006,482,329 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000443
[2012/03/03 14:48:23 | 000,022,003 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000444
[2012/03/03 14:48:24 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000445
[2012/03/03 14:48:29 | 001,781,747 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000446
[2012/03/03 14:48:32 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000447
[2012/03/03 14:48:35 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000448
[2012/03/03 14:48:38 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000449
[2012/03/03 14:49:03 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00044a
[2012/03/03 14:49:18 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00044b
[2012/03/03 14:49:34 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00044c
[2012/03/03 14:50:08 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00044d
[2012/03/03 14:50:31 | 000,019,832 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00044e
[2012/03/03 14:50:32 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00044f
[2012/03/03 14:50:36 | 001,781,747 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000450
[2012/03/03 14:50:46 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000451
[2012/03/03 14:50:49 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000452
[2012/03/03 14:50:58 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000453
[2012/03/03 14:51:05 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000454
[2012/03/03 14:51:09 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000455
[2012/03/03 14:51:17 | 000,208,654 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000456
[2012/03/03 14:52:09 | 000,020,079 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000457
[2012/03/03 14:52:09 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000458
[2012/03/03 14:55:01 | 007,015,776 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000459
[2012/03/03 14:56:22 | 000,022,617 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00045b
[2012/03/03 14:56:22 | 000,021,379 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00045c
[2012/03/03 14:56:22 | 000,084,673 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00045d
[2012/03/03 14:56:26 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00045e
[2012/03/03 15:00:26 | 000,020,075 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00045f
[2012/03/03 15:00:27 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000460
[2012/03/03 15:00:28 | 000,016,860 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000461
[2012/03/03 15:00:30 | 001,034,100 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000462
[2012/03/03 15:00:44 | 000,020,216 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000463
[2012/03/03 15:00:44 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000464
[2012/03/03 15:00:50 | 001,781,747 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000465
[2012/03/03 15:00:52 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000466
[2012/03/03 15:01:02 | 000,652,334 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000467
[2012/03/03 15:02:04 | 000,022,996 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000468
[2012/03/03 15:02:05 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000469
[2012/03/03 15:02:17 | 001,781,747 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00046a
[2012/03/03 15:02:23 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00046b
[2012/03/03 15:42:19 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00046d
[2012/03/03 15:42:22 | 000,022,818 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00046e
[2012/03/03 15:42:22 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00046f
[2012/03/03 15:42:26 | 002,330,057 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000470
[2012/03/03 15:43:20 | 002,667,369 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000471
[2012/03/03 15:43:55 | 000,019,664 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000472
[2012/03/03 15:43:56 | 001,535,558 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000473
[2012/03/03 15:44:36 | 001,870,727 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000475
[2012/03/03 15:44:50 | 000,021,898 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000476
[2012/03/03 15:44:54 | 000,177,609 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000477
[2012/04/28 14:58:44 | 000,143,233 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000479
[2012/04/28 14:58:45 | 000,028,693 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00047a
[2012/04/28 15:03:25 | 000,020,716 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00047c
[2012/04/28 15:04:40 | 000,024,223 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00047d
[2012/04/29 11:01:27 | 000,031,368 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000480
[2012/04/29 11:15:45 | 000,033,229 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000482
[2012/04/29 11:22:29 | 000,037,413 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000483
[2012/04/29 11:28:35 | 000,037,562 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000484
[2012/04/29 11:28:41 | 000,017,511 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000485
[2012/06/06 19:52:08 | 000,028,181 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000486
[2012/06/06 19:52:11 | 000,023,155 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000487
[2012/06/06 19:52:12 | 000,144,541 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000488
[2012/06/06 19:52:14 | 000,022,241 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000489
[2012/06/06 19:52:14 | 000,030,286 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00048a
[2012/06/06 19:52:15 | 000,050,444 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00048b
[2012/06/06 19:52:15 | 000,059,407 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00048c
[2012/06/06 19:52:15 | 000,086,324 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00048d
[2012/06/06 19:52:15 | 000,045,080 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00048e
[2012/06/06 19:52:15 | 000,039,077 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00048f
[2012/06/06 19:52:15 | 000,028,024 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000490
[2012/06/06 19:52:15 | 000,027,073 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000491
[2012/06/06 19:52:15 | 000,222,912 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000492
[2012/06/06 19:52:16 | 000,054,994 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000493
[2012/06/06 19:52:18 | 000,047,623 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000494
[2011/06/23 19:18:33 | 000,262,512 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\index
[2012/04/28 15:04:40 | 000,007,168 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db
[2012/06/06 19:52:17 | 000,009,216 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dcmagccbogebndpoodhhhafmofelpffh_0\1
[2012/06/06 19:53:11 | 000,129,024 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dcmagccbogebndpoodhhhafmofelpffh_0\2
[2012/03/03 04:24:48 | 000,006,144 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dcmagccbogebndpoodhhhafmofelpffh_0\3
[2011/07/17 21:02:15 | 000,000,244 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Default\ehhaablgillbcmknndffkpcfafecplmb\manifest.json
[2012/04/28 15:04:38 | 000,002,197 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\background.html
[2012/04/28 15:04:38 | 000,013,028 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\background.js
[2012/04/28 15:04:38 | 000,006,274 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\extension.js
[2012/04/28 15:04:39 | 000,001,307 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\manifest.json
[2012/04/28 15:04:38 | 000,000,000 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\popup.html
[2012/04/28 15:04:39 | 000,016,538 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\icons\icon128.png
[2012/04/28 15:04:39 | 000,000,782 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\icons\icon16.png
[2012/04/28 15:04:39 | 000,003,552 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\icons\icon48.png
[2012/04/28 15:04:38 | 000,001,859 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\icons\actions\icon1.png
[2012/04/28 15:04:38 | 000,005,069 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\icons\notifications\icon1.png
[2012/04/28 15:04:38 | 000,004,063 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\icons\notifications\icon48.png
[2012/04/28 15:04:38 | 000,031,160 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\background.js
[2012/04/28 15:04:38 | 000,002,921 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\api\chrome.js
[2012/04/28 15:04:38 | 000,003,921 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\api\cookie.js
[2012/04/28 15:04:38 | 000,001,047 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\api\message.js
[2012/04/28 15:04:38 | 000,001,073 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\api\push.js
[2012/04/28 15:04:38 | 000,004,196 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\lib\app_api.js
[2012/04/28 15:04:38 | 000,002,558 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\lib\async_api.js
[2012/04/28 15:04:38 | 000,001,812 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\lib\bg_app_api.js
[2012/04/28 15:04:38 | 000,003,718 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\lib\cookie_store.js
[2012/04/28 15:04:38 | 000,005,585 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\lib\data_store.js
[2012/04/28 15:04:38 | 000,023,402 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\lib\faye-browser-min.js
[2012/04/28 15:04:38 | 000,001,864 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\lib\util.js
[2012/02/06 23:46:36 | 000,001,766 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\background.html
[2012/02/06 23:46:45 | 000,000,984 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\manifest.json
[2012/02/06 23:46:36 | 000,006,273 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\avgls-inline.js
[2012/02/06 23:46:36 | 000,013,424 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\flyover.js
[2012/02/06 23:46:36 | 000,001,302 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\interstitial-block.html
[2012/02/06 23:46:36 | 000,078,768 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\jquery-1.4.4.min.js
[2012/02/06 23:46:36 | 000,094,224 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\searchengine.js
[2012/02/06 23:46:36 | 000,013,513 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\searchshield.js
[2012/02/06 23:46:45 | 000,016,328 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\128x128.png
[2012/02/06 23:46:45 | 000,000,790 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\16x16.png
[2012/02/06 23:46:45 | 000,004,310 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\48x48.png
[2012/02/06 23:46:36 | 000,006,455 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\64x64.png
[2012/02/06 23:46:36 | 000,000,303 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_middle_gray.gif
[2012/02/06 23:46:36 | 000,000,610 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_middle_green.gif
[2012/02/06 23:46:36 | 000,000,773 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_middle_orange.gif
[2012/02/06 23:46:36 | 000,001,332 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_middle_red.gif
[2012/02/06 23:46:36 | 000,000,974 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_middle_yellow.gif
[2012/02/06 23:46:36 | 000,000,303 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_top_gray.gif
[2012/02/06 23:46:36 | 000,000,159 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_top_green.gif
[2012/02/06 23:46:36 | 000,000,204 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_top_orange.gif
[2012/02/06 23:46:36 | 000,000,959 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_top_red.gif
[2012/02/06 23:46:36 | 000,000,217 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_top_yellow.gif
[2012/02/06 23:46:36 | 000,001,932 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\block-doc.gif
[2012/02/06 23:46:36 | 000,000,394 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\blocked.gif
[2012/02/06 23:46:36 | 000,001,060 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\blocked12.png
[2012/02/06 23:46:36 | 000,000,333 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_bottom_gray.gif
[2012/02/06 23:46:36 | 000,000,454 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_bottom_green.gif
[2012/02/06 23:46:36 | 000,000,617 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_bottom_orange.gif
[2012/02/06 23:46:36 | 000,000,099 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_bottom_red.gif
[2012/02/06 23:46:36 | 000,000,626 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_bottom_yellow.gif
[2012/02/06 23:46:36 | 000,000,471 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_top_gray.gif
[2012/02/06 23:46:36 | 000,000,820 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_top_green.gif
[2012/02/06 23:46:36 | 000,000,446 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_top_orange.gif
[2012/02/06 23:46:36 | 000,000,484 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_top_red.gif
[2012/02/06 23:46:36 | 000,000,336 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_top_yellow.gif
[2012/02/06 23:46:36 | 000,000,339 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\box_bottom_red.gif
[2012/02/06 23:46:36 | 000,000,520 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\box_top_red.gif
[2012/02/06 23:46:36 | 000,000,364 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\caution.gif
[2012/02/06 23:46:36 | 000,000,523 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\caution12.png
[2012/02/06 23:46:36 | 000,000,586 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\click_here_gray.gif
[2012/02/06 23:46:36 | 000,001,418 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\click_here_green.gif
[2012/02/06 23:46:36 | 000,001,268 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\click_here_orange.gif
[2012/02/06 23:46:36 | 000,001,333 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\click_here_red.gif
[2012/02/06 23:46:36 | 000,001,368 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\click_here_yellow.gif
[2012/02/06 23:46:36 | 000,002,455 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\clock.gif
[2012/02/06 23:46:36 | 000,000,429 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\clock12.png
[2012/02/06 23:46:37 | 000,002,229 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\icons_blocked.gif
[2012/02/06 23:46:37 | 000,002,364 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\icons_caution.gif
[2012/02/06 23:46:37 | 000,000,613 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\icons_close.gif
[2012/02/06 23:46:37 | 000,002,314 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\icons_safe.gif
[2012/02/06 23:46:37 | 000,001,662 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\icons_unknown.gif
[2012/02/06 23:46:37 | 000,002,344 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\icons_warning.gif
[2012/02/06 23:46:37 | 000,001,683 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\LS_Logo_Results.gif
[2012/02/06 23:46:37 | 000,000,362 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\safe.gif
[2012/02/06 23:46:37 | 000,000,564 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\safe12.png
[2012/02/06 23:46:37 | 000,000,389 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\unknown.gif
[2012/02/06 23:46:37 | 000,004,322 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\vrsn-secured-lsfo.gif
[2012/02/06 23:46:37 | 000,000,374 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\warning.gif
[2012/02/06 23:46:37 | 000,000,555 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\warning12.png
[2012/02/06 23:46:36 | 001,752,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins\avgnpss.dll
[2012/02/06 23:46:36 | 001,859,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins\avgxpl.dll
[2012/02/06 23:46:36 | 000,004,580 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\background.html
[2012/02/06 23:46:36 | 000,006,629 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\change_sink.js
[2012/02/06 23:46:36 | 000,012,288 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\contentscript.js
[2012/02/06 23:46:36 | 000,013,660 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\document_iterator.js
[2012/02/06 23:46:36 | 000,005,122 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\dropdown_menu_icon_set.png
[2012/02/06 23:46:36 | 000,010,968 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\find_proxy.js
[2012/02/06 23:46:36 | 000,033,313 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\flags.gif
[2012/02/06 23:46:36 | 000,004,223 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\get_html_text.js
[2012/02/06 23:46:36 | 000,002,865 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\global_constants.js
[2012/02/06 23:46:45 | 000,000,834 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\manifest.json
[2012/02/06 23:46:36 | 000,001,984 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\name_injection_builder.js
[2012/02/06 23:46:36 | 003,975,840 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
[2012/02/06 23:46:36 | 000,001,024 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\numbers_common_active_icon_set.gif
[2012/02/06 23:46:36 | 000,000,977 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\numbers_common_inactive_icon_set.gif
[2012/02/06 23:46:36 | 000,001,134 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\numbers_free_icon_set.gif
[2012/02/06 23:46:36 | 000,010,099 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\number_injection_builder.js
[2012/02/06 23:46:36 | 000,000,831 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\skype.png
[2012/02/06 23:46:36 | 000,001,876 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\skype_name_icon_set.gif
[2012/02/06 23:46:37 | 000,000,134 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\space.gif
[2012/02/06 23:46:37 | 000,009,935 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\string_finder.js
[2012/06/06 19:52:04 | 000,004,580 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\background.html
[2012/06/06 19:52:04 | 000,006,682 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\change_sink.js
[2012/06/06 19:52:04 | 000,012,288 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\contentscript.js
[2012/06/06 19:52:04 | 000,013,752 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\document_iterator.js
[2012/06/06 19:52:04 | 000,005,122 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\dropdown_menu_icon_set.png
[2012/06/06 19:52:04 | 000,011,057 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\find_proxy.js
[2012/06/06 19:52:04 | 000,033,313 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\flags.gif
[2012/06/06 19:52:04 | 000,004,251 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\get_html_text.js
[2012/06/06 19:52:04 | 000,002,880 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\global_constants.js
[2012/06/06 19:52:05 | 000,000,834 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\manifest.json
[2012/06/06 19:52:05 | 000,002,002 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\name_injection_builder.js
[2012/06/06 19:52:05 | 004,002,976 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
[2012/06/06 19:52:05 | 000,001,024 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\numbers_common_active_icon_set.gif
[2012/06/06 19:52:05 | 000,000,977 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\numbers_common_inactive_icon_set.gif
[2012/06/06 19:52:05 | 000,001,134 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\numbers_free_icon_set.gif
[2012/06/06 19:52:05 | 000,010,147 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\number_injection_builder.js
[2012/06/06 19:52:05 | 000,000,831 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\skype.png
[2012/06/06 19:52:05 | 000,001,876 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\skype_name_icon_set.gif
[2012/06/06 19:52:05 | 000,000,134 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\space.gif
[2012/06/06 19:52:05 | 000,010,000 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\string_finder.js
[2012/06/06 19:53:12 | 000,003,072 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dcmagccbogebndpoodhhhafmofelpffh_0.localstorage
[2012/02/06 23:46:34 | 000,005,120 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lifbcibllhkdhoafpjfnlhfpfgnpldfl_0.localstorage
[2011/09/09 20:22:05 | 000,005,120 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.facebook.com_0.localstorage
[2011/09/09 20:21:10 | 000,005,120 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps4u2.conduitapps.com_0.localstorage
[2012/02/06 23:47:46 | 000,003,072 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d3lvr7yuk4uaui.cloudfront.net_0.localstorage
[2011/09/09 20:21:10 | 000,005,120 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_dl.gameplaylabs.com_0.localstorage
[2012/02/06 23:46:58 | 000,009,216 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.facebook.com_0.localstorage
[2012/02/06 23:47:43 | 000,009,216 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.google.com_0.localstorage
[2012/03/03 15:42:27 | 000,003,072 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.youtube.com_0.localstorage
[2012/03/03 15:44:54 | 000,045,056 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_0
[2012/03/03 15:44:54 | 000,270,336 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_1
[2012/03/03 14:56:23 | 000,008,192 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_2
[2012/03/03 14:56:23 | 000,008,192 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_3
[2012/03/03 14:56:27 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000001
[2012/03/03 14:56:28 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000002
[2012/03/03 14:56:39 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000003
[2012/03/03 14:56:57 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000004
[2012/03/03 14:57:12 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000005
[2012/03/03 14:57:30 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000006
[2012/03/03 14:57:41 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000007
[2012/03/03 14:57:45 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000008
[2012/03/03 14:58:02 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000009
[2012/03/03 14:58:18 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000a
[2012/03/03 14:58:30 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000b
[2012/03/03 14:58:46 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000c
[2012/03/03 14:58:56 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000d
[2012/03/03 14:59:08 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000e
[2012/03/03 14:59:17 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000f
[2012/03/03 14:59:26 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000010
[2012/03/03 14:59:26 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000011
[2012/03/03 14:59:42 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000012
[2012/03/03 14:59:59 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000013
[2012/03/03 14:59:59 | 000,049,564 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000014
[2012/03/03 14:56:23 | 000,262,512 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\index
[2011/06/23 19:18:30 | 000,000,000 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css
[2012/04/28 15:01:22 | 000,100,864 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.1\libEGL.dll
[2012/04/28 15:01:22 | 004,052,480 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.1\libGLESv2.dll
[2012/04/28 15:01:22 | 000,000,202 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.1\manifest.json



I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30103
# Likes # Likes : 0

View user profile

Back to top Go down

Actual OTL Log Pt 3

Post by timecantkill on 17th August 2012, 1:33 am

< %USERPROFILE%\AppData\Local\ /s >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %PROGRAMFILES%\*. >
[2010/08/30 21:25:52 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/07/04 16:31:14 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2011/07/04 16:31:21 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2011/07/04 16:31:21 | 000,000,000 | ---D | M] -- C:\Program Files\Apoint
[2011/07/04 16:31:21 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2008/07/08 04:36:10 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2011/12/12 21:24:12 | 000,000,000 | ---D | M] -- C:\Program Files\Auslogics
[2010/12/04 19:14:38 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2011/07/04 16:39:00 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/05/30 22:06:20 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2008/07/08 04:38:27 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2012/06/17 15:20:40 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/06/18 13:51:50 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2008/07/08 04:16:33 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2011/07/04 16:31:35 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2008/06/18 13:48:07 | 000,000,000 | ---D | M] -- C:\Program Files\Dolby
[2011/08/02 21:21:01 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Flick
[2011/04/06 00:28:44 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2011/07/04 16:31:35 | 000,000,000 | ---D | M] -- C:\Program Files\Firestarter Game
[2009/04/19 21:12:59 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2011/07/04 16:31:37 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/06/09 15:41:09 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2012/01/30 21:58:36 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2011/07/04 16:31:43 | 000,000,000 | ---D | M] -- C:\Program Files\HP_Vista_SF_Ph1
[2012/02/26 21:10:19 | 000,000,000 | ---D | M] -- C:\Program Files\ICCup
[2011/08/04 00:28:33 | 000,000,000 | ---D | M] -- C:\Program Files\ImgBurn
[2011/08/03 23:38:58 | 000,000,000 | ---D | M] -- C:\Program Files\InfraRecorder
[2012/01/30 22:01:52 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/07/08 04:38:23 | 000,000,000 | ---D | M] -- C:\Program Files\intel
[2012/07/12 03:25:52 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/07/08 04:37:56 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2008/07/08 04:06:46 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2011/07/04 16:31:45 | 000,000,000 | ---D | M] -- C:\Program Files\iPhone Configuration Utility
[2011/03/17 19:36:27 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/07/04 16:31:45 | 000,000,000 | ---D | M] -- C:\Program Files\IPv6Patch
[2011/07/04 16:31:45 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/09/11 19:14:05 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/07/04 16:31:46 | 000,000,000 | ---D | M] -- C:\Program Files\Last.fm
[2012/06/20 20:33:44 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2011/07/04 16:31:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/09/04 04:00:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/12/10 16:01:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/07/04 16:31:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Suite Activation Assistant
[2012/05/12 10:42:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/11/17 16:55:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/02/24 21:58:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/02/24 21:52:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2011/07/04 16:31:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/25 04:01:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/13 19:52:18 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2012/07/22 11:25:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2012/07/24 22:21:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service
[2009/02/24 21:59:11 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/03/10 17:24:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2011/02/10 23:10:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/07/08 04:17:59 | 000,000,000 | ---D | M] -- C:\Program Files\OCA Marker
[2008/07/08 04:01:05 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2012/07/04 17:20:50 | 000,000,000 | ---D | M] -- C:\Program Files\PeerBlock
[2011/01/08 16:17:24 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2008/06/18 13:45:56 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2012/02/05 18:35:41 | 000,000,000 | ---D | M] -- C:\Program Files\RewardsArcade
[2009/09/01 18:00:47 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
[2012/02/29 22:58:26 | 000,000,000 | ---D | M] -- C:\Program Files\SCtheabyss
[2012/05/16 19:31:21 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2008/07/08 04:39:34 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2008/07/08 03:59:51 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Corporation
[2012/02/26 21:40:00 | 000,000,000 | ---D | M] -- C:\Program Files\Starcraft
[2009/04/24 16:11:14 | 000,000,000 | ---D | M] -- C:\Program Files\Tencent
[2011/12/17 14:49:32 | 000,000,000 | ---D | M] -- C:\Program Files\The KMPlayer
[2006/11/02 09:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/04/27 02:14:40 | 000,000,000 | ---D | M] -- C:\Program Files\Veoh Networks
[2012/04/28 15:44:48 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon
[2012/04/28 15:42:23 | 000,000,000 | ---D | M] -- C:\Program Files\VERIZONDM
[2012/02/05 18:35:22 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze
[2008/06/18 13:49:17 | 000,000,000 | ---D | M] -- C:\Program Files\WIDCOMM
[2010/04/14 18:24:41 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2010/04/14 18:24:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2010/04/14 18:24:27 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2012/05/12 12:06:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011/03/31 00:32:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2012/04/13 03:04:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2011/02/23 20:54:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/04/14 18:24:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2010/04/18 18:01:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2010/04/14 18:24:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/06/17 21:21:01 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2011/09/25 15:57:34 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2009/07/15 15:31:01 | 000,000,494 | -H-- | M] () -- C:\Users\Age\AppData\Roaming\wklnhst.dat

< MD5 for: AFD.SYS >
[2011/04/21 09:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys
[2011/04/21 09:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011/04/21 09:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2011/04/21 09:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2008/01/20 22:24:17 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2009/04/11 00:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2011/04/21 09:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2008/01/20 22:24:35 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
[2012/04/23 12:00:53 | 000,133,120 | ---- | M] (Microsoft Corporation) MD5=75C6A297E364014840B48ECCD7525E30 -- C:\Windows\System32\cryptsvc.dll
[2012/04/23 12:00:53 | 000,133,120 | ---- | M] (Microsoft Corporation) MD5=75C6A297E364014840B48ECCD7525E30 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18618_none_77e34ec697f67015\cryptsvc.dll
[2012/04/23 10:48:06 | 000,135,168 | ---- | M] (Microsoft Corporation) MD5=C979AEA8C4D8F875CD25507D08980006 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.22840_none_78447b63b1339621\cryptsvc.dll
[2009/04/11 02:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\ERDNT\cache\cryptsvc.dll
[2009/04/11 02:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2011/03/02 10:25:54 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=1FF4F12AF03AA5DAFE05F6937E497193 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.22866_none_e23149269ba22ef6\dnsrslvr.dll
[2009/04/11 02:28:18 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=30A08728740E71947AE1E073B5CE69B4 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6002.18005_none_e3cdf5e97f7b2eb7\dnsrslvr.dll
[2011/03/02 10:49:43 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=4805D9A6D281C7A7DEFD9094DEC6AF7D -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18611_none_e1d8b89f8260879d\dnsrslvr.dll
[2011/03/02 11:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=57D762F6F5974AF0DA2BE88A3349BAAA -- C:\Windows\System32\dnsrslvr.dll
[2011/03/02 11:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=57D762F6F5974AF0DA2BE88A3349BAAA -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6002.18416_none_e3c42ddf7f82589b\dnsrslvr.dll
[2011/03/02 14:19:46 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=9BC2EB15BB0E08579536AC47D7C6F92A -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6002.22600_none_e4529ac0989d4191\dnsrslvr.dll
[2008/01/20 22:24:26 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=F5A0F1DA1ED8B429597E71D27D976E31 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b\dnsrslvr.dll

< MD5 for: ES.DLL >
[2008/04/19 04:27:37 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=131B7E46A7ACD49CB56BB03917A76DE3 -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.20818_none_0b8e318c6db592d2\es.dll
[2008/04/18 01:48:39 | 000,269,312 | ---- | M] (Microsoft Corporation) MD5=3CB3343D720168B575133A0A20DC2465 -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18057_none_0cbe918751dfdd3f\es.dll
[2009/04/11 02:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=67058C46504BC12D821F38CF99B7B28F -- C:\Windows\ERDNT\cache\es.dll
[2009/04/11 02:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=67058C46504BC12D821F38CF99B7B28F -- C:\Windows\System32\es.dll
[2009/04/11 02:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=67058C46504BC12D821F38CF99B7B28F -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6002.18005_none_0ed918294edf6b75\es.dll
[2008/04/18 01:30:29 | 000,269,312 | ---- | M] (Microsoft Corporation) MD5=776D75AF432C598068CC933C7421171B -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.22162_none_0d385cf46b0a1a47\es.dll
[2012/08/14 00:29:58 | 000,008,728 | ---- | M] () MD5=7AD37261A349BE597C2E4C58B093B63D -- C:\Users\Age\AppData\Local\Google\Chrome\Application\21.0.1180.79\Locales\es.dll
[2008/04/19 04:13:07 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=7B4971C3D43525175A4EA0D143E0412E -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.16677_none_0ac2b30954c98430\es.dll
[2012/08/07 02:42:39 | 000,008,728 | ---- | M] () MD5=DA1DB7B22439EEFAF1AF12F32164772C -- C:\Users\Age\AppData\Local\Google\Chrome\Application\21.0.1180.75\Locales\es.dll
[2008/01/20 22:24:11 | 000,262,144 | ---- | M] (Microsoft Corporation) MD5=F4BF4FA769DB51B106D2B4B35256988B -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18000_none_0ced9f1d51bda029\es.dll

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 22:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2008/01/20 22:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) MD5=E1499BD0FF76B1B2FBBF1AF339D91165 -- C:\Windows\System32\ipnathlp.dll
[2008/01/20 22:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) MD5=E1499BD0FF76B1B2FBBF1AF339D91165 -- C:\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.0.6001.18000_none_04cd5ea6494c4867\ipnathlp.dll

< MD5 for: NETBT.SYS >
[2008/01/20 22:24:59 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
[2009/04/11 00:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\System32\drivers\netbt.sys
[2009/04/11 00:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys

< MD5 for: NETMAN.DLL >
[2008/01/20 22:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) MD5=C8052711DAECC48B982434C5116CA401 -- C:\Windows\ERDNT\cache\netman.dll
[2008/01/20 22:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) MD5=C8052711DAECC48B982434C5116CA401 -- C:\Windows\System32\netman.dll
[2008/01/20 22:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) MD5=C8052711DAECC48B982434C5116CA401 -- C:\Windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.0.6001.18000_none_0fbd1b9651cfd333\netman.dll

< MD5 for: QMGR.DLL >
[2008/01/20 22:25:00 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2009/04/11 02:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\ERDNT\cache\qmgr.dll
[2009/04/11 02:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\System32\qmgr.dll
[2009/04/11 02:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll

< MD5 for: RPCSS.DLL >
[2009/03/03 00:39:32 | 000,551,424 | ---- | M] (Microsoft Corporation) MD5=301AE00E12408650BADDC04DBC832830 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll
[2008/01/20 22:24:06 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=33FB1F0193EE2051067441492D56113C -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll
[2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=3B5B4D53FEC14F7476CA29A20CC31AC9 -- C:\Windows\ERDNT\cache\rpcss.dll
[2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=3B5B4D53FEC14F7476CA29A20CC31AC9 -- C:\Windows\System32\rpcss.dll
[2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=3B5B4D53FEC14F7476CA29A20CC31AC9 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll
[2009/03/03 00:32:23 | 000,551,424 | ---- | M] (Microsoft Corporation) MD5=4DFCBDEF3CCAA98F99038DED78945253 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll
[2009/03/03 00:19:41 | 000,549,888 | ---- | M] (Microsoft Corporation) MD5=7B981222A257D076885BFFB66F19B7CE -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll
[2009/03/03 00:17:45 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=B1BB45E24717A7F790B4411C4446EF5E -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll

< MD5 for: SERVICES.EXE >
[2008/01/20 22:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=8737764F4FD36D6808EE80578409C843 -- C:\Windows\System32\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\ERDNT\cache\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2008/04/26 04:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009/04/11 02:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2011/09/20 17:02:55 | 000,913,280 | ---- | M] (Microsoft Corporation) MD5=16731B631F28F63CD9F4CB60940E7DDD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_b58c64c97caa1c43\tcpip.sys
[2009/08/15 17:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009/08/14 13:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2011/06/17 16:13:55 | 000,905,104 | ---- | M] (Microsoft Corporation) MD5=2756186E287139310997090797E0182B -- C:\Windows\ERDNT\cache\tcpip.sys
[2011/06/17 16:13:55 | 000,905,104 | ---- | M] (Microsoft Corporation) MD5=2756186E287139310997090797E0182B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18484_none_b4b2134c63c9c70f\tcpip.sys
[2012/03/30 08:39:11 | 000,905,600 | ---- | M] (Microsoft Corporation) MD5=27D470DABC77BC60D0A3B0E4DEB6CB91 -- C:\Windows\System32\drivers\tcpip.sys
[2012/03/30 08:39:11 | 000,905,600 | ---- | M] (Microsoft Corporation) MD5=27D470DABC77BC60D0A3B0E4DEB6CB91 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18604_none_b50896786388e1d5\tcpip.sys
[2010/02/18 07:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010/02/18 10:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009/08/14 10:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2010/02/18 10:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010/02/18 08:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2010/06/16 11:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2009/08/14 12:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2011/06/17 16:13:55 | 000,913,296 | ---- | M] (Microsoft Corporation) MD5=6647FCE6FC4970DAAFE5C64C794513D3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22662_none_b54f51417cd8f970\tcpip.sys
[2010/06/16 12:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010/06/16 11:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2011/09/20 17:02:55 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=814A1C66FBD4E1B310A517221F1456BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_b502c618638c7f52\tcpip.sys
[2008/04/26 04:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009/08/14 13:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010/02/18 13:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010/06/16 12:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2010/02/18 10:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2012/03/30 08:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22828_none_b58096797cb31c04\tcpip.sys
[2008/01/20 22:25:03 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009/08/14 12:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: TDX.SYS >
[2009/04/11 00:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\System32\drivers\tdx.sys
[2009/04/11 00:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys
[2008/01/20 22:24:53 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=D09276B1FAB033CE1D40DCBDF303D10F -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys

< MD5 for: USERINIT.EXE >
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2006/11/02 05:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008/01/20 22:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/20 22:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/01/20 22:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008/01/20 22:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/20 22:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WMISVC.DLL >
[2008/01/20 22:24:59 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=00B79A7C984678F24CF052E5BEB3A2F5 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.0.6001.18000_none_a0b2bbcff6f11e8e\WMIsvc.dll
[2009/04/11 02:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) MD5=6B2A1D0E80110E3D04E6863C6E62FD8A -- C:\Windows\System32\wbem\WMIsvc.dll
[2009/04/11 02:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) MD5=6B2A1D0E80110E3D04E6863C6E62FD8A -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.0.6002.18005_none_a29e34dbf412e9da\WMIsvc.dll

< MD5 for: WSCSVC.DLL >
[2009/04/11 02:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=1CA6C40261DDC0425987980D0CD2AAAB -- C:\Windows\System32\wscsvc.dll
[2009/04/11 02:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=1CA6C40261DDC0425987980D0CD2AAAB -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.0.6002.18005_none_1c2bd6beaf3aa18d\wscsvc.dll
[2008/01/20 22:23:39 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=683DD16B590372F2C9661D277F35E49C -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.0.6001.18000_none_1a405db2b218d641\wscsvc.dll

========== Files - Unicode (All) ==========
[2012/05/30 21:17:01 | 004,708,624 | ---- | M] ()(C:\Users\Age\Documents\"????????".mp3) -- C:\Users\Age\Documents\"待ち合わせの途中".mp3
[2012/05/30 21:16:23 | 004,708,624 | ---- | C] ()(C:\Users\Age\Documents\"????????".mp3) -- C:\Users\Age\Documents\"待ち合わせの途中".mp3

< End of report >


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30103
# Likes # Likes : 0

View user profile

Back to top Go down

Extras Log Pt 1

Post by timecantkill on 17th August 2012, 1:34 am

OTL Extras logfile created on: 8/16/2012 8:49:13 PM - Run 5
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Age\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 56.57% Memory free
5.94 Gb Paging File | 4.57 Gb Available in Paging File | 76.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.68 Gb Total Space | 16.97 Gb Free Space | 7.55% Space Free | Partition Type: NTFS

Computer Name: MELVIN | User Name: Age | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200
"{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}" = Vz In Home Agent
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CA49C4E-7B1C-460c-9DB8-4A7160CDF8D1}" = ProductContext
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0F052922-4BCE-4763-A540-00857554336D}" = Redist
"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
"{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}" = Canon MF Toolbox 4.9.1.1.mf04
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
"{1DEF8B27-D75B-4f2a-B723-C506047D1438}" = K8600
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{24176A21-AFC8-3DCC-A2BB-901734AA64B9}" = Google Talk Plugin
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{27A2ABE9-E4C4-45DD-B9A8-CEEEE380E7E1}" = VAIO Content Metadata Intelligent Analyzing Manager
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3A98125E-B0AC-47E4-80D7-75DF75B13AA1}" = BPDSoftware_Ini
"{3BDDF462-8A95-4C50-86DA-4D41F3483EA5}" = Canon MF Toolbox 4.9.1.1.mf04
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}" = Adobe InDesign CS
"{44B44E0E-B7F8-45D2-9B1F-B073D337A097}" = BPD_HPSU
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B8AB184-EE5E-4277-BB68-C352BE13DD7B}" = 8600_Help
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69B078F7-E057-4488-AE6B-CB7BBEEE8DA6}" = HP Officejet Pro K8600 Series
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{757CC5BA-BF08-46A5-8D10-64C6FDF659C6}" = VAIO Content Metadata Manager Setting
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A367C28-423C-48E2-8C76-EBA1171F932A}" = Adobe Photoshop Album 2.0
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D10D317-F8E0-4493-99AE-F6ADBB223553}" = BPDSoftware
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C71059E-6DDD-4958-9251-7A5F865B6BA0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4399CF4-7A3F-4E84-B763-AD352640203D}" = VAIO Content Metadata XML Interface Library
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAB0F8F5-282A-45F1-B31A-EB894827456B}" = MPM
"{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO Wireless Wizard
"{BE2DDF55-4C42-44CC-A56E-C8E4A65CB2FF}" = IHA_MessageCenter
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C8FC7066-4457-4365-9BDF-4E439BF703C8}" = AVG 2011
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CC56A2CB-EC09-4175-B8BD-93E2440D410B}" = VAIO Content Metadata Manager Setting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFB61C36-61C9-46E9-8AA3-6E5A896AC989}" = 8600_Readme
"{D06F5884-B439-440B-A58D-6C057C2FF8EB}" = Click to Disc
"{D0AE373E-C276-432B-9A95-F8DD356A8242}" = VAIO Movie Story
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D90507A2-6183-497D-9075-951DC80362DA}" = VAIO Media plus
"{DB3A97C0-EEC1-43FE-AB56-E2EA972CF111}" = 1600
"{DD929BD3-5D41-4407-BE04-119B4A631869}" = Canon MF Toolbox 4.9.1.1.mf04
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEBA60A3-7CDE-48D7-993D-7C68663AEE68}" = VAIO Content Metadata Intelligent Analyzing Manager
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1D25278-B51A-4163-BC3D-20A4D2D09F98}" = VAIO My Memory Center
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E533E637-FB3E-4F28-8B18-449CC9AB7235}" = AVG 2011
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA79DC46-98B0-4A26-A76F-448A032E5E4D}" = 1600Trb
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F485E43D-18B1-4B40-AF4B-EDA78E91DA80}" = Dolby Control Center
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F5DAFD10-6E61-49BF-B3C5-5AA9AF3A0863}" = Verizon Download Manager
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FACD3674-FC12-4B6C-A923-E1D687704E9B}" = VAIO Content Metadata XML Interface Library
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEA5A8ED-93A1-44EE-9A7D-43103DB3F78D}" = 1600_Help
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AIM_7" = AIM 7
"AVG" = AVG 2011
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"DVD Flick_is1" = DVD Flick 1.3.0.7
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 8.0
"ICCup Launcher_is1" = ICCup Launcher
"ImgBurn" = ImgBurn
"InfraRecorder" = InfraRecorder
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00
"LastFM_is1" = Last.fm 1.5.4.27091
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProInst" = Intel PROSet Wireless
"QcDrv" = Logitech® Camera Driver
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Starcraft" = Starcraft
"The KMPlayer" = The KMPlayer (remove only)
"Veoh Web Player Beta" = Veoh Web Player
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome
"RewardsArcade" = RewardsArcade

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/16/2012 7:13:12 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00067410, process id 0x56c, application start time
0x01cd7c04b4f04658.

Error - 8/16/2012 7:13:17 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00067410, process id 0x14a4, application start time
0x01cd7c04b7c0c3a8.

Error - 8/16/2012 7:21:44 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00067467, process id 0x1758, application start time
0x01cd7c05e6750b18.

Error - 8/16/2012 7:21:47 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00067410, process id 0x10a0, application start time
0x01cd7c05e82b0818.

Error - 8/16/2012 7:35:45 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00067410, process id 0x16c8, application start time
0x01cd7c07db4d4a78.

Error - 8/16/2012 7:35:48 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00067410, process id 0x16f0, application start time
0x01cd7c07dd1fd7f8.

Error - 8/16/2012 7:37:33 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x0006742d, process id 0x1028, application start time
0x01cd7c081bf3ace8.

Error - 8/16/2012 7:37:36 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00067410, process id 0x1578, application start time
0x01cd7c081de23e48.

Error - 8/16/2012 8:14:07 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00067410, process id 0x1fc8, application start time
0x01cd7c0d37691260.

Error - 8/16/2012 8:14:10 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00067410, process id 0x19c0, application start time
0x01cd7c0d39515a60.

[ OSession Events ]
Error - 5/25/2010 1:49:20 AM | Computer Name = Melvin | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 305784
seconds with 420 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/12/2012 5:23:40 PM | Computer Name = Melvin | Source = PlugPlayManager | ID = 12
Description = The device 'Optiarc DVD RW AD-7560A USB Device' (USBSTOR\CdRom&Ven_Optiarc&Prod_DVD_RW_AD-7560A&Rev_DS04\F76000019BEF&0)
disappeared from the system without first being prepared for removal.

Error - 8/12/2012 6:37:07 PM | Computer Name = Melvin | Source = PlugPlayManager | ID = 12
Description = The device 'USB Mass Storage Device' (USB\VID_054C&PID_0377\F76000019BEF)
disappeared from the system without first being prepared for removal.

Error - 8/12/2012 6:37:07 PM | Computer Name = Melvin | Source = PlugPlayManager | ID = 12
Description = The device 'Optiarc DVD RW AD-7560A USB Device' (USBSTOR\CdRom&Ven_Optiarc&Prod_DVD_RW_AD-7560A&Rev_DS04\F76000019BEF&0)
disappeared from the system without first being prepared for removal.

Error - 8/12/2012 8:43:26 PM | Computer Name = Melvin | Source = PlugPlayManager | ID = 12
Description = The device 'USB Mass Storage Device' (USB\VID_054C&PID_0377\F76000019BEF)
disappeared from the system without first being prepared for removal.

Error - 8/12/2012 8:43:26 PM | Computer Name = Melvin | Source = PlugPlayManager | ID = 12
Description = The device 'Optiarc DVD RW AD-7560A USB Device' (USBSTOR\CdRom&Ven_Optiarc&Prod_DVD_RW_AD-7560A&Rev_DS04\F76000019BEF&0)
disappeared from the system without first being prepared for removal.

Error - 8/16/2012 6:27:41 PM | Computer Name = Melvin | Source = Service Control Manager | ID = 7024
Description =

Error - 8/16/2012 6:27:41 PM | Computer Name = Melvin | Source = Service Control Manager | ID = 7000
Description =

Error - 8/16/2012 6:27:41 PM | Computer Name = Melvin | Source = Service Control Manager | ID = 7000
Description =

Error - 8/16/2012 6:27:41 PM | Computer Name = Melvin | Source = Service Control Manager | ID = 7000
Description =

Error - 8/16/2012 6:29:03 PM | Computer Name = Melvin | Source = Service Control Manager | ID = 7022
Description =


< End of report >


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30103
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by timecantkill on 19th August 2012, 3:26 am

bump


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30103
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by Superdave on 21st August 2012, 1:13 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
The log also show that you only have 7.55% free space on your hard drive. Windows require 15% or more to operate efficiently. You will need to free up more space(33.6 Gb). You can do this by transferring music, videos, pictures and other important data to an external harddrive or DVD's. You can use RW's because they are re-usable. You can also uninstall any programs no longer used or needed.
************************************************************************
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:
:OTL

IE - HKLM\..\SearchScopes,DefaultScope = {CF739809-1C6C-47C0-85B9-569DBB141420}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q={searchTerms}&crm=1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2B68F2F3-3342-4A2A-81CA-8072852D359E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\..\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=SOLTDF&pc=SOLTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q={searchTerms}&crm=1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.11.3.15590
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q="
O2 - BHO: (RewardsArcade) - {597A9974-8CB0-4f41-B61F-ED065738A397} - C:\Program Files\RewardsArcade\RewardsArcade.dll (215 Apps)

:folders
C:\Program Files\RewardsArcade

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
**************************************************************
Please download [You must be registered and logged in to see this link.] ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply
*************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download [You must be registered and logged in to see this link.]
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from [You must be registered and logged in to see this link.]
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

Issues with OTL

Post by timecantkill on 25th August 2012, 7:29 pm

Sorry it took me a week to get back to this; I don't have much free time during the work week.

I'm running OTL Version 3.2.22.3 and every time I try to Run Fix using the code you gave me above, OTL goes into a Not Responding state and remains that way for hours, never actually resuming or finishing. What do you suggest I do? I could move onto the other instructions you gave me, but I believe OTL needs to run its fix first.


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30103
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by Superdave on 25th August 2012, 7:35 pm

Please move on to the other scans. We can come back to OTL later.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

aswMBR log

Post by timecantkill on 27th August 2012, 3:03 am

By the time aswMBR finished, the user interface on my computer had really taken a turn for the worse. I couldn't save the log; I couldn't even open My Computer, Documents or any other folders while attempting to pull up Task Manager would just turn my screen black for an unlimited amount of time until I hit Esc. So this is what was shown in the aswMBR window; I just typed it up manually. Hopefully, after a reboot, I'll be able to run the other two scans.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-26 12:06:18
-----------------------------
12:06:18.310 OS Version: Windows 6.0.6002 Service Pack 2
12:06:18.311 Number of processors: 2 586 0x1706
12:06:18.312 ComputerName: MELVIN UserName: Age
12:06:20.867 Initialize success
12:06:27.141 AVAST engine defs: 12082500
12:06:36.907 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:06:36.907 Disk 0 Vendor: FUJITSU_ 0000 Size: 238475MB BusType: 3
12:06:36.907 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006c
12:06:36.922 Disk 1 Vendor: RICOH 01 Size: 238475MB BusType: 0
12:06:36.922 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006d
12:06:36.922 Disk 2 Vendor: RICOH 02 Size: 238475MB BusType: 0
12:06:36.969 Disk 0 MBR read successfully
12:06:36.985 Disk 0 MBR scan
12:06:36.985 Disk 0 Windows VISTA default MBR code
12:06:37.016 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8401 MB offset 2048
12:06:37.031 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 230072 MB offset 17207296
12:06:37.047 Disk 0 scanning sectors +488395120
12:06:37.156 Disk 0 scanning C:\Windows\system32\drivers
12:07:05.762 Service scanning
12:07:44.635 Modules scanning
12:07:57.667 Disk 0 trace - called modules:
12:07:57.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
12:07:57.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ba5968]
12:07:57.687 3 CLASSPNP.SYS[8afa38b3] -> nt!IofCallDriver -> [0x86059700]
12:07:57.697 5 acpi.sys[806946bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8606b028]
12:07:59.511 AVAST engine scan C:\
21.58.25.360 Scan finished successfully


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30103
# Likes # Likes : 0

View user profile

Back to top Go down

SuperAntiSpyware log

Post by timecantkill on 27th August 2012, 12:28 pm

Well, my computer isn't doing much better after a reboot. There was nothing found or quarantined by SuperAntiSpyware and due to this it didn't come up with the white box for me to verify that everything has a checked box beside it nor did it prompt me to restart. I'll run the next scan when I get home today...

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 08/27/2012 at 04:33 AM

Application Version : 5.0.1128

Core Rules Database Version : 0
Trace Rules Database Version: 0

Scan type : Complete Scan
Total Scan Time : 05:24:14

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned : 753
Memory threats detected : 0
Registry items scanned : 545
Registry threats detected : 0
File items scanned : 252385
File threats detected : 0


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30103
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by Superdave on 27th August 2012, 7:25 pm

Please boot in Safe mode and run the MBAM scan to see if it runs better in Safe mode.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

MBAM log

Post by timecantkill on 28th August 2012, 4:47 am

Malwarebytes Anti-Malware 1.62.0.1300
[You must be registered and logged in to see this link.]

Database version: v2012.08.25.04

Windows Vista Service Pack 2 x86 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
Age :: MELVIN [administrator]

8/27/2012 8:24:13 PM
mbam-log-2012-08-27 (20-24-13).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 442790
Time elapsed: 1 hour(s), 24 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 12
HKCR\CLSID\{25514C64-8321-494e-BD3E-3DBAB3F8CEBA} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\CLSID\{597A9974-8CB0-4f41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\RewardsArcade.BHO.1 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\RewardsArcade.FBApi (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\RewardsArcade.FBApi.1 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\TypeLib\{60BE6B2E-F2F5-4404-AA1E-4381D4A6EEA2} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\Age\AppData\Local\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\n. -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 29
C:\Program Files\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.

Files Detected: 112
C:\Program Files\ICCup\Launcher\iccwc3.icc (PUP.GameTool) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\RewardsArcade.dll (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\RewardsArcade.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\Uninstall.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\UserConfirmation.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\appAPIinternalWrapper.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\fb.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\jquery.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\json.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\icon128.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\panelarrow-up.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\popup.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\popup.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\popup_binding.xml (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon128.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\panelarrow-up.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup_binding.xml (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000000.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30103
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by Superdave on 28th August 2012, 11:30 pm

Please try to boot in Normal Mode and run the MBAM scan again. Post the log if anything is found.

Download Combofix from any of the links below, and save it to your DESKTOP.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

MBAM log 2

Post by timecantkill on 29th August 2012, 12:17 pm

Here is the new MBAM log. I will run combofix when I get home from work. Also, yesterday I ran a new OTL scan before MBAM. I can post that if you'd like.

Malwarebytes Anti-Malware 1.62.0.1300
[You must be registered and logged in to see this link.]

Database version: v2012.08.25.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Age :: MELVIN [administrator]

8/28/2012 11:11:45 PM
mbam-log-2012-08-28 (23-11-45).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 446385
Time elapsed: 2 hour(s), 22 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Delete on reboot.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000000.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30103
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by Superdave on 29th August 2012, 10:52 pm

I really want to see the ComboFix log along with the log from this scanner.


  • Download [You must be registered and logged in to see this link.] on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

ComboFix Log

Post by timecantkill on 29th August 2012, 11:47 pm

I'm pretty sure ComboFix took longer than 15 min and AVG 2011 kicked back on.. the bastard. Anyway, here is the log. I"m going to try and uninstall AVG so I can run the scan uninterrupted.

ComboFix 12-08-29.03 - Age 08/29/2012 19:15:56.7.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1668 [GMT -4:00]
Running from: C:\Users\Age\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DFR46B8.tmp
C:\Windows\assembly\GAC\Desktop.ini
C:\Windows\system32\drivers\etc\hosts.ics
C:\Windows\system32\SET8346.tmp
C:\Windows\TEMP\logishrd\LVPrcInj01.dll

Infected copy of C:\Windows\system32\Services.exe was found and disinfected
Restored copy from - C:\ComboFix\HarddiskVolumeShadowCopy9_!Windows!ERDNT!cache!services.exe


((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-29 )))))))))))))))))))))))))))))))


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30103
# Likes # Likes : 0

View user profile

Back to top Go down

ComboFix Log 2

Post by timecantkill on 30th August 2012, 12:42 am

Below is the log with AVG uninstalled. Time to reinstall and run the next scan.

ComboFix 12-08-29.03 - Age 08/29/2012 20:14:36.8.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1852 [GMT -4:00]
Running from: c:\users\Age\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\@
c:\windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\L\00000004.@
c:\windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000004.@
c:\windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000008.@
c:\windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\000000cb.@
c:\windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000000.@
c:\windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000032.@
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
---- Previous Run -------
.
C:\DFR46B8.tmp
c:\windows\assembly\GAC\Desktop.ini
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\SET8346.tmp
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
-- Previous Run --
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!ERDNT!cache!services.exe
.
--------
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-30 )))))))))))))))))))))))))))))))
.
.
2012-08-30 00:21 . 2012-08-30 00:27 -------- d-----w- c:\users\Age\AppData\Local\temp
2012-08-30 00:21 . 2012-08-30 00:21 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-30 00:21 . 2012-08-30 00:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-25 16:28 . 2012-08-25 16:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-25 16:28 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-25 16:22 . 2012-08-25 16:22 -------- d-----w- c:\users\Age\AppData\Roaming\SUPERAntiSpyware.com
2012-08-25 16:22 . 2012-08-25 16:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-25 16:22 . 2012-08-25 16:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-16 22:40 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 23:31 . 2012-06-17 19:01 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-16 23:31 . 2011-05-26 22:41 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 16:47 . 2012-07-11 22:39 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 22:39 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 22:39 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-21 00:43 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 00:43 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 00:42 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 00:42 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 00:43 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 00:43 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 00:42 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 00:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-21 00:42 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 00:04 . 2012-07-11 22:39 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 22:39 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-22 15:25 . 2011-04-14 23:05 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VMpTtray.exe"="c:\program files\Sony\VAIO Media plus\VMpTtray.exe" [2008-03-09 86016]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-29 6111232]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-12 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-12 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-12 141848]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-05-27 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-12-01 206120]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start [You must be registered and logged in to see this link.] [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-05-16 00:20 98304 ------w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
backup=c:\windows\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Age^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Age\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2011-01-05 17:11 4321112 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AML]
2008-03-26 22:48 1093632 ----a-w- c:\program files\Sony\VAIO Launcher\AML.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 23:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2008-04-04 03:03 317280 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 19:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 06:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 17:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2008-04-29 04:48 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartWiHelper]
2008-06-27 20:45 77824 ----a-w- c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 18:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Help and Support Demo]
2007-08-28 01:54 290816 ----a-w- c:\program files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOMyMemCenter]
2008-02-29 20:39 679936 ----a-w- c:\program files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIORegistration]
2007-10-17 22:40 20480 ----a-w- c:\program files\Sony\First Experience\WelcomeLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2007-07-20 22:30 577536 ----a-w- c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-04-03 19:23 3558648 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VWLASU]
2008-02-19 19:25 24576 ----a-w- c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe]
2006-09-20 13:35 20480 ------w- c:\windows\System32\spool\drivers\w32x86\3\WrtMon.exe
.
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-17 23:31]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-12 19:18]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-12 19:18]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-11734941-2268584939-366143686-1000Core.job
- c:\users\Age\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-23 23:17]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-11734941-2268584939-366143686-1000UA.job
- c:\users\Age\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-23 23:17]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local;
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Age\AppData\Roaming\Mozilla\Firefox\Profiles\ukp2bmba.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
AddRemove-QcDrv - c:\program files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-08-29 20:27
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(7988)
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\RtkAudioService.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\VERIZONDM\bin\sprtsvc.exe
c:\program files\VERIZONDM\bin\tgsrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Sony\VAIO Power Management\SPMService.exe
c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-08-29 20:32:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-30 00:32
ComboFix2.txt 2011-08-26 23:08
ComboFix3.txt 2011-05-20 04:46
ComboFix4.txt 2011-04-01 02:55
ComboFix5.txt 2012-08-29 23:13
.
Pre-Run: 39,612,039,168 bytes free
Post-Run: 39,440,097,280 bytes free
.
- - End Of File - - 300F49DE198086662FD01ABB47A1CCB2


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30103
# Likes # Likes : 0

View user profile

Back to top Go down

RogueKiller Log

Post by timecantkill on 30th August 2012, 12:53 am

I decided to run RogueKiller before reinstalling AVG; I may actually wait to reinstall since AVG has caused issues with ComboFix and other programs before. On to the main course:

RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: [You must be registered and logged in to see this link.]
Blog: [You must be registered and logged in to see this link.]

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Age [Admin rights]
Mode : Scan -- Date : 08/29/2012 20:48:17

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] RTKAUDIOSERVICE.EXE -- C:\Windows\RtkAudioService.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[TASK][SUSP PATH] winupd : C:\Users\Age\AppData\Local\Temp:winupd.exe -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\L --> FOUND
[ZeroAccess][FOLDER] U : C:\Users\Age\AppData\Local\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Users\Age\AppData\Local\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\L --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHY2250BH +++++
--- User ---
[MBR] 9ed614e0d7cc22ade83606f28eb9ea27
[BSP] 2427c8b7cb8673cf6fa49edb04d9c982 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 8401 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 17207296 | Size: 230072 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt





I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30103
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by Superdave on 30th August 2012, 11:48 pm

Download [You must be registered and logged in to see this link.] and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

      Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt


  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button.
  • type exit and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by timecantkill on 31st August 2012, 2:36 am

I'm in the Advanced Boot Options and there is no "Repair your computer" menu item. There is the following: Safe Mode, Safe Mode with Networking, Safe Mode with Command Prompt, Enable Boot Logging, Enable low-resolution video (640x480), Last Known Good Configuration (advanced), Directory Services Restore Mode, Debugging Mode, Disable automatic restart on system failure, Disable Driver Signature Enforcement, and Start Windows Normally. If I had to guess, I would say that Directory Services Restore Mode, but I think it best not to take action on assumptions at this point.


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30103
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by timecantkill on 31st August 2012, 8:14 pm

If the Repair your computer item's absence is due to System Recovery Options not being installed on my computer, which I am pretty sure it has been installed since my computer has always had Command Prompt, System Restore, etc., then I imagine I will need a Windows Vista DVD. I hope this is not the case as I do not have a Windows startup disk; if it is the case, is there a quick way I can get a hold of that disk or produce it myself?


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30103
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by timecantkill on 1st September 2012, 12:23 am

Uhhhh and apparently my Recycle Bin has somehow been deleted from my Desktop, which I thought wasn't possible. :S


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30103
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by Superdave on 1st September 2012, 12:56 am

If the Repair your computer item's absence is due to System Recovery Options not being installed on my computer, which I am pretty sure it has been installed since my computer has always had Command Prompt, System Restore, etc., then I imagine I will need a Windows Vista DVD.
Most computers with Vista came with the RC already installed or the option of creating your own repair disks. When you ran ComboFix you would have been asked if you wanted to install the RC. You may be able to borrow a Vista disk but it must be the same version as what you have installed. However please read below.

I am required to give you this warning.

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

Read this article: Danger: [You must be registered and logged in to see this link.]

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one! If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach.

I would counsel you to disconnect this PC from the Internet immediately.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by timecantkill on 2nd September 2012, 5:47 pm

Well, shit. I was afraid of that >_<. I'll inform you of my decision by the end of the day...

Can you tell me: If this is an infection that runs so deep my computer will still be a liability even after reformatting? If I attempt to backup the contents of my computer before reformatting, what is the chance that my external harddrive will then become infected? If I backup everything at this point, after I reformat and transfer all my backedup files to my computer, could the infection resume with the backedup files?


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30103
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by Superdave on 2nd September 2012, 7:29 pm

If this is an infection that runs so deep my computer will still be a liability even after reformatting? If I attempt to backup the contents of my computer before reformatting, what is the chance that my external harddrive will then become infected? If I backup everything at this point, after I reformat and transfer all my backedup files to my computer, could the infection resume with the backedup files?
If you do a complete re-format, it should be as good as new. You can save your important data but scan it using at least two up-to-date AV's program before putting them back on your computer.

To wipe the drive clean, [You must be registered and logged in to see this link.] and reinstall the OS.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by timecantkill on 2nd September 2012, 9:29 pm

Okay, I think I found a copy of Windows Vista Premium Home Edition Service Pack 2 32-bit startup disc, but I won't be able to get it until I go back to work on Tuesday. I'd like to do all I can to clean this mess up before doing a complete reformat, even though I know I may have to in the end.

Is it alright to resume progress on this on Tuesday? In the meantime, I'm going to leave my computer shut down and start changing all my passwords.


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30103
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by Superdave on 2nd September 2012, 10:21 pm

Tuesday is ok.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by timecantkill on 5th September 2012, 1:06 am

Alright, I have a Windows Vista Home Premium (Service Pack 2) x86 installation disc, and I am ready to give System Recovery Option another go. Aside from the instructions I received before, is there anything particular I should know?

I believe I did boot from the installation disc as I was prompted into Windows Boot Manager, but when I selected the Advanced Options menu by pressing F8, I saw the same options as before. I checked my BIOS settings beforehand that my 1st priority is to boot from internal optical disk drive, so I think this should be the installation disc menu; however, as I stated, the same options are present.


Last edited by timecantkill on 5th September 2012, 1:18 am; edited 2 times in total (Reason for editing : additional information)


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30103
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by Superdave on 5th September 2012, 10:07 pm

I checked my BIOS settings beforehand that my 1st priority is to boot from internal optical disk drive, so I think this should be the installation disc menu;
Your first option should be to boot from the disk. Then you will be able to do a fresh installation.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by timecantkill on 5th September 2012, 10:59 pm

I'm not planning on doing a reformat yet, though. Should I still run an install?


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30103
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by Superdave on 6th September 2012, 12:05 am

If I backup everything at this point, after I reformat and transfer all my backedup files to my computer, could the infection resume with the backedup files?
You did mention that you were going to reformat. If you can get the computer to boot from the disk you should be able to run a Repair or a re-install.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by timecantkill on 6th September 2012, 12:18 am

Sorry, I wasn't clear. I'm currently backing everything up on the external hard drive I bought today. Once that is finished, I'm going to attempt System Recovery Options again.

After speaking with a few people and doing some research, I believe the reason I was not seeing the "Repair your computer" option yesterday was because I was expecting to see it in the Advance Boot Options menu. Unless I am mistaken, which there is always a chance for that, I should encounter this option while attempting to run an install.

I want to run System Recovery Options and get that FRST log to you before I follow through with a complete reformat. That is my last resort, but I am preparing for it; hence the newly purchased external and current backup I am running.


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30103
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by Superdave on 6th September 2012, 1:33 am

Don't forget that the computer may not be totally reliable even if we can get rid of the infections.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by timecantkill on 9th September 2012, 8:20 pm

I ended up doing a clean install of Windows 7, so the hard drive was reformatted. I am concerned about that state of the files I backed up on my external and would like to be assured there are no infections among them. Could you give me instructions?


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30103
# Likes # Likes : 0

View user profile

Back to top Go down

Post Reformatting OTL Log

Post by timecantkill on 10th September 2012, 4:14 am

OTL logfile created on: 9/9/2012 5:55:11 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Ragerin\Desktop\Scans
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 66.30% Memory free
5.74 Gb Paging File | 4.76 Gb Available in Paging File | 82.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 214.42 Gb Free Space | 92.11% Space Free | Partition Type: NTFS
Drive D: | 2794.49 Gb Total Space | 2584.97 Gb Free Space | 92.50% Space Free | Partition Type: NTFS

Computer Name: MELVINMACHII | User Name: Ragerin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/09 16:17:45 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ragerin\Desktop\Scans\OTL.com
PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:17 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dinotify.exe


========== Modules (No Company Name) ==========

MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Win32 Services (SafeList) ==========

SRV - [2012/09/07 14:53:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2012/09/07 14:49:55 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/08/03 05:36:10 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]






IE - HKU\S-1-5-21-3591541463-939733331-2142369018-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\S-1-5-21-3591541463-939733331-2142369018-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKU\S-1-5-21-3591541463-939733331-2142369018-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3591541463-939733331-2142369018-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF 2D BE 42 29 8D CD 01 [binary data]
IE - HKU\S-1-5-21-3591541463-939733331-2142369018-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3591541463-939733331-2142369018-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ragerin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ragerin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - homepage: [You must be registered and logged in to see this link.]
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: [You must be registered and logged in to see this link.]
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ragerin\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ragerin\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ragerin\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ragerin\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Users\Ragerin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-3591541463-939733331-2142369018-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3591541463-939733331-2142369018-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BFC99AC-DA4A-4322-9DE7-6FD781B5A6D5}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: WudfRd - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/09 17:48:55 | 000,000,000 | ---D | C] -- C:\Users\Ragerin\AppData\Roaming\Malwarebytes
[2012/09/09 17:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/09 17:48:09 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/09 17:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/09 17:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/09 17:24:00 | 000,000,000 | ---D | C] -- C:\Users\Ragerin\Desktop\Scans
[2012/09/09 15:51:02 | 000,000,000 | ---D | C] -- C:\Users\Ragerin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/09/09 15:48:12 | 000,000,000 | ---D | C] -- C:\Users\Ragerin\AppData\Local\Google
[2012/09/09 15:47:55 | 000,000,000 | ---D | C] -- C:\Users\Ragerin\AppData\Local\Apps
[2012/09/09 15:47:54 | 000,000,000 | ---D | C] -- C:\Users\Ragerin\AppData\Local\Deployment
[2012/09/09 15:42:20 | 000,000,000 | ---D | C] -- C:\Users\Ragerin\AppData\Local\ElevatedDiagnostics
[2012/09/07 17:32:09 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/09/07 16:35:47 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/09/07 16:33:42 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/09/07 16:32:54 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/09/07 14:59:56 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2012/09/07 14:59:54 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2012/09/07 14:59:35 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2012/09/07 14:59:35 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2012/09/07 14:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/09/07 14:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/09/07 14:54:35 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/09/07 14:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/09/07 14:53:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2012/09/07 14:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/09/07 14:52:25 | 000,000,000 | ---D | C] -- C:\Users\Ragerin\AppData\Local\Microsoft Help
[2012/09/07 14:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/09/07 14:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/09/07 14:51:56 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/09/07 14:51:50 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/09/07 14:49:55 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012/09/07 14:49:50 | 000,000,000 | ---D | C] -- C:\Users\Ragerin\AppData\Roaming\DAEMON Tools Lite
[2012/09/07 14:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2012/09/07 14:49:07 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012/09/07 14:34:09 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/09/07 14:33:21 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2012/09/07 14:33:21 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2012/09/07 14:33:21 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2012/09/07 14:15:27 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/09/07 14:15:27 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/07 14:15:27 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/07 14:15:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/07 14:15:27 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/07 14:15:27 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/09/07 14:15:27 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/09/07 14:15:27 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/09/07 14:15:27 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/09/07 14:15:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/07 14:15:27 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/09/07 14:15:27 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/09/07 14:15:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/07 14:15:27 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/09/07 14:15:27 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/09/07 14:15:27 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/09/07 14:15:27 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/09/07 14:15:27 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/09/07 14:15:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/07 14:15:27 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/09/07 14:15:27 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/09/07 14:15:27 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/09/07 14:15:27 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/09/07 14:15:27 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/09/07 14:15:27 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/09/07 14:15:27 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/09/07 14:15:27 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/09/07 14:15:27 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/09/07 14:15:27 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/09/07 14:15:27 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/07 14:15:27 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/09/07 14:15:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/09/07 14:15:27 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/09/07 14:15:27 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/09/07 14:15:27 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/09/07 14:15:27 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/09/07 14:15:27 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/09/07 14:11:34 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2012/09/07 14:09:59 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/09/07 14:09:58 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2012/09/07 14:09:44 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2012/09/07 14:09:44 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2012/09/07 14:09:44 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2012/09/07 14:09:40 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012/09/07 14:09:40 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2012/09/07 14:09:39 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2012/09/07 14:09:39 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012/09/07 14:09:39 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012/09/07 14:09:33 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2012/09/07 14:09:33 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2012/09/07 14:09:31 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012/09/07 14:09:31 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/09/07 14:09:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/09/07 14:09:31 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/09/07 14:09:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/09/07 14:09:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/09/07 14:09:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/09/07 14:09:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/09/07 14:09:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/09/07 14:09:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/09/07 14:09:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/09/07 14:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/09/07 14:09:28 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/09/07 14:09:28 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/09/07 14:09:25 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/09/07 14:09:25 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/09/07 14:09:25 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/09/07 14:09:24 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2012/09/07 14:09:24 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2012/09/07 14:09:24 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2012/09/07 14:09:24 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2012/09/07 14:09:24 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2012/09/07 14:09:19 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/09/07 14:09:19 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/09/07 14:09:18 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2012/09/07 14:09:18 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2012/09/07 14:09:17 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2012/09/07 14:09:17 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2012/09/07 14:09:17 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2012/09/07 14:09:17 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2012/09/07 14:09:14 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/09/07 14:09:09 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2012/09/07 14:09:08 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/09/07 14:09:08 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/09/07 14:09:08 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/09/07 14:09:08 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/09/07 14:09:08 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/09/07 14:09:06 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2012/09/07 14:09:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2012/09/07 14:09:03 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2012/09/07 14:09:02 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2012/09/07 14:09:02 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2012/09/07 14:09:01 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012/09/07 14:09:00 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/09/07 14:09:00 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/09/07 14:08:53 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2012/09/07 14:08:52 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2012/09/07 14:08:44 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2012/09/07 14:08:44 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2012/09/07 14:08:44 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2012/09/07 14:08:44 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2012/09/07 14:08:39 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012/09/07 14:08:37 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012/09/07 14:08:37 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2012/09/07 14:08:37 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012/09/07 14:08:37 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2012/09/07 14:08:37 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2012/09/07 14:08:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/09/07 14:08:32 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2012/09/07 14:08:29 | 002,344,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/09/07 14:08:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2012/09/07 14:08:28 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/09/07 14:08:27 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2012/09/07 14:08:27 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2012/09/07 14:08:24 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/09/07 14:08:24 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/09/07 14:08:24 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2012/09/07 14:08:24 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/09/07 14:08:23 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/09/07 14:08:21 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012/09/07 14:08:20 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2012/09/07 14:08:17 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2012/09/07 14:08:17 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2012/09/07 14:08:17 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2012/09/07 14:08:17 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2012/09/07 14:08:17 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2012/09/07 14:08:17 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2012/09/07 14:08:17 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2012/09/07 14:08:17 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2012/09/07 14:08:11 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2012/09/07 14:08:06 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2012/09/07 14:08:06 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2012/09/07 14:08:05 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2012/09/07 14:08:02 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/09/07 13:59:31 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2012/09/07 13:58:56 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2012/09/07 13:58:55 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2012/09/07 13:58:55 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2012/09/07 13:58:45 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2012/09/07 13:58:45 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2012/09/07 13:49:17 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012/09/07 13:41:32 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/09/07 13:41:32 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/09/07 13:41:23 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/09/07 13:41:23 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/09/07 13:41:23 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/09/07 13:41:20 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/09/07 13:41:20 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/09/07 13:41:19 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\Searches
[2012/09/07 13:41:19 | 000,000,000 | -H-D | C] -- C:\Users\Ragerin\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/09/07 13:41:12 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/09/07 13:41:12 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/09/07 13:40:58 | 000,000,000 | ---D | C] -- C:\Users\Ragerin\AppData\Roaming\Identities
[2012/09/07 13:40:55 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\Contacts
[2012/09/07 13:40:47 | 000,000,000 | ---D | C] -- C:\Users\Ragerin\AppData\Local\VirtualStore
[2012/09/07 13:40:44 | 000,000,000 | --SD | C] -- C:\Users\Ragerin\AppData\Roaming\Microsoft
[2012/09/07 13:40:44 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\Videos
[2012/09/07 13:40:44 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\Saved Games
[2012/09/07 13:40:44 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\Pictures
[2012/09/07 13:40:44 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\Music
[2012/09/07 13:40:44 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/09/07 13:40:44 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\Links
[2012/09/07 13:40:44 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\Favorites
[2012/09/07 13:40:44 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\Downloads
[2012/09/07 13:40:44 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\Documents
[2012/09/07 13:40:44 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\Desktop
[2012/09/07 13:40:44 | 000,000,000 | R--D | C] -- C:\Users\Ragerin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\AppData\Local\Temporary Internet Files
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\Templates
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\Start Menu
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\SendTo
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\Recent
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\PrintHood
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\NetHood
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\Documents\My Videos
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\Documents\My Pictures
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\Documents\My Music
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\My Documents
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\Local Settings
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\AppData\Local\History
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\Cookies
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\Application Data
[2012/09/07 13:40:44 | 000,000,000 | -HSD | C] -- C:\Users\Ragerin\AppData\Local\Application Data
[2012/09/07 13:40:44 | 000,000,000 | -H-D | C] -- C:\Users\Ragerin\AppData
[2012/09/07 13:40:44 | 000,000,000 | ---D | C] -- C:\Users\Ragerin\AppData\Local\Temp
[2012/09/07 13:40:44 | 000,000,000 | ---D | C] -- C:\Users\Ragerin\AppData\Local\Microsoft
[2012/09/07 13:40:44 | 000,000,000 | ---D | C] -- C:\Users\Ragerin\AppData\Roaming\Media Center Programs
[2012/09/07 13:40:29 | 000,000,000 | -HSD | C] -- C:\Recovery



I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30103
# Likes # Likes : 0

View user profile

Back to top Go down

Post Reformatting OTL Log Pt 2

Post by timecantkill on 10th September 2012, 4:15 am

========== Files - Modified Within 30 Days ==========

[2012/09/09 17:53:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3591541463-939733331-2142369018-1000UA.job
[2012/09/09 17:52:53 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/09 17:52:53 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/09 17:48:10 | 000,001,091 | ---- | M] () -- C:\Users\Ragerin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/09/09 17:00:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/09 15:53:04 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3591541463-939733331-2142369018-1000Core.job
[2012/09/09 15:44:46 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/09 15:44:46 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/09 15:37:20 | 000,407,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/09 15:36:57 | 2312,134,656 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/07 16:36:46 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/09/07 14:49:55 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012/09/07 14:47:40 | 000,001,407 | ---- | M] () -- C:\Users\Ragerin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/07 14:15:27 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/09/07 14:15:27 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/07 14:15:27 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/07 14:15:27 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/07 14:15:27 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/07 14:15:27 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/09/07 14:15:27 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/09/07 14:15:27 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/09/07 14:15:27 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/09/07 14:15:27 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/07 14:15:27 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/09/07 14:15:27 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/09/07 14:15:27 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/07 14:15:27 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/09/07 14:15:27 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/09/07 14:15:27 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/09/07 14:15:27 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/09/07 14:15:27 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/09/07 14:15:27 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/07 14:15:27 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/09/07 14:15:27 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/09/07 14:15:27 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/09/07 14:15:27 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/09/07 14:15:27 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/09/07 14:15:27 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/09/07 14:15:27 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/09/07 14:15:27 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/09/07 14:15:27 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/09/07 14:15:27 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/09/07 14:15:27 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/09/07 14:15:27 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/07 14:15:27 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/09/07 14:15:27 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/09/07 14:15:27 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/09/07 14:15:27 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/09/07 14:15:27 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/09/07 14:15:27 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/09/07 14:15:27 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

========== Files Created - No Company Name ==========

[2012/09/09 17:48:10 | 000,001,091 | ---- | C] () -- C:\Users\Ragerin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/09/09 15:48:15 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3591541463-939733331-2142369018-1000UA.job
[2012/09/09 15:48:13 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3591541463-939733331-2142369018-1000Core.job
[2012/09/07 16:36:40 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/09/07 16:36:33 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/09/07 16:32:54 | 2312,134,656 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/07 14:47:40 | 000,001,407 | ---- | C] () -- C:\Users\Ragerin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/07 14:15:27 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/09/07 13:41:22 | 000,001,413 | ---- | C] () -- C:\Users\Ragerin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/09/07 13:40:44 | 000,000,290 | ---- | C] () -- C:\Users\Ragerin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/09/07 13:40:44 | 000,000,272 | ---- | C] () -- C:\Users\Ragerin\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.JECITE6ISUBX56PYAZYTPQUZIU\InstallInfo\\ShowIconsCommand: "C:\Users\Ragerin\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.JECITE6ISUBX56PYAZYTPQUZIU\InstallInfo\\HideIconsCommand: "C:\Users\Ragerin\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.JECITE6ISUBX56PYAZYTPQUZIU\InstallInfo\\ReinstallCommand: "C:\Users\Ragerin\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.JECITE6ISUBX56PYAZYTPQUZIU\shell\open\command\\: "C:\Users\Ragerin\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/09/07 14:15:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/09/07 14:15:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/09/07 14:15:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/09/07 14:15:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/09/07 14:15:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.JECITE6ISUBX56PYAZYTPQUZIU\InstallInfo\\ShowIconsCommand: "C:\Users\Ragerin\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.JECITE6ISUBX56PYAZYTPQUZIU\InstallInfo\\HideIconsCommand: "C:\Users\Ragerin\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.JECITE6ISUBX56PYAZYTPQUZIU\InstallInfo\\ReinstallCommand: "C:\Users\Ragerin\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.JECITE6ISUBX56PYAZYTPQUZIU\shell\open\command\\: "C:\Users\Ragerin\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/09/07 14:15:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/09/07 14:15:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/09/07 14:15:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/09/07 14:15:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/09/07 14:15:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/07/06 15:31:59 | 000,393,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\bthport.sys
[2012/09/07 14:49:55 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\system32\drivers\dtsoftbus01.sys
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\ /s >

< %PROGRAMFILES%\*. >
[2012/09/07 14:55:01 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2012/09/07 14:49:55 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
[2009/07/14 03:50:29 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2012/09/07 14:42:59 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2012/09/09 17:48:10 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/07 14:52:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Analysis Services
[2009/07/14 03:50:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2012/09/07 14:54:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/09/07 14:59:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/07/14 00:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/07/14 00:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2012/09/07 14:43:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2012/09/07 14:43:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2012/09/07 14:43:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/14 00:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/07/14 00:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2009/07/14 00:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/07/14 00:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar

< %appdata%\*.* >

< MD5 for: AFD.SYS >
[2011/04/24 22:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\System32\drivers\afd.sys
[2011/04/24 22:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
[2010/11/20 04:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\SoftwareDistribution\Download\4a7f49b3f65af6828820068e5dd598c8\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011/04/24 22:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011/04/24 22:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
[2011/04/24 23:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
[2009/07/13 19:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2012/04/24 00:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2012/04/24 00:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2012/04/24 00:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\System32\cryptsvc.dll
[2012/04/24 00:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
[2009/07/13 21:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 08:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\SoftwareDistribution\Download\4a7f49b3f65af6828820068e5dd598c8\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2012/04/24 00:33:53 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=F522279B4717E2BFF269C771FAC2B78E -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2010/11/20 08:18:33 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=2FE30D71919C51131405797620E0A714 -- C:\Windows\SoftwareDistribution\Download\4a7f49b3f65af6828820068e5dd598c8\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_e3e9e6c8e09b7c76\dnsrslvr.dll
[2011/03/03 01:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=33EF4861F19A0736B11314AAD9AE28D0 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_e3a50618e0cfbec0\dnsrslvr.dll
[2011/03/03 01:29:23 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=B15BE77A2BACF9C3177D27518AFE26A9 -- C:\Windows\System32\dnsrslvr.dll
[2011/03/03 01:29:23 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=B15BE77A2BACF9C3177D27518AFE26A9 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_e1c0a9a6e3a78582\dnsrslvr.dll
[2011/03/03 01:50:46 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=B3A0A4414D8EC1DD28018004CE8DCBEE -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_e28d2873fc92ad7b\dnsrslvr.dll
[2009/07/13 21:15:12 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=D0722E963D3C6145446874241401B209 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_e1b8d300e3acf8dc\dnsrslvr.dll
[2011/03/03 01:12:25 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=F3501CA4E93BF218C71CF9DEECEE838F -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_e431a3c1f9eaaa8f\dnsrslvr.dll

< MD5 for: ES.DLL >
[2012/08/29 22:57:44 | 000,008,728 | ---- | M] () MD5=F01EB2548FC7BAEC80C00941089000DE -- C:\Users\Ragerin\AppData\Local\Google\Chrome\Application\21.0.1180.89\Locales\es.dll
[2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\System32\es.dll
[2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_0cc3f540b311359a\es.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\4a7f49b3f65af6828820068e5dd598c8\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2009/07/13 21:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) MD5=D1A079A0DE2EA524513B6930C24527A2 -- C:\Windows\System32\ipnathlp.dll
[2009/07/13 21:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) MD5=D1A079A0DE2EA524513B6930C24527A2 -- C:\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_04a3b4c9aa9fddd8\ipnathlp.dll

< MD5 for: NETBT.SYS >
[2010/11/20 04:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\SoftwareDistribution\Download\4a7f49b3f65af6828820068e5dd598c8\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys
[2009/07/13 19:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=DD52A733BF4CA5AF84562A5E2F963B91 -- C:\Windows\System32\drivers\netbt.sys
[2009/07/13 19:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=DD52A733BF4CA5AF84562A5E2F963B91 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys

< MD5 for: NETMAN.DLL >
[2009/07/13 21:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\System32\netman.dll
[2009/07/13 21:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_0f9371b9b32368a4\netman.dll

< MD5 for: QMGR.DLL >
[2009/07/13 21:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\System32\qmgr.dll
[2009/07/13 21:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll
[2010/11/20 08:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\SoftwareDistribution\Download\4a7f49b3f65af6828820068e5dd598c8\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll

< MD5 for: RPCSS.DLL >
[2010/11/20 08:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\SoftwareDistribution\Download\4a7f49b3f65af6828820068e5dd598c8\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
[2009/07/13 21:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) MD5=B82CD39E336973359D7C9BF911E8E84F -- C:\Windows\System32\rpcss.dll
[2009/07/13 21:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) MD5=B82CD39E336973359D7C9BF911E8E84F -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/25 00:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011/04/25 00:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009/07/13 21:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010/11/20 08:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\SoftwareDistribution\Download\4a7f49b3f65af6828820068e5dd598c8\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2012/03/30 06:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\System32\drivers\tcpip.sys
[2012/03/30 06:29:05 | 001,287,024 | ---- | M] (Microsoft Corporation) MD5=55E9965552741F3850CB22CBBA9671ED -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_b2f57423c7b8dea8\tcpip.sys
[2011/04/25 02:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2012/03/30 06:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2011/04/25 00:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2012/03/30 05:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2012/03/30 06:08:19 | 001,303,408 | ---- | M] (Microsoft Corporation) MD5=E47C2844A1605A44178F4281E4D58B3D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_b38bb990e0ccc871\tcpip.sys

< MD5 for: TDX.SYS >
[2010/11/20 04:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\SoftwareDistribution\Download\4a7f49b3f65af6828820068e5dd598c8\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[2009/07/13 19:12:11 | 000,074,240 | ---- | M] (Microsoft Corporation) MD5=CB39E896A2A83702D1737BFD402B3542 -- C:\Windows\System32\drivers\tdx.sys
[2009/07/13 19:12:11 | 000,074,240 | ---- | M] (Microsoft Corporation) MD5=CB39E896A2A83702D1737BFD402B3542 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\4a7f49b3f65af6828820068e5dd598c8\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2009/07/13 21:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\drivers\volsnap.sys
[2009/07/13 21:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_29364d30156a24ca\volsnap.sys
[2009/07/13 21:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys
[2010/11/20 08:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\SoftwareDistribution\Download\4a7f49b3f65af6828820068e5dd598c8\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\4a7f49b3f65af6828820068e5dd598c8\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WMISVC.DLL >
[2009/07/13 21:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\System32\wbem\WMIsvc.dll
[2009/07/13 21:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7600.16385_none_a08911f35844b3ff\WMIsvc.dll
[2009/07/13 21:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_a2ba25bb55333799\WMIsvc.dll

< MD5 for: WSCSVC.DLL >
[2009/07/13 21:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16385_none_1a16b3d6136c6bb2\wscsvc.dll
[2009/07/13 21:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_1c47c79e105aef4c\wscsvc.dll
[2010/12/21 01:38:24 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=A661A76333057B383A06E65F0073222F -- C:\Windows\System32\wscsvc.dll
[2010/12/21 01:38:24 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=A661A76333057B383A06E65F0073222F -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16723_none_1a559a62133d85fa\wscsvc.dll
[2010/12/21 01:29:14 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=FC6DB3FF10A271A83A2CAFB340120FC4 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.20862_none_1ab2f7332c7c7c31\wscsvc.dll

< End of report >


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30103
# Likes # Likes : 0

View user profile

Back to top Go down

Post Reformatting Extras Log

Post by timecantkill on 10th September 2012, 4:15 am

OTL Extras logfile created on: 9/9/2012 5:55:11 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Ragerin\Desktop\Scans
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 66.30% Memory free
5.74 Gb Paging File | 4.76 Gb Available in Paging File | 82.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 214.42 Gb Free Space | 92.11% Space Free | Partition Type: NTFS
Drive D: | 2794.49 Gb Total Space | 2584.97 Gb Free Space | 92.50% Space Free | Partition Type: NTFS

Computer Name: MELVINMACHII | User Name: Ragerin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03E6CB66-EE7F-47D7-9435-5749B06C43A1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0822FB90-F040-444D-B840-CA7EF61AFC0E}" = lport=137 | protocol=17 | dir=in | app=system |
"{1CA84CC4-87A9-4EA7-84E5-482A2C0E601D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2D563833-D789-4D18-B0AB-D1356568DE04}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2F009F61-E49C-4128-9912-69008AD45205}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2F699E25-A33D-4EED-9BC5-9CA6A354929E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{35F7F6A8-DCB1-48FB-832B-AE7BA4A7358D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{383D9E6C-55E3-4029-BECF-0F80AD497D04}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E67CE4C-31B9-4BB5-A79F-8A10A2D7D7E5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{424508F6-BF14-42A7-B321-4752E0074EC8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4563E1B0-C1D4-421E-910C-3AAA8BB9231F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A0D2ED9-86EE-4ADD-9C30-EFBFF2A38810}" = lport=138 | protocol=17 | dir=in | app=system |
"{4E39C7E6-CB93-4131-B720-6D640F92B20A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5E58ADCD-75F8-4BE3-A0E1-81962FFDC4BA}" = rport=445 | protocol=6 | dir=out | app=system |
"{7179C8C9-0A30-46A1-9948-14E0B40B4DC3}" = lport=445 | protocol=6 | dir=in | app=system |
"{7460EF1B-995B-43BB-A3CF-DA6C90FE8E83}" = lport=139 | protocol=6 | dir=in | app=system |
"{8AE3BCC4-E08D-4D71-88D1-1EE3E56FA7ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8DE5AF95-ADFF-4D93-9716-CA4F7E14C47E}" = rport=138 | protocol=17 | dir=out | app=system |
"{9051E32B-EABA-403E-A915-125098D3E281}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{910F394A-AA44-4089-BED9-6EED9DE3F210}" = rport=139 | protocol=6 | dir=out | app=system |
"{9376F93D-712E-40FD-8BB2-7217A7EE13D2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{AC4EB675-1658-4DFB-9625-7047A0A194FA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AEE73B88-C099-4AB3-AD1D-2C415DBC3C1D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BC15091A-31B9-41E8-A350-425AC0012013}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C7782EEB-F5BF-4764-B0E6-31DEADACEB5E}" = rport=137 | protocol=17 | dir=out | app=system |
"{CBF3E179-8E8D-4EC4-B2E2-1C5EED29F801}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CE9BBD2F-DC59-41BF-B118-D962E3E477EF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D973B8D6-E197-4640-A2CA-A17871BD2503}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DE9CC366-8C4B-40FB-BB6C-FAE3AA477D73}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E3A9004E-D11C-4CE2-BDF2-28AC35D34C51}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F10D667B-5742-4182-8593-94F7568BB0E3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F84EA58E-E86F-41CF-8B9F-9F9F8D1E21C4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033E61D4-C7F0-453C-86BE-7AD55D0E0D55}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1E7EDF69-2273-467A-922A-A650FEEEFF73}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{217213D7-ACD4-4715-870F-7D420DF860EC}" = dir=in | app=c:\windows\setup\keygen.exe |
"{5202DFEE-0EA0-4D57-BF7B-1F6746ED48AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{68D93E15-480C-48BE-BB87-5627C98864A1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{6A17F0B8-CEEC-4579-9110-EAFBE711B730}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{757C6288-A0FB-4DA5-B2BF-54A02FBB9004}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7FC652A0-72A5-45EC-8783-DEED1AF952A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{868D6B7A-FDD9-4B13-8F29-A1E8C9F9733B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{946900C3-2861-4F53-AABB-8FAA6B3A060E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{96F8E6BA-DC74-4038-9E65-B0C8E2734829}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{97D82ED9-9B15-4F1E-817B-7F2EECADD67A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A04E19B4-53E1-4824-879E-E14DEF4B1521}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A6DF3C2F-D1D5-4388-A3F6-DC58C2F7E68D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B5CC55C4-CF45-4C98-AD81-5FEBE1BB52B7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BB113252-B033-475F-B816-6F5C8158A827}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BCC304B7-4367-4367-A544-221A35601908}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C28C4DAA-69C4-489F-8B26-E579A9DF02D8}" = protocol=6 | dir=out | app=system |
"{D86621C3-5604-4001-B264-054BB6FEEE1D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DB0891CD-2426-4D8D-959A-7B527A7B453A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{B94B7C26-8965-4A20-98D8-876ACC4BE674}" =
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"DAEMON Tools Lite" = DAEMON Tools Lite
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.STANDARD" = Microsoft Office Standard 2010

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3591541463-939733331-2142369018-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/7/2012 1:54:14 PM | Computer Name = MelvinMachII | Source = Windows 7 Loader | ID = 1000
Description =

Error - 9/7/2012 1:54:14 PM | Computer Name = MelvinMachII | Source = Windows 7 Loader | ID = 1000
Description =

Error - 9/7/2012 1:54:14 PM | Computer Name = MelvinMachII | Source = Windows 7 Loader | ID = 1000
Description =

Error - 9/7/2012 1:54:14 PM | Computer Name = MelvinMachII | Source = Windows 7 Loader | ID = 1000
Description =

Error - 9/7/2012 1:54:14 PM | Computer Name = MelvinMachII | Source = Windows 7 Loader | ID = 1000
Description =

Error - 9/7/2012 1:54:14 PM | Computer Name = MelvinMachII | Source = Windows 7 Loader | ID = 1000
Description =

Error - 9/7/2012 1:54:15 PM | Computer Name = MelvinMachII | Source = Windows 7 Loader | ID = 1000
Description =

Error - 9/7/2012 1:54:15 PM | Computer Name = MelvinMachII | Source = Windows 7 Loader | ID = 1000
Description =

Error - 9/7/2012 1:54:15 PM | Computer Name = MelvinMachII | Source = Windows 7 Loader | ID = 1000
Description =

Error - 9/7/2012 1:54:15 PM | Computer Name = MelvinMachII | Source = Windows 7 Loader | ID = 1000
Description =

[ System Events ]
Error - 9/7/2012 1:54:57 PM | Computer Name = MelvinMachII | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 9/7/2012 2:42:41 PM | Computer Name = MelvinMachII | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 9/7/2012 2:45:50 PM | Computer Name = MelvinMachII | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%16405

Error - 9/7/2012 2:48:13 PM | Computer Name = MelvinMachII | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for
Windows 7 (KB2598845).

Error - 9/7/2012 2:48:13 PM | Computer Name = MelvinMachII | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80242016: Update for Windows 7 (KB2703157).

Error - 9/7/2012 2:48:13 PM | Computer Name = MelvinMachII | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80242016: Security Update for Internet Explorer 8 for Windows 7 (KB2544521).


< End of report >


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30103
# Likes # Likes : 0

View user profile

Back to top Go down

Post Reformatting MBAM Log

Post by timecantkill on 10th September 2012, 4:17 am

Malwarebytes Anti-Malware 1.62.0.1300
[You must be registered and logged in to see this link.]

Database version: v2012.09.09.06

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Ragerin :: MELVINMACHII [administrator]

9/9/2012 6:07:54 PM
mbam-log-2012-09-09 (18-07-54).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 410498
Time elapsed: 50 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
C:\Windows\Setup\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
D:\WD SmartWare.swstor\MELVIN\Volume.d4ae8a08.8e8d.11dd.a517.806e6f6e6963\Qoobox\Quarantine\C\Windows\assembly\GAC\Desktop.ini.vir (Trojan.0access) -> Quarantined and deleted successfully.
D:\WD SmartWare.swstor\MELVIN\Volume.d4ae8a08.8e8d.11dd.a517.806e6f6e6963\Qoobox\Quarantine\C\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000004.@.vir (Rootkit.Zaccess) -> Quarantined and deleted successfully.
D:\WD SmartWare.swstor\MELVIN\Volume.d4ae8a08.8e8d.11dd.a517.806e6f6e6963\Qoobox\Quarantine\C\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000008.@.vir (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
D:\WD SmartWare.swstor\MELVIN\Volume.d4ae8a08.8e8d.11dd.a517.806e6f6e6963\Qoobox\Quarantine\C\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\000000cb.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully.
D:\WD SmartWare.swstor\MELVIN\Volume.d4ae8a08.8e8d.11dd.a517.806e6f6e6963\Qoobox\Quarantine\C\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000000.@.vir (Trojan.Small) -> Quarantined and deleted successfully.
D:\WD SmartWare.swstor\MELVIN\Volume.d4ae8a08.8e8d.11dd.a517.806e6f6e6963\Qoobox\Quarantine\C\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000032.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully.
D:\WD SmartWare.swstor\MELVIN\Volume.d4ae8a08.8e8d.11dd.a517.806e6f6e6963\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30103
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by Superdave on 10th September 2012, 10:31 pm

I ended up doing a clean install of Windows 7, so the hard drive was reformatted. I am concerned about that state of the files I backed up on my external and would like to be assured there are no infections among them. Could you give me instructions?
If you did a reformat, those infections which were in quarantine should not have survived. Something didn't go correctly. The files you saved should be scanned with two, good, up-to-date AV's before putting them back on your computer.

To wipe the drive clean, [You must be registered and logged in to see this link.] and reinstall the OS.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by timecantkill on 11th September 2012, 1:26 pm

I thought the eight files that were quarantined were from my external. I had my external hooked up via the D:\ drive when I ran OTL and Malwarebytes.

You can wipe a drive clean and reformat through the installation of an OS right? My friend who helped me run the Windows 7 install said he was doing a reformat of my computer through the installation process. Are you sure it didn't actually reformat (all my files were gone and my harddrive was almost completely free space)? If I have to try to reformat again, I'll have to wait a week until my friend with the installations discs gets back in town.


I have an irrational obsession with pineapples, and I honestly have no idea why.
- Age -

timecantkill
Intermediate
Intermediate

Posts Posts : 88
Joined Joined : 2008-12-07
Gender Gender : Male
OS OS : Vista
Protection Protection : AVG
Points Points : 30103
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by Superdave on 11th September 2012, 11:40 pm

I thought the eight files that were quarantined were from my external. I had my external hooked up via the D:\ drive when I ran OTL and Malwarebytes.
When you're right, you're right.lol
You can wipe a drive clean and reformat through the installation of an OS right? My friend who helped me run the Windows 7 install said he was doing a reformat of my computer through the installation process. Are you sure it didn't actually reformat (all my files were gone and my harddrive was almost completely free space)? If I have to try to reformat again,
No, you're good to go. I thought those files were still on your C drive. Although, I don't know how those files were placed there.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83221
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum