Trojan horse BackDoor.Generic12.BIXF and all the fixins

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by timecantkill on Fri 17 Aug 2012, 11:42 am

So I turned on my laptop today when I got home to find AVG screaming at me every 5 min "multiple threat detection", a full virus vault ever being further filled, and constant messages that an individual threat had been detected. After trying to figure out what was up, all the while moving newly discovered threats to the virus vault and not figuring out whether more than one wuauclt.exe files were legit, I decided it was time to come back to you dudes once again. To give you a head start, here are some of the threats identified and the OTL log; oh, but let me say "thanks" in advance... Thanks:

c:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000032.@ Found Luhe.Sirefef.A
c:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000000.@ Trojan horse Generic_r.BAT
c:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\000000cb.@ Trojan horse BackDoor.Generic15.BIXF
c:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000008.@ Trojan horse Generic28.BZDH
c:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000004.@ Trojan horse BackDoor.Generic15.BIVV
c:\Windows\System32\services.exe Trojan horse Patched_c.LYT




Last edited by timecantkill on Fri 17 Aug 2012, 12:43 pm; edited 2 times in total (Reason for editing : Typos and wrong OTL Log)

timecantkill

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2008-12-07
Operating System : Vista

View user profile

Back to top Go down

Actual OTL Log Pt 1

Post by timecantkill on Fri 17 Aug 2012, 12:31 pm

Oops, disregard that first OTL log. Forgot to use the script >_< I'll post the new one. Also, I noticed that the individual threats being found by AVG increase in recurrence when any browser is open and navigated.

Now, here's a word from our sponsors:

OTL logfile created on: 8/16/2012 8:49:13 PM - Run 5
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Age\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 56.57% Memory free
5.94 Gb Paging File | 4.57 Gb Available in Paging File | 76.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.68 Gb Total Space | 16.97 Gb Free Space | 7.55% Space Free | Partition Type: NTFS

Computer Name: MELVIN | User Name: Age | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/16 20:48:35 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Age\Downloads\OTL(1).com
PRC - [2012/06/11 17:59:44 | 000,335,888 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2012/01/17 21:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/27 20:57:02 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe
PRC - [2008/05/15 20:20:06 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008/05/15 20:20:06 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/04/30 22:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\intel\WiFi\bin\EvtEng.exe
PRC - [2008/04/30 22:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/29 00:48:08 | 000,098,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
PRC - [2008/04/02 14:07:56 | 000,147,456 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2008/04/02 14:07:54 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008/04/02 14:07:38 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008/03/03 17:45:48 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2008/02/22 20:38:50 | 000,122,880 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2008/02/22 20:38:50 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2009/04/11 02:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/30 22:22:34 | 000,057,344 | ---- | M] () -- C:\Program Files\Common Files\Intel\WirelessCommon\CustomUIResource.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2012/08/16 19:31:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/22 11:25:27 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/11 17:59:44 | 000,335,888 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm)
SRV - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/05/27 20:57:02 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/05/15 20:20:06 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/04/30 22:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/04/30 22:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/04/29 00:48:08 | 000,098,304 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkHDMIService)
SRV - [2008/04/02 14:07:58 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/04/02 14:07:56 | 000,147,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2008/04/02 14:07:54 | 000,184,320 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/04/02 14:07:38 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/03/04 23:58:30 | 000,063,328 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/03/04 23:56:42 | 000,350,048 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/03/04 23:54:50 | 000,104,288 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/03/03 17:45:48 | 000,333,088 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008/03/03 16:27:14 | 000,087,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2007/11/28 05:08:02 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2007/11/28 05:02:20 | 000,053,248 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2007/11/28 04:43:44 | 000,053,248 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2007/11/09 20:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/06/05 16:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Symioenr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Age\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011/05/27 19:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/08/26 15:48:16 | 000,011,264 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpGmb001.sys -- (HpGmb001)
DRV - [2008/06/12 04:23:08 | 000,113,152 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/05/12 20:05:19 | 003,537,408 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/28 09:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/04/27 21:19:55 | 000,142,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008/04/22 18:43:36 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/04/15 20:04:24 | 000,046,592 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/04/15 20:04:12 | 000,068,096 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/02/22 20:38:50 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/30 20:33:28 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/01/24 22:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/12/16 21:57:23 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/05/26 04:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/04/10 01:02:18 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT25USBAP.SYS -- (RT25USBAP)
DRV - [2005/05/27 05:46:20 | 000,913,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302AV.SYS -- (PID_08A0)
DRV - [2005/05/27 05:37:58 | 000,007,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 05:31:26 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2003/09/26 05:53:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes,DefaultScope = {CF739809-1C6C-47C0-85B9-569DBB141420}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = BF 3E 66 01 84 34 F3 43 A7 2C 7A 21 79 E4 2F 37 [binary data]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{2B68F2F3-3342-4A2A-81CA-8072852D359E}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.12514
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.5.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.4
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Age\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Age\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Age\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Age\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/02 20:00:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox [2012/02/05 18:35:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/22 11:25:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/14 19:05:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009/04/27 02:14:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{78D0CB9C-B2B9-48FC-ACF8-BEC50DBA6E70}: C:\Users\Age\AppData\Local\{78D0CB9C-B2B9-48FC-ACF8-BEC50DBA6E70}
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/22 11:25:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/14 19:05:22 | 000,000,000 | ---D | M]

[2008/12/22 17:21:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Age\AppData\Roaming\Mozilla\Extensions
[2012/07/11 19:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Age\AppData\Roaming\Mozilla\Firefox\Profiles\ukp2bmba.default\extensions
[2011/07/04 16:32:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Age\AppData\Roaming\Mozilla\Firefox\Profiles\ukp2bmba.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/04 16:32:07 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Age\AppData\Roaming\Mozilla\Firefox\Profiles\ukp2bmba.default\extensions\searchrecs@veoh.com
[2011/11/27 19:37:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/16 19:31:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/04/14 19:01:51 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
[2012/02/05 18:35:42 | 000,000,000 | ---D | M] ("RewardsArcade") -- C:\USERS\AGE\APPDATA\LOCAL\REWARDSARCADE\498\FIREFOX
[2012/07/11 19:31:13 | 000,163,080 | ---- | M] () (No name found) -- C:\USERS\AGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UKP2BMBA.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
[2012/07/22 11:25:28 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/11 19:14:08 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/16 22:28:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/16 22:28:31 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: [You must be registered and logged in to see this link.]
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: [You must be registered and logged in to see this link.]
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Age\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Age\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Age\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Age\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Age\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: VeohTV Plugin (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
CHR - plugin: Veoh Web Player Beta (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RewardsArcade = C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\
CHR - Extension: AVG Safe Search = C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Skype Click to Call = C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Skype Click to Call = C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

O1 HOSTS File: ([2011/08/26 19:04:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (RewardsArcade) - {597A9974-8CB0-4f41-B61F-ED065738A397} - C:\Program Files\RewardsArcade\RewardsArcade.dll (215 Apps)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\Windows\System32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [VMpTtray.exe] C:\Program Files\Sony\VAIO Media plus\VMpTtray.exe (Sony Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\system32\wshbth.dll File not found
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27AEC3A7-2ED6-4AFA-846E-65C3FDF6E729}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B63D4277-F1AC-4553-BD51-22515EA3DCA6}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Age\Documents\The KMPlayer\Capture\[Nutbladder]_Arakawa_Under_the_Bridge_×2_-_01_[5ef65288][00-22-46].JPG
O24 - Desktop BackupWallPaper: C:\Users\Age\Documents\The KMPlayer\Capture\[Nutbladder]_Arakawa_Under_the_Bridge_×2_-_01_[5ef65288][00-22-46].JPG
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk - - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^Age^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Aim - hkey= - key= - C:\Program Files\AIM\aim.exe (AOL Inc.)
MsConfig - StartUpReg: AML - hkey= - key= - C:\Program Files\Sony\VAIO Launcher\AML.exe (Sony)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: ISBMgr.exe - hkey= - key= - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: OpwareSE4 - hkey= - key= - C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SmartWiHelper - hkey= - key= - C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: VAIO Help and Support Demo - hkey= - key= - C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe ()
MsConfig - StartUpReg: VAIOMyMemCenter - hkey= - key= - C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe ()
MsConfig - StartUpReg: VAIORegistration - hkey= - key= - C:\Program Files\Sony\First Experience\WelcomeLauncher.exe (Sony Electronics, Inc.)
MsConfig - StartUpReg: VAIOSurvey - hkey= - key= - C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe ()
MsConfig - StartUpReg: VeohPlugin - hkey= - key= - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
MsConfig - StartUpReg: VWLASU - hkey= - key= - C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - StartUpReg: WrtMon.exe - hkey= - key= - File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8DB6C24B-0719-4D0E-983E-2B790EAA908B} - Browser Customizations
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/16 20:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/16 20:26:30 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 20:26:30 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 20:03:02 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/16 19:56:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-11734941-2268584939-366143686-1000UA.job
[2012/08/16 19:31:15 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/16 19:31:15 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/16 18:32:58 | 000,002,068 | ---- | M] () -- C:\Users\Age\Desktop\Google Chrome.lnk
[2012/08/16 18:32:58 | 000,002,030 | ---- | M] () -- C:\Users\Age\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/16 18:30:41 | 104,052,063 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/16 18:28:22 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/16 18:26:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/16 18:26:12 | 3082,850,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/12 23:56:08 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/08/12 23:56:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-11734941-2268584939-366143686-1000Core.job
[2012/08/11 17:42:55 | 000,381,460 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/08/08 18:41:45 | 000,411,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/06 19:39:18 | 000,174,133 | ---- | M] () -- C:\Users\Age\Desktop\Florida Discount Drug Card.jpg
[2012/08/04 22:58:37 | 000,034,816 | ---- | M] () -- C:\Users\Age\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/25 22:59:27 | 000,607,616 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/25 22:59:27 | 000,105,224 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/21 13:32:05 | 000,000,680 | ---- | M] () -- C:\Users\Age\AppData\Local\d3d9caps.dat
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/16 20:50:10 | 000,092,672 | ---- | C] () -- C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000032.@
[2012/08/16 19:46:09 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000000.@
[2012/08/16 19:45:54 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\000000cb.@
[2012/08/16 19:45:53 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000004.@
[2012/08/16 19:42:34 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000008.@
[2012/08/06 19:39:18 | 000,174,133 | ---- | C] () -- C:\Users\Age\Desktop\Florida Discount Drug Card.jpg
[2012/07/11 18:22:54 | 000,000,680 | ---- | C] () -- C:\Users\Age\AppData\Local\d3d9caps.dat
[2012/06/17 17:27:13 | 000,034,816 | ---- | C] () -- C:\Users\Age\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/11 21:08:18 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/01/10 19:21:07 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\@
[2011/10/21 00:45:06 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2011/03/31 23:00:32 | 000,000,048 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/03/31 22:05:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/31 22:05:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/31 22:05:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/31 22:05:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/31 22:05:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/14 23:34:18 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/02/14 23:31:19 | 000,053,248 | ---- | C] () -- C:\Windows\System32\InstMed.exe
[2010/12/26 22:51:55 | 000,014,484 | ---- | C] () -- C:\Users\Age\.recently-used.xbel
[2008/11/14 23:00:32 | 000,000,494 | -H-- | C] () -- C:\Users\Age\AppData\Roaming\wklnhst.dat

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >


timecantkill

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2008-12-07
Operating System : Vista

View user profile

Back to top Go down

Actual OTL Log Pt 2

Post by timecantkill on Fri 17 Aug 2012, 12:32 pm

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/22 11:25:25 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/22 11:25:25 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/22 11:25:25 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/22 11:25:28 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/22 11:25:28 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/22 11:25:28 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Age\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Age\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Age\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Age\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/28 18:29:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/28 18:29:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/28 18:29:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/22 11:25:25 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/22 11:25:25 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/22 11:25:25 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/22 11:25:28 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/22 11:25:28 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/22 11:25:28 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Age\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Age\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Age\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Age\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/28 18:29:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/28 18:29:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/28 18:29:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/06/04 11:26:04 | 000,440,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecdd.sys

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2012/04/29 11:12:27 | 000,083,074 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists
[2012/06/06 19:53:34 | 000,000,004 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
[2012/06/06 19:53:33 | 000,029,296 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Local State
[2012/04/29 11:10:25 | 007,132,592 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom
[2012/04/29 11:10:25 | 002,038,053 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Filter 2
[2012/06/06 19:52:12 | 000,006,144 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies
[2012/06/06 19:52:12 | 000,001,544 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal
[2012/04/29 11:10:25 | 000,134,356 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Safe Browsing Csd Whitelist
[2012/04/29 11:10:24 | 001,423,768 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Safe Browsing Download
[2012/04/29 11:10:25 | 000,014,108 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Safe Browsing Download Whitelist
[2012/06/06 19:53:33 | 000,061,440 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Archived History
[2012/06/06 19:53:33 | 000,016,384 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Archived History-journal
[2011/06/23 19:18:28 | 000,000,505 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
[2011/06/23 19:18:28 | 000,000,505 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
[2012/06/06 19:53:33 | 000,050,176 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cookies
[2012/06/06 19:53:33 | 000,014,960 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
[2012/06/06 19:53:33 | 000,010,807 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Current Session
[2012/06/06 19:53:33 | 000,009,743 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
[2012/02/06 23:46:34 | 000,007,168 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
[2012/06/06 19:53:33 | 000,047,104 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Favicons
[2012/06/06 19:53:33 | 000,016,384 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
[2012/04/28 14:55:16 | 000,150,798 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
[2012/06/06 19:53:33 | 000,122,880 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History
[2012/06/06 19:53:33 | 001,626,112 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-02
[2012/06/06 19:53:33 | 000,016,384 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-02-journal
[2012/04/28 14:58:49 | 000,331,776 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-03
[2012/06/06 19:52:21 | 000,110,592 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-04
[2012/06/06 19:52:21 | 000,016,384 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-04-journal
[2012/06/06 19:52:21 | 000,053,248 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-06
[2012/06/06 19:52:21 | 000,016,384 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-06-journal
[2012/06/06 19:53:33 | 000,003,039 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
[2012/06/06 19:53:33 | 000,016,384 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History-journal
[2012/04/29 11:30:02 | 000,341,305 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Last Session
[2012/04/29 11:30:02 | 000,013,052 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
[2012/04/29 11:30:00 | 000,012,288 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Login Data
[2012/06/06 19:52:04 | 000,017,408 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
[2012/06/06 19:52:04 | 000,006,704 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal
[2012/06/06 19:53:33 | 000,047,014 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Preferences
[2012/06/06 19:52:40 | 000,013,312 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
[2012/06/06 19:52:40 | 000,003,608 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal
[2012/06/06 19:53:02 | 000,000,180 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\README
[2012/04/29 11:06:26 | 000,012,288 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
[2012/06/06 19:52:21 | 000,065,536 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Top Sites
[2012/06/06 19:52:21 | 000,016,384 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
[2011/09/09 20:24:01 | 000,131,072 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Visited Links
[2012/06/06 19:52:03 | 000,081,920 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Web Data
[2012/06/06 19:52:03 | 000,004,624 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
[2012/06/06 19:53:33 | 000,155,648 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
[2012/06/06 19:53:33 | 003,153,920 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
[2012/06/06 19:53:33 | 003,153,920 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
[2012/06/06 19:53:33 | 008,396,800 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
[2012/03/03 13:48:02 | 000,024,502 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000409
[2012/03/03 13:48:02 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00040a
[2012/03/03 13:48:09 | 001,781,747 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00040b
[2012/03/03 13:48:13 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00040c
[2012/03/03 13:48:40 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00040d
[2012/03/03 13:49:21 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00040e
[2012/03/03 13:50:11 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00040f
[2012/03/03 13:50:48 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000410
[2012/03/03 13:51:26 | 000,578,700 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000411
[2012/03/03 13:52:34 | 000,022,175 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000412
[2012/03/03 13:52:35 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000413
[2012/03/03 13:52:57 | 014,132,004 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000414
[2012/03/03 13:57:56 | 000,023,438 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000415
[2012/03/03 13:57:56 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000416
[2012/03/03 14:01:39 | 013,283,313 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000417
[2012/03/03 14:03:14 | 000,021,589 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000419
[2012/03/03 14:03:14 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00041a
[2012/03/03 14:03:17 | 001,781,747 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00041b
[2012/03/03 14:03:18 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00041c
[2012/03/03 14:03:45 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00041d
[2012/03/03 14:04:19 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00041e
[2012/03/03 14:04:51 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00041f
[2012/03/03 14:05:29 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000420
[2012/03/03 14:06:04 | 000,479,628 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000421
[2012/03/03 14:07:04 | 000,021,555 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000422
[2012/03/03 14:07:05 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000423
[2012/03/03 14:10:20 | 021,538,611 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000424
[2012/03/03 14:11:35 | 000,021,703 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000425
[2012/03/03 14:11:36 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000426
[2012/03/03 14:11:54 | 015,364,183 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000427
[2012/03/03 14:14:24 | 000,024,933 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000428
[2012/03/03 14:14:54 | 000,022,171 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000429
[2012/03/03 14:14:55 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00042a
[2012/03/03 14:17:58 | 010,928,723 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00042b
[2012/03/03 14:19:32 | 000,020,171 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00042c
[2012/03/03 14:19:33 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00042d
[2012/03/03 14:22:09 | 009,728,254 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00042e
[2012/03/03 14:23:29 | 000,020,069 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00042f
[2012/03/03 14:23:30 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000430
[2012/03/03 14:23:46 | 001,781,747 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000431
[2012/03/03 14:24:05 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000432
[2012/03/03 14:24:47 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000433
[2012/03/03 14:25:51 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000434
[2012/03/03 14:26:03 | 000,928,898 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000435
[2012/03/03 14:29:01 | 001,039,254 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000436
[2012/03/03 14:30:17 | 000,020,593 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000437
[2012/03/03 14:30:18 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000438
[2012/03/03 14:33:36 | 008,647,795 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000439
[2012/03/03 14:34:25 | 000,022,482 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00043a
[2012/03/03 14:35:22 | 000,019,524 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00043b
[2012/03/03 14:35:23 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00043c
[2012/03/03 14:38:00 | 005,171,717 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00043d
[2012/03/03 14:39:28 | 000,020,191 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00043e
[2012/03/03 14:39:29 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00043f
[2012/03/03 14:42:12 | 005,991,631 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000440
[2012/03/03 14:43:52 | 000,020,919 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000441
[2012/03/03 14:43:53 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000442
[2012/03/03 14:46:51 | 006,482,329 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000443
[2012/03/03 14:48:23 | 000,022,003 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000444
[2012/03/03 14:48:24 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000445
[2012/03/03 14:48:29 | 001,781,747 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000446
[2012/03/03 14:48:32 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000447
[2012/03/03 14:48:35 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000448
[2012/03/03 14:48:38 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000449
[2012/03/03 14:49:03 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00044a
[2012/03/03 14:49:18 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00044b
[2012/03/03 14:49:34 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00044c
[2012/03/03 14:50:08 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00044d
[2012/03/03 14:50:31 | 000,019,832 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00044e
[2012/03/03 14:50:32 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00044f
[2012/03/03 14:50:36 | 001,781,747 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000450
[2012/03/03 14:50:46 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000451
[2012/03/03 14:50:49 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000452
[2012/03/03 14:50:58 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000453
[2012/03/03 14:51:05 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000454
[2012/03/03 14:51:09 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000455
[2012/03/03 14:51:17 | 000,208,654 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000456
[2012/03/03 14:52:09 | 000,020,079 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000457
[2012/03/03 14:52:09 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000458
[2012/03/03 14:55:01 | 007,015,776 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000459
[2012/03/03 14:56:22 | 000,022,617 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00045b
[2012/03/03 14:56:22 | 000,021,379 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00045c
[2012/03/03 14:56:22 | 000,084,673 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00045d
[2012/03/03 14:56:26 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00045e
[2012/03/03 15:00:26 | 000,020,075 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00045f
[2012/03/03 15:00:27 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000460
[2012/03/03 15:00:28 | 000,016,860 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000461
[2012/03/03 15:00:30 | 001,034,100 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000462
[2012/03/03 15:00:44 | 000,020,216 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000463
[2012/03/03 15:00:44 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000464
[2012/03/03 15:00:50 | 001,781,747 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000465
[2012/03/03 15:00:52 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000466
[2012/03/03 15:01:02 | 000,652,334 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000467
[2012/03/03 15:02:04 | 000,022,996 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000468
[2012/03/03 15:02:05 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000469
[2012/03/03 15:02:17 | 001,781,747 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00046a
[2012/03/03 15:02:23 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00046b
[2012/03/03 15:42:19 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00046d
[2012/03/03 15:42:22 | 000,022,818 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00046e
[2012/03/03 15:42:22 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00046f
[2012/03/03 15:42:26 | 002,330,057 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000470
[2012/03/03 15:43:20 | 002,667,369 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000471
[2012/03/03 15:43:55 | 000,019,664 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000472
[2012/03/03 15:43:56 | 001,535,558 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000473
[2012/03/03 15:44:36 | 001,870,727 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000475
[2012/03/03 15:44:50 | 000,021,898 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000476
[2012/03/03 15:44:54 | 000,177,609 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000477
[2012/04/28 14:58:44 | 000,143,233 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000479
[2012/04/28 14:58:45 | 000,028,693 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00047a
[2012/04/28 15:03:25 | 000,020,716 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00047c
[2012/04/28 15:04:40 | 000,024,223 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00047d
[2012/04/29 11:01:27 | 000,031,368 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000480
[2012/04/29 11:15:45 | 000,033,229 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000482
[2012/04/29 11:22:29 | 000,037,413 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000483
[2012/04/29 11:28:35 | 000,037,562 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000484
[2012/04/29 11:28:41 | 000,017,511 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000485
[2012/06/06 19:52:08 | 000,028,181 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000486
[2012/06/06 19:52:11 | 000,023,155 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000487
[2012/06/06 19:52:12 | 000,144,541 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000488
[2012/06/06 19:52:14 | 000,022,241 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000489
[2012/06/06 19:52:14 | 000,030,286 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00048a
[2012/06/06 19:52:15 | 000,050,444 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00048b
[2012/06/06 19:52:15 | 000,059,407 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00048c
[2012/06/06 19:52:15 | 000,086,324 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00048d
[2012/06/06 19:52:15 | 000,045,080 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00048e
[2012/06/06 19:52:15 | 000,039,077 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00048f
[2012/06/06 19:52:15 | 000,028,024 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000490
[2012/06/06 19:52:15 | 000,027,073 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000491
[2012/06/06 19:52:15 | 000,222,912 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000492
[2012/06/06 19:52:16 | 000,054,994 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000493
[2012/06/06 19:52:18 | 000,047,623 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000494
[2011/06/23 19:18:33 | 000,262,512 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\index
[2012/04/28 15:04:40 | 000,007,168 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db
[2012/06/06 19:52:17 | 000,009,216 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dcmagccbogebndpoodhhhafmofelpffh_0\1
[2012/06/06 19:53:11 | 000,129,024 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dcmagccbogebndpoodhhhafmofelpffh_0\2
[2012/03/03 04:24:48 | 000,006,144 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dcmagccbogebndpoodhhhafmofelpffh_0\3
[2011/07/17 21:02:15 | 000,000,244 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Default\ehhaablgillbcmknndffkpcfafecplmb\manifest.json
[2012/04/28 15:04:38 | 000,002,197 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\background.html
[2012/04/28 15:04:38 | 000,013,028 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\background.js
[2012/04/28 15:04:38 | 000,006,274 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\extension.js
[2012/04/28 15:04:39 | 000,001,307 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\manifest.json
[2012/04/28 15:04:38 | 000,000,000 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\popup.html
[2012/04/28 15:04:39 | 000,016,538 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\icons\icon128.png
[2012/04/28 15:04:39 | 000,000,782 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\icons\icon16.png
[2012/04/28 15:04:39 | 000,003,552 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\icons\icon48.png
[2012/04/28 15:04:38 | 000,001,859 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\icons\actions\icon1.png
[2012/04/28 15:04:38 | 000,005,069 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\icons\notifications\icon1.png
[2012/04/28 15:04:38 | 000,004,063 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\icons\notifications\icon48.png
[2012/04/28 15:04:38 | 000,031,160 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\background.js
[2012/04/28 15:04:38 | 000,002,921 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\api\chrome.js
[2012/04/28 15:04:38 | 000,003,921 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\api\cookie.js
[2012/04/28 15:04:38 | 000,001,047 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\api\message.js
[2012/04/28 15:04:38 | 000,001,073 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\api\push.js
[2012/04/28 15:04:38 | 000,004,196 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\lib\app_api.js
[2012/04/28 15:04:38 | 000,002,558 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\lib\async_api.js
[2012/04/28 15:04:38 | 000,001,812 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\lib\bg_app_api.js
[2012/04/28 15:04:38 | 000,003,718 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\lib\cookie_store.js
[2012/04/28 15:04:38 | 000,005,585 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\lib\data_store.js
[2012/04/28 15:04:38 | 000,023,402 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\lib\faye-browser-min.js
[2012/04/28 15:04:38 | 000,001,864 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\lib\util.js
[2012/02/06 23:46:36 | 000,001,766 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\background.html
[2012/02/06 23:46:45 | 000,000,984 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\manifest.json
[2012/02/06 23:46:36 | 000,006,273 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\avgls-inline.js
[2012/02/06 23:46:36 | 000,013,424 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\flyover.js
[2012/02/06 23:46:36 | 000,001,302 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\interstitial-block.html
[2012/02/06 23:46:36 | 000,078,768 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\jquery-1.4.4.min.js
[2012/02/06 23:46:36 | 000,094,224 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\searchengine.js
[2012/02/06 23:46:36 | 000,013,513 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\searchshield.js
[2012/02/06 23:46:45 | 000,016,328 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\128x128.png
[2012/02/06 23:46:45 | 000,000,790 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\16x16.png
[2012/02/06 23:46:45 | 000,004,310 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\48x48.png
[2012/02/06 23:46:36 | 000,006,455 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\64x64.png
[2012/02/06 23:46:36 | 000,000,303 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_middle_gray.gif
[2012/02/06 23:46:36 | 000,000,610 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_middle_green.gif
[2012/02/06 23:46:36 | 000,000,773 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_middle_orange.gif
[2012/02/06 23:46:36 | 000,001,332 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_middle_red.gif
[2012/02/06 23:46:36 | 000,000,974 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_middle_yellow.gif
[2012/02/06 23:46:36 | 000,000,303 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_top_gray.gif
[2012/02/06 23:46:36 | 000,000,159 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_top_green.gif
[2012/02/06 23:46:36 | 000,000,204 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_top_orange.gif
[2012/02/06 23:46:36 | 000,000,959 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_top_red.gif
[2012/02/06 23:46:36 | 000,000,217 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_top_yellow.gif
[2012/02/06 23:46:36 | 000,001,932 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\block-doc.gif
[2012/02/06 23:46:36 | 000,000,394 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\blocked.gif
[2012/02/06 23:46:36 | 000,001,060 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\blocked12.png
[2012/02/06 23:46:36 | 000,000,333 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_bottom_gray.gif
[2012/02/06 23:46:36 | 000,000,454 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_bottom_green.gif
[2012/02/06 23:46:36 | 000,000,617 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_bottom_orange.gif
[2012/02/06 23:46:36 | 000,000,099 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_bottom_red.gif
[2012/02/06 23:46:36 | 000,000,626 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_bottom_yellow.gif
[2012/02/06 23:46:36 | 000,000,471 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_top_gray.gif
[2012/02/06 23:46:36 | 000,000,820 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_top_green.gif
[2012/02/06 23:46:36 | 000,000,446 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_top_orange.gif
[2012/02/06 23:46:36 | 000,000,484 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_top_red.gif
[2012/02/06 23:46:36 | 000,000,336 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_top_yellow.gif
[2012/02/06 23:46:36 | 000,000,339 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\box_bottom_red.gif
[2012/02/06 23:46:36 | 000,000,520 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\box_top_red.gif
[2012/02/06 23:46:36 | 000,000,364 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\caution.gif
[2012/02/06 23:46:36 | 000,000,523 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\caution12.png
[2012/02/06 23:46:36 | 000,000,586 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\click_here_gray.gif
[2012/02/06 23:46:36 | 000,001,418 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\click_here_green.gif
[2012/02/06 23:46:36 | 000,001,268 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\click_here_orange.gif
[2012/02/06 23:46:36 | 000,001,333 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\click_here_red.gif
[2012/02/06 23:46:36 | 000,001,368 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\click_here_yellow.gif
[2012/02/06 23:46:36 | 000,002,455 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\clock.gif
[2012/02/06 23:46:36 | 000,000,429 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\clock12.png
[2012/02/06 23:46:37 | 000,002,229 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\icons_blocked.gif
[2012/02/06 23:46:37 | 000,002,364 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\icons_caution.gif
[2012/02/06 23:46:37 | 000,000,613 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\icons_close.gif
[2012/02/06 23:46:37 | 000,002,314 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\icons_safe.gif
[2012/02/06 23:46:37 | 000,001,662 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\icons_unknown.gif
[2012/02/06 23:46:37 | 000,002,344 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\icons_warning.gif
[2012/02/06 23:46:37 | 000,001,683 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\LS_Logo_Results.gif
[2012/02/06 23:46:37 | 000,000,362 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\safe.gif
[2012/02/06 23:46:37 | 000,000,564 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\safe12.png
[2012/02/06 23:46:37 | 000,000,389 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\unknown.gif
[2012/02/06 23:46:37 | 000,004,322 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\vrsn-secured-lsfo.gif
[2012/02/06 23:46:37 | 000,000,374 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\warning.gif
[2012/02/06 23:46:37 | 000,000,555 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\warning12.png
[2012/02/06 23:46:36 | 001,752,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins\avgnpss.dll
[2012/02/06 23:46:36 | 001,859,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins\avgxpl.dll
[2012/02/06 23:46:36 | 000,004,580 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\background.html
[2012/02/06 23:46:36 | 000,006,629 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\change_sink.js
[2012/02/06 23:46:36 | 000,012,288 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\contentscript.js
[2012/02/06 23:46:36 | 000,013,660 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\document_iterator.js
[2012/02/06 23:46:36 | 000,005,122 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\dropdown_menu_icon_set.png
[2012/02/06 23:46:36 | 000,010,968 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\find_proxy.js
[2012/02/06 23:46:36 | 000,033,313 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\flags.gif
[2012/02/06 23:46:36 | 000,004,223 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\get_html_text.js
[2012/02/06 23:46:36 | 000,002,865 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\global_constants.js
[2012/02/06 23:46:45 | 000,000,834 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\manifest.json
[2012/02/06 23:46:36 | 000,001,984 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\name_injection_builder.js
[2012/02/06 23:46:36 | 003,975,840 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
[2012/02/06 23:46:36 | 000,001,024 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\numbers_common_active_icon_set.gif
[2012/02/06 23:46:36 | 000,000,977 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\numbers_common_inactive_icon_set.gif
[2012/02/06 23:46:36 | 000,001,134 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\numbers_free_icon_set.gif
[2012/02/06 23:46:36 | 000,010,099 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\number_injection_builder.js
[2012/02/06 23:46:36 | 000,000,831 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\skype.png
[2012/02/06 23:46:36 | 000,001,876 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\skype_name_icon_set.gif
[2012/02/06 23:46:37 | 000,000,134 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\space.gif
[2012/02/06 23:46:37 | 000,009,935 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\string_finder.js
[2012/06/06 19:52:04 | 000,004,580 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\background.html
[2012/06/06 19:52:04 | 000,006,682 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\change_sink.js
[2012/06/06 19:52:04 | 000,012,288 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\contentscript.js
[2012/06/06 19:52:04 | 000,013,752 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\document_iterator.js
[2012/06/06 19:52:04 | 000,005,122 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\dropdown_menu_icon_set.png
[2012/06/06 19:52:04 | 000,011,057 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\find_proxy.js
[2012/06/06 19:52:04 | 000,033,313 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\flags.gif
[2012/06/06 19:52:04 | 000,004,251 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\get_html_text.js
[2012/06/06 19:52:04 | 000,002,880 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\global_constants.js
[2012/06/06 19:52:05 | 000,000,834 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\manifest.json
[2012/06/06 19:52:05 | 000,002,002 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\name_injection_builder.js
[2012/06/06 19:52:05 | 004,002,976 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
[2012/06/06 19:52:05 | 000,001,024 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\numbers_common_active_icon_set.gif
[2012/06/06 19:52:05 | 000,000,977 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\numbers_common_inactive_icon_set.gif
[2012/06/06 19:52:05 | 000,001,134 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\numbers_free_icon_set.gif
[2012/06/06 19:52:05 | 000,010,147 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\number_injection_builder.js
[2012/06/06 19:52:05 | 000,000,831 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\skype.png
[2012/06/06 19:52:05 | 000,001,876 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\skype_name_icon_set.gif
[2012/06/06 19:52:05 | 000,000,134 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\space.gif
[2012/06/06 19:52:05 | 000,010,000 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\string_finder.js
[2012/06/06 19:53:12 | 000,003,072 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dcmagccbogebndpoodhhhafmofelpffh_0.localstorage
[2012/02/06 23:46:34 | 000,005,120 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lifbcibllhkdhoafpjfnlhfpfgnpldfl_0.localstorage
[2011/09/09 20:22:05 | 000,005,120 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.facebook.com_0.localstorage
[2011/09/09 20:21:10 | 000,005,120 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps4u2.conduitapps.com_0.localstorage
[2012/02/06 23:47:46 | 000,003,072 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d3lvr7yuk4uaui.cloudfront.net_0.localstorage
[2011/09/09 20:21:10 | 000,005,120 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_dl.gameplaylabs.com_0.localstorage
[2012/02/06 23:46:58 | 000,009,216 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.facebook.com_0.localstorage
[2012/02/06 23:47:43 | 000,009,216 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.google.com_0.localstorage
[2012/03/03 15:42:27 | 000,003,072 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.youtube.com_0.localstorage
[2012/03/03 15:44:54 | 000,045,056 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_0
[2012/03/03 15:44:54 | 000,270,336 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_1
[2012/03/03 14:56:23 | 000,008,192 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_2
[2012/03/03 14:56:23 | 000,008,192 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_3
[2012/03/03 14:56:27 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000001
[2012/03/03 14:56:28 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000002
[2012/03/03 14:56:39 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000003
[2012/03/03 14:56:57 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000004
[2012/03/03 14:57:12 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000005
[2012/03/03 14:57:30 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000006
[2012/03/03 14:57:41 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000007
[2012/03/03 14:57:45 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000008
[2012/03/03 14:58:02 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000009
[2012/03/03 14:58:18 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000a
[2012/03/03 14:58:30 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000b
[2012/03/03 14:58:46 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000c
[2012/03/03 14:58:56 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000d
[2012/03/03 14:59:08 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000e
[2012/03/03 14:59:17 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000f
[2012/03/03 14:59:26 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000010
[2012/03/03 14:59:26 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000011
[2012/03/03 14:59:42 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000012
[2012/03/03 14:59:59 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000013
[2012/03/03 14:59:59 | 000,049,564 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000014
[2012/03/03 14:56:23 | 000,262,512 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\index
[2011/06/23 19:18:30 | 000,000,000 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css
[2012/04/28 15:01:22 | 000,100,864 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.1\libEGL.dll
[2012/04/28 15:01:22 | 004,052,480 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.1\libGLESv2.dll
[2012/04/28 15:01:22 | 000,000,202 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.1\manifest.json


timecantkill

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2008-12-07
Operating System : Vista

View user profile

Back to top Go down

Actual OTL Log Pt 3

Post by timecantkill on Fri 17 Aug 2012, 12:33 pm

< %USERPROFILE%\AppData\Local\ /s >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %PROGRAMFILES%\*. >
[2010/08/30 21:25:52 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/07/04 16:31:14 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2011/07/04 16:31:21 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2011/07/04 16:31:21 | 000,000,000 | ---D | M] -- C:\Program Files\Apoint
[2011/07/04 16:31:21 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2008/07/08 04:36:10 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2011/12/12 21:24:12 | 000,000,000 | ---D | M] -- C:\Program Files\Auslogics
[2010/12/04 19:14:38 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2011/07/04 16:39:00 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/05/30 22:06:20 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2008/07/08 04:38:27 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2012/06/17 15:20:40 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/06/18 13:51:50 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2008/07/08 04:16:33 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2011/07/04 16:31:35 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2008/06/18 13:48:07 | 000,000,000 | ---D | M] -- C:\Program Files\Dolby
[2011/08/02 21:21:01 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Flick
[2011/04/06 00:28:44 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2011/07/04 16:31:35 | 000,000,000 | ---D | M] -- C:\Program Files\Firestarter Game
[2009/04/19 21:12:59 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2011/07/04 16:31:37 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/06/09 15:41:09 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2012/01/30 21:58:36 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2011/07/04 16:31:43 | 000,000,000 | ---D | M] -- C:\Program Files\HP_Vista_SF_Ph1
[2012/02/26 21:10:19 | 000,000,000 | ---D | M] -- C:\Program Files\ICCup
[2011/08/04 00:28:33 | 000,000,000 | ---D | M] -- C:\Program Files\ImgBurn
[2011/08/03 23:38:58 | 000,000,000 | ---D | M] -- C:\Program Files\InfraRecorder
[2012/01/30 22:01:52 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/07/08 04:38:23 | 000,000,000 | ---D | M] -- C:\Program Files\intel
[2012/07/12 03:25:52 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/07/08 04:37:56 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2008/07/08 04:06:46 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2011/07/04 16:31:45 | 000,000,000 | ---D | M] -- C:\Program Files\iPhone Configuration Utility
[2011/03/17 19:36:27 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/07/04 16:31:45 | 000,000,000 | ---D | M] -- C:\Program Files\IPv6Patch
[2011/07/04 16:31:45 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/09/11 19:14:05 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/07/04 16:31:46 | 000,000,000 | ---D | M] -- C:\Program Files\Last.fm
[2012/06/20 20:33:44 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2011/07/04 16:31:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/09/04 04:00:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/12/10 16:01:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/07/04 16:31:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Suite Activation Assistant
[2012/05/12 10:42:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/11/17 16:55:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/02/24 21:58:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/02/24 21:52:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2011/07/04 16:31:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/25 04:01:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/13 19:52:18 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2012/07/22 11:25:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2012/07/24 22:21:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service
[2009/02/24 21:59:11 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/03/10 17:24:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2011/02/10 23:10:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/07/08 04:17:59 | 000,000,000 | ---D | M] -- C:\Program Files\OCA Marker
[2008/07/08 04:01:05 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2012/07/04 17:20:50 | 000,000,000 | ---D | M] -- C:\Program Files\PeerBlock
[2011/01/08 16:17:24 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2008/06/18 13:45:56 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2012/02/05 18:35:41 | 000,000,000 | ---D | M] -- C:\Program Files\RewardsArcade
[2009/09/01 18:00:47 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
[2012/02/29 22:58:26 | 000,000,000 | ---D | M] -- C:\Program Files\SCtheabyss
[2012/05/16 19:31:21 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2008/07/08 04:39:34 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2008/07/08 03:59:51 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Corporation
[2012/02/26 21:40:00 | 000,000,000 | ---D | M] -- C:\Program Files\Starcraft
[2009/04/24 16:11:14 | 000,000,000 | ---D | M] -- C:\Program Files\Tencent
[2011/12/17 14:49:32 | 000,000,000 | ---D | M] -- C:\Program Files\The KMPlayer
[2006/11/02 09:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/04/27 02:14:40 | 000,000,000 | ---D | M] -- C:\Program Files\Veoh Networks
[2012/04/28 15:44:48 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon
[2012/04/28 15:42:23 | 000,000,000 | ---D | M] -- C:\Program Files\VERIZONDM
[2012/02/05 18:35:22 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze
[2008/06/18 13:49:17 | 000,000,000 | ---D | M] -- C:\Program Files\WIDCOMM
[2010/04/14 18:24:41 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2010/04/14 18:24:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2010/04/14 18:24:27 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2012/05/12 12:06:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011/03/31 00:32:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2012/04/13 03:04:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2011/02/23 20:54:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/04/14 18:24:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2010/04/18 18:01:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2010/04/14 18:24:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/06/17 21:21:01 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2011/09/25 15:57:34 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2009/07/15 15:31:01 | 000,000,494 | -H-- | M] () -- C:\Users\Age\AppData\Roaming\wklnhst.dat

< MD5 for: AFD.SYS >
[2011/04/21 09:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys
[2011/04/21 09:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011/04/21 09:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2011/04/21 09:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2008/01/20 22:24:17 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2009/04/11 00:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2011/04/21 09:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2008/01/20 22:24:35 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
[2012/04/23 12:00:53 | 000,133,120 | ---- | M] (Microsoft Corporation) MD5=75C6A297E364014840B48ECCD7525E30 -- C:\Windows\System32\cryptsvc.dll
[2012/04/23 12:00:53 | 000,133,120 | ---- | M] (Microsoft Corporation) MD5=75C6A297E364014840B48ECCD7525E30 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18618_none_77e34ec697f67015\cryptsvc.dll
[2012/04/23 10:48:06 | 000,135,168 | ---- | M] (Microsoft Corporation) MD5=C979AEA8C4D8F875CD25507D08980006 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.22840_none_78447b63b1339621\cryptsvc.dll
[2009/04/11 02:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\ERDNT\cache\cryptsvc.dll
[2009/04/11 02:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2011/03/02 10:25:54 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=1FF4F12AF03AA5DAFE05F6937E497193 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.22866_none_e23149269ba22ef6\dnsrslvr.dll
[2009/04/11 02:28:18 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=30A08728740E71947AE1E073B5CE69B4 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6002.18005_none_e3cdf5e97f7b2eb7\dnsrslvr.dll
[2011/03/02 10:49:43 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=4805D9A6D281C7A7DEFD9094DEC6AF7D -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18611_none_e1d8b89f8260879d\dnsrslvr.dll
[2011/03/02 11:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=57D762F6F5974AF0DA2BE88A3349BAAA -- C:\Windows\System32\dnsrslvr.dll
[2011/03/02 11:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=57D762F6F5974AF0DA2BE88A3349BAAA -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6002.18416_none_e3c42ddf7f82589b\dnsrslvr.dll
[2011/03/02 14:19:46 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=9BC2EB15BB0E08579536AC47D7C6F92A -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6002.22600_none_e4529ac0989d4191\dnsrslvr.dll
[2008/01/20 22:24:26 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=F5A0F1DA1ED8B429597E71D27D976E31 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b\dnsrslvr.dll

< MD5 for: ES.DLL >
[2008/04/19 04:27:37 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=131B7E46A7ACD49CB56BB03917A76DE3 -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.20818_none_0b8e318c6db592d2\es.dll
[2008/04/18 01:48:39 | 000,269,312 | ---- | M] (Microsoft Corporation) MD5=3CB3343D720168B575133A0A20DC2465 -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18057_none_0cbe918751dfdd3f\es.dll
[2009/04/11 02:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=67058C46504BC12D821F38CF99B7B28F -- C:\Windows\ERDNT\cache\es.dll
[2009/04/11 02:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=67058C46504BC12D821F38CF99B7B28F -- C:\Windows\System32\es.dll
[2009/04/11 02:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=67058C46504BC12D821F38CF99B7B28F -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6002.18005_none_0ed918294edf6b75\es.dll
[2008/04/18 01:30:29 | 000,269,312 | ---- | M] (Microsoft Corporation) MD5=776D75AF432C598068CC933C7421171B -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.22162_none_0d385cf46b0a1a47\es.dll
[2012/08/14 00:29:58 | 000,008,728 | ---- | M] () MD5=7AD37261A349BE597C2E4C58B093B63D -- C:\Users\Age\AppData\Local\Google\Chrome\Application\21.0.1180.79\Locales\es.dll
[2008/04/19 04:13:07 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=7B4971C3D43525175A4EA0D143E0412E -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.16677_none_0ac2b30954c98430\es.dll
[2012/08/07 02:42:39 | 000,008,728 | ---- | M] () MD5=DA1DB7B22439EEFAF1AF12F32164772C -- C:\Users\Age\AppData\Local\Google\Chrome\Application\21.0.1180.75\Locales\es.dll
[2008/01/20 22:24:11 | 000,262,144 | ---- | M] (Microsoft Corporation) MD5=F4BF4FA769DB51B106D2B4B35256988B -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18000_none_0ced9f1d51bda029\es.dll

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 22:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2008/01/20 22:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) MD5=E1499BD0FF76B1B2FBBF1AF339D91165 -- C:\Windows\System32\ipnathlp.dll
[2008/01/20 22:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) MD5=E1499BD0FF76B1B2FBBF1AF339D91165 -- C:\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.0.6001.18000_none_04cd5ea6494c4867\ipnathlp.dll

< MD5 for: NETBT.SYS >
[2008/01/20 22:24:59 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
[2009/04/11 00:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\System32\drivers\netbt.sys
[2009/04/11 00:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys

< MD5 for: NETMAN.DLL >
[2008/01/20 22:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) MD5=C8052711DAECC48B982434C5116CA401 -- C:\Windows\ERDNT\cache\netman.dll
[2008/01/20 22:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) MD5=C8052711DAECC48B982434C5116CA401 -- C:\Windows\System32\netman.dll
[2008/01/20 22:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) MD5=C8052711DAECC48B982434C5116CA401 -- C:\Windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.0.6001.18000_none_0fbd1b9651cfd333\netman.dll

< MD5 for: QMGR.DLL >
[2008/01/20 22:25:00 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2009/04/11 02:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\ERDNT\cache\qmgr.dll
[2009/04/11 02:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\System32\qmgr.dll
[2009/04/11 02:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll

< MD5 for: RPCSS.DLL >
[2009/03/03 00:39:32 | 000,551,424 | ---- | M] (Microsoft Corporation) MD5=301AE00E12408650BADDC04DBC832830 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll
[2008/01/20 22:24:06 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=33FB1F0193EE2051067441492D56113C -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll
[2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=3B5B4D53FEC14F7476CA29A20CC31AC9 -- C:\Windows\ERDNT\cache\rpcss.dll
[2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=3B5B4D53FEC14F7476CA29A20CC31AC9 -- C:\Windows\System32\rpcss.dll
[2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=3B5B4D53FEC14F7476CA29A20CC31AC9 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll
[2009/03/03 00:32:23 | 000,551,424 | ---- | M] (Microsoft Corporation) MD5=4DFCBDEF3CCAA98F99038DED78945253 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll
[2009/03/03 00:19:41 | 000,549,888 | ---- | M] (Microsoft Corporation) MD5=7B981222A257D076885BFFB66F19B7CE -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll
[2009/03/03 00:17:45 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=B1BB45E24717A7F790B4411C4446EF5E -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll

< MD5 for: SERVICES.EXE >
[2008/01/20 22:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=8737764F4FD36D6808EE80578409C843 -- C:\Windows\System32\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\ERDNT\cache\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2008/04/26 04:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009/04/11 02:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2011/09/20 17:02:55 | 000,913,280 | ---- | M] (Microsoft Corporation) MD5=16731B631F28F63CD9F4CB60940E7DDD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_b58c64c97caa1c43\tcpip.sys
[2009/08/15 17:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009/08/14 13:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2011/06/17 16:13:55 | 000,905,104 | ---- | M] (Microsoft Corporation) MD5=2756186E287139310997090797E0182B -- C:\Windows\ERDNT\cache\tcpip.sys
[2011/06/17 16:13:55 | 000,905,104 | ---- | M] (Microsoft Corporation) MD5=2756186E287139310997090797E0182B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18484_none_b4b2134c63c9c70f\tcpip.sys
[2012/03/30 08:39:11 | 000,905,600 | ---- | M] (Microsoft Corporation) MD5=27D470DABC77BC60D0A3B0E4DEB6CB91 -- C:\Windows\System32\drivers\tcpip.sys
[2012/03/30 08:39:11 | 000,905,600 | ---- | M] (Microsoft Corporation) MD5=27D470DABC77BC60D0A3B0E4DEB6CB91 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18604_none_b50896786388e1d5\tcpip.sys
[2010/02/18 07:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010/02/18 10:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009/08/14 10:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2010/02/18 10:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010/02/18 08:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2010/06/16 11:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2009/08/14 12:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2011/06/17 16:13:55 | 000,913,296 | ---- | M] (Microsoft Corporation) MD5=6647FCE6FC4970DAAFE5C64C794513D3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22662_none_b54f51417cd8f970\tcpip.sys
[2010/06/16 12:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010/06/16 11:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2011/09/20 17:02:55 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=814A1C66FBD4E1B310A517221F1456BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_b502c618638c7f52\tcpip.sys
[2008/04/26 04:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009/08/14 13:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010/02/18 13:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010/06/16 12:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2010/02/18 10:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2012/03/30 08:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22828_none_b58096797cb31c04\tcpip.sys
[2008/01/20 22:25:03 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009/08/14 12:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: TDX.SYS >
[2009/04/11 00:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\System32\drivers\tdx.sys
[2009/04/11 00:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys
[2008/01/20 22:24:53 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=D09276B1FAB033CE1D40DCBDF303D10F -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys

< MD5 for: USERINIT.EXE >
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2006/11/02 05:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008/01/20 22:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/20 22:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/01/20 22:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008/01/20 22:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/20 22:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WMISVC.DLL >
[2008/01/20 22:24:59 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=00B79A7C984678F24CF052E5BEB3A2F5 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.0.6001.18000_none_a0b2bbcff6f11e8e\WMIsvc.dll
[2009/04/11 02:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) MD5=6B2A1D0E80110E3D04E6863C6E62FD8A -- C:\Windows\System32\wbem\WMIsvc.dll
[2009/04/11 02:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) MD5=6B2A1D0E80110E3D04E6863C6E62FD8A -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.0.6002.18005_none_a29e34dbf412e9da\WMIsvc.dll

< MD5 for: WSCSVC.DLL >
[2009/04/11 02:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=1CA6C40261DDC0425987980D0CD2AAAB -- C:\Windows\System32\wscsvc.dll
[2009/04/11 02:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=1CA6C40261DDC0425987980D0CD2AAAB -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.0.6002.18005_none_1c2bd6beaf3aa18d\wscsvc.dll
[2008/01/20 22:23:39 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=683DD16B590372F2C9661D277F35E49C -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.0.6001.18000_none_1a405db2b218d641\wscsvc.dll

========== Files - Unicode (All) ==========
[2012/05/30 21:17:01 | 004,708,624 | ---- | M] ()(C:\Users\Age\Documents\"????????".mp3) -- C:\Users\Age\Documents\"待ち合わせの途中".mp3
[2012/05/30 21:16:23 | 004,708,624 | ---- | C] ()(C:\Users\Age\Documents\"????????".mp3) -- C:\Users\Age\Documents\"待ち合わせの途中".mp3

< End of report >

timecantkill

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2008-12-07
Operating System : Vista

View user profile

Back to top Go down

Extras Log Pt 1

Post by timecantkill on Fri 17 Aug 2012, 12:34 pm

OTL Extras logfile created on: 8/16/2012 8:49:13 PM - Run 5
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Age\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 56.57% Memory free
5.94 Gb Paging File | 4.57 Gb Available in Paging File | 76.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.68 Gb Total Space | 16.97 Gb Free Space | 7.55% Space Free | Partition Type: NTFS

Computer Name: MELVIN | User Name: Age | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200
"{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}" = Vz In Home Agent
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CA49C4E-7B1C-460c-9DB8-4A7160CDF8D1}" = ProductContext
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0F052922-4BCE-4763-A540-00857554336D}" = Redist
"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
"{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}" = Canon MF Toolbox 4.9.1.1.mf04
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
"{1DEF8B27-D75B-4f2a-B723-C506047D1438}" = K8600
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{24176A21-AFC8-3DCC-A2BB-901734AA64B9}" = Google Talk Plugin
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{27A2ABE9-E4C4-45DD-B9A8-CEEEE380E7E1}" = VAIO Content Metadata Intelligent Analyzing Manager
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3A98125E-B0AC-47E4-80D7-75DF75B13AA1}" = BPDSoftware_Ini
"{3BDDF462-8A95-4C50-86DA-4D41F3483EA5}" = Canon MF Toolbox 4.9.1.1.mf04
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}" = Adobe InDesign CS
"{44B44E0E-B7F8-45D2-9B1F-B073D337A097}" = BPD_HPSU
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B8AB184-EE5E-4277-BB68-C352BE13DD7B}" = 8600_Help
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69B078F7-E057-4488-AE6B-CB7BBEEE8DA6}" = HP Officejet Pro K8600 Series
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{757CC5BA-BF08-46A5-8D10-64C6FDF659C6}" = VAIO Content Metadata Manager Setting
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A367C28-423C-48E2-8C76-EBA1171F932A}" = Adobe Photoshop Album 2.0
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D10D317-F8E0-4493-99AE-F6ADBB223553}" = BPDSoftware
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C71059E-6DDD-4958-9251-7A5F865B6BA0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4399CF4-7A3F-4E84-B763-AD352640203D}" = VAIO Content Metadata XML Interface Library
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAB0F8F5-282A-45F1-B31A-EB894827456B}" = MPM
"{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO Wireless Wizard
"{BE2DDF55-4C42-44CC-A56E-C8E4A65CB2FF}" = IHA_MessageCenter
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C8FC7066-4457-4365-9BDF-4E439BF703C8}" = AVG 2011
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CC56A2CB-EC09-4175-B8BD-93E2440D410B}" = VAIO Content Metadata Manager Setting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFB61C36-61C9-46E9-8AA3-6E5A896AC989}" = 8600_Readme
"{D06F5884-B439-440B-A58D-6C057C2FF8EB}" = Click to Disc
"{D0AE373E-C276-432B-9A95-F8DD356A8242}" = VAIO Movie Story
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D90507A2-6183-497D-9075-951DC80362DA}" = VAIO Media plus
"{DB3A97C0-EEC1-43FE-AB56-E2EA972CF111}" = 1600
"{DD929BD3-5D41-4407-BE04-119B4A631869}" = Canon MF Toolbox 4.9.1.1.mf04
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEBA60A3-7CDE-48D7-993D-7C68663AEE68}" = VAIO Content Metadata Intelligent Analyzing Manager
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1D25278-B51A-4163-BC3D-20A4D2D09F98}" = VAIO My Memory Center
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E533E637-FB3E-4F28-8B18-449CC9AB7235}" = AVG 2011
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA79DC46-98B0-4A26-A76F-448A032E5E4D}" = 1600Trb
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F485E43D-18B1-4B40-AF4B-EDA78E91DA80}" = Dolby Control Center
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F5DAFD10-6E61-49BF-B3C5-5AA9AF3A0863}" = Verizon Download Manager
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FACD3674-FC12-4B6C-A923-E1D687704E9B}" = VAIO Content Metadata XML Interface Library
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEA5A8ED-93A1-44EE-9A7D-43103DB3F78D}" = 1600_Help
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AIM_7" = AIM 7
"AVG" = AVG 2011
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"DVD Flick_is1" = DVD Flick 1.3.0.7
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 8.0
"ICCup Launcher_is1" = ICCup Launcher
"ImgBurn" = ImgBurn
"InfraRecorder" = InfraRecorder
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00
"LastFM_is1" = Last.fm 1.5.4.27091
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProInst" = Intel PROSet Wireless
"QcDrv" = Logitech® Camera Driver
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Starcraft" = Starcraft
"The KMPlayer" = The KMPlayer (remove only)
"Veoh Web Player Beta" = Veoh Web Player
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome
"RewardsArcade" = RewardsArcade

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/16/2012 7:13:12 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00067410, process id 0x56c, application start time
0x01cd7c04b4f04658.

Error - 8/16/2012 7:13:17 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00067410, process id 0x14a4, application start time
0x01cd7c04b7c0c3a8.

Error - 8/16/2012 7:21:44 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00067467, process id 0x1758, application start time
0x01cd7c05e6750b18.

Error - 8/16/2012 7:21:47 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00067410, process id 0x10a0, application start time
0x01cd7c05e82b0818.

Error - 8/16/2012 7:35:45 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00067410, process id 0x16c8, application start time
0x01cd7c07db4d4a78.

Error - 8/16/2012 7:35:48 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00067410, process id 0x16f0, application start time
0x01cd7c07dd1fd7f8.

Error - 8/16/2012 7:37:33 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x0006742d, process id 0x1028, application start time
0x01cd7c081bf3ace8.

Error - 8/16/2012 7:37:36 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00067410, process id 0x1578, application start time
0x01cd7c081de23e48.

Error - 8/16/2012 8:14:07 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00067410, process id 0x1fc8, application start time
0x01cd7c0d37691260.

Error - 8/16/2012 8:14:10 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00067410, process id 0x19c0, application start time
0x01cd7c0d39515a60.

[ OSession Events ]
Error - 5/25/2010 1:49:20 AM | Computer Name = Melvin | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 305784
seconds with 420 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/12/2012 5:23:40 PM | Computer Name = Melvin | Source = PlugPlayManager | ID = 12
Description = The device 'Optiarc DVD RW AD-7560A USB Device' (USBSTOR\CdRom&Ven_Optiarc&Prod_DVD_RW_AD-7560A&Rev_DS04\F76000019BEF&0)
disappeared from the system without first being prepared for removal.

Error - 8/12/2012 6:37:07 PM | Computer Name = Melvin | Source = PlugPlayManager | ID = 12
Description = The device 'USB Mass Storage Device' (USB\VID_054C&PID_0377\F76000019BEF)
disappeared from the system without first being prepared for removal.

Error - 8/12/2012 6:37:07 PM | Computer Name = Melvin | Source = PlugPlayManager | ID = 12
Description = The device 'Optiarc DVD RW AD-7560A USB Device' (USBSTOR\CdRom&Ven_Optiarc&Prod_DVD_RW_AD-7560A&Rev_DS04\F76000019BEF&0)
disappeared from the system without first being prepared for removal.

Error - 8/12/2012 8:43:26 PM | Computer Name = Melvin | Source = PlugPlayManager | ID = 12
Description = The device 'USB Mass Storage Device' (USB\VID_054C&PID_0377\F76000019BEF)
disappeared from the system without first being prepared for removal.

Error - 8/12/2012 8:43:26 PM | Computer Name = Melvin | Source = PlugPlayManager | ID = 12
Description = The device 'Optiarc DVD RW AD-7560A USB Device' (USBSTOR\CdRom&Ven_Optiarc&Prod_DVD_RW_AD-7560A&Rev_DS04\F76000019BEF&0)
disappeared from the system without first being prepared for removal.

Error - 8/16/2012 6:27:41 PM | Computer Name = Melvin | Source = Service Control Manager | ID = 7024
Description =

Error - 8/16/2012 6:27:41 PM | Computer Name = Melvin | Source = Service Control Manager | ID = 7000
Description =

Error - 8/16/2012 6:27:41 PM | Computer Name = Melvin | Source = Service Control Manager | ID = 7000
Description =

Error - 8/16/2012 6:27:41 PM | Computer Name = Melvin | Source = Service Control Manager | ID = 7000
Description =

Error - 8/16/2012 6:29:03 PM | Computer Name = Melvin | Source = Service Control Manager | ID = 7022
Description =


< End of report >

timecantkill

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2008-12-07
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by timecantkill on Sun 19 Aug 2012, 2:26 pm

bump

timecantkill

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2008-12-07
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by Superdave on Tue 21 Aug 2012, 12:13 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
The log also show that you only have 7.55% free space on your hard drive. Windows require 15% or more to operate efficiently. You will need to free up more space(33.6 Gb). You can do this by transferring music, videos, pictures and other important data to an external harddrive or DVD's. You can use RW's because they are re-usable. You can also uninstall any programs no longer used or needed.
************************************************************************
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:
:OTL

IE - HKLM\..\SearchScopes,DefaultScope = {CF739809-1C6C-47C0-85B9-569DBB141420}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q={searchTerms}&crm=1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2B68F2F3-3342-4A2A-81CA-8072852D359E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\..\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=SOLTDF&pc=SOLTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q={searchTerms}&crm=1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.11.3.15590
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q="
O2 - BHO: (RewardsArcade) - {597A9974-8CB0-4f41-B61F-ED065738A397} - C:\Program Files\RewardsArcade\RewardsArcade.dll (215 Apps)

:folders
C:\Program Files\RewardsArcade

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
**************************************************************
Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply
*************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Issues with OTL

Post by timecantkill on Sun 26 Aug 2012, 6:29 am

Sorry it took me a week to get back to this; I don't have much free time during the work week.

I'm running OTL Version 3.2.22.3 and every time I try to Run Fix using the code you gave me above, OTL goes into a Not Responding state and remains that way for hours, never actually resuming or finishing. What do you suggest I do? I could move onto the other instructions you gave me, but I believe OTL needs to run its fix first.

timecantkill

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2008-12-07
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by Superdave on Sun 26 Aug 2012, 6:35 am

Please move on to the other scans. We can come back to OTL later.

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

aswMBR log

Post by timecantkill on Mon 27 Aug 2012, 2:03 pm

By the time aswMBR finished, the user interface on my computer had really taken a turn for the worse. I couldn't save the log; I couldn't even open My Computer, Documents or any other folders while attempting to pull up Task Manager would just turn my screen black for an unlimited amount of time until I hit Esc. So this is what was shown in the aswMBR window; I just typed it up manually. Hopefully, after a reboot, I'll be able to run the other two scans.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-26 12:06:18
-----------------------------
12:06:18.310 OS Version: Windows 6.0.6002 Service Pack 2
12:06:18.311 Number of processors: 2 586 0x1706
12:06:18.312 ComputerName: MELVIN UserName: Age
12:06:20.867 Initialize success
12:06:27.141 AVAST engine defs: 12082500
12:06:36.907 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:06:36.907 Disk 0 Vendor: FUJITSU_ 0000 Size: 238475MB BusType: 3
12:06:36.907 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006c
12:06:36.922 Disk 1 Vendor: RICOH 01 Size: 238475MB BusType: 0
12:06:36.922 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006d
12:06:36.922 Disk 2 Vendor: RICOH 02 Size: 238475MB BusType: 0
12:06:36.969 Disk 0 MBR read successfully
12:06:36.985 Disk 0 MBR scan
12:06:36.985 Disk 0 Windows VISTA default MBR code
12:06:37.016 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8401 MB offset 2048
12:06:37.031 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 230072 MB offset 17207296
12:06:37.047 Disk 0 scanning sectors +488395120
12:06:37.156 Disk 0 scanning C:\Windows\system32\drivers
12:07:05.762 Service scanning
12:07:44.635 Modules scanning
12:07:57.667 Disk 0 trace - called modules:
12:07:57.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
12:07:57.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ba5968]
12:07:57.687 3 CLASSPNP.SYS[8afa38b3] -> nt!IofCallDriver -> [0x86059700]
12:07:57.697 5 acpi.sys[806946bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8606b028]
12:07:59.511 AVAST engine scan C:\
21.58.25.360 Scan finished successfully

timecantkill

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2008-12-07
Operating System : Vista

View user profile

Back to top Go down

SuperAntiSpyware log

Post by timecantkill on Mon 27 Aug 2012, 11:28 pm

Well, my computer isn't doing much better after a reboot. There was nothing found or quarantined by SuperAntiSpyware and due to this it didn't come up with the white box for me to verify that everything has a checked box beside it nor did it prompt me to restart. I'll run the next scan when I get home today...

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 08/27/2012 at 04:33 AM

Application Version : 5.0.1128

Core Rules Database Version : 0
Trace Rules Database Version: 0

Scan type : Complete Scan
Total Scan Time : 05:24:14

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned : 753
Memory threats detected : 0
Registry items scanned : 545
Registry threats detected : 0
File items scanned : 252385
File threats detected : 0

timecantkill

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2008-12-07
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by Superdave on Tue 28 Aug 2012, 6:25 am

Please boot in Safe mode and run the MBAM scan to see if it runs better in Safe mode.

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

MBAM log

Post by timecantkill on Tue 28 Aug 2012, 3:47 pm

Malwarebytes Anti-Malware 1.62.0.1300
[You must be registered and logged in to see this link.]

Database version: v2012.08.25.04

Windows Vista Service Pack 2 x86 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
Age :: MELVIN [administrator]

8/27/2012 8:24:13 PM
mbam-log-2012-08-27 (20-24-13).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 442790
Time elapsed: 1 hour(s), 24 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 12
HKCR\CLSID\{25514C64-8321-494e-BD3E-3DBAB3F8CEBA} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\CLSID\{597A9974-8CB0-4f41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\RewardsArcade.BHO.1 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\RewardsArcade.FBApi (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\RewardsArcade.FBApi.1 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\TypeLib\{60BE6B2E-F2F5-4404-AA1E-4381D4A6EEA2} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\Age\AppData\Local\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\n. -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 29
C:\Program Files\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.

Files Detected: 112
C:\Program Files\ICCup\Launcher\iccwc3.icc (PUP.GameTool) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\RewardsArcade.dll (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\RewardsArcade.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\Uninstall.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\UserConfirmation.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\appAPIinternalWrapper.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\fb.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\jquery.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\json.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\icon128.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\panelarrow-up.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\popup.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\popup.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\popup_binding.xml (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon128.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\panelarrow-up.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup_binding.xml (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000000.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

timecantkill

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2008-12-07
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by Superdave on Wed 29 Aug 2012, 10:30 am

Please try to boot in Normal Mode and run the MBAM scan again. Post the log if anything is found.

Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

MBAM log 2

Post by timecantkill on Wed 29 Aug 2012, 11:17 pm

Here is the new MBAM log. I will run combofix when I get home from work. Also, yesterday I ran a new OTL scan before MBAM. I can post that if you'd like.

Malwarebytes Anti-Malware 1.62.0.1300
[You must be registered and logged in to see this link.]

Database version: v2012.08.25.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Age :: MELVIN [administrator]

8/28/2012 11:11:45 PM
mbam-log-2012-08-28 (23-11-45).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 446385
Time elapsed: 2 hour(s), 22 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Delete on reboot.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000000.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

timecantkill

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2008-12-07
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by Superdave on Thu 30 Aug 2012, 9:52 am

I really want to see the ComboFix log along with the log from this scanner.


  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

ComboFix Log

Post by timecantkill on Thu 30 Aug 2012, 10:47 am

I'm pretty sure ComboFix took longer than 15 min and AVG 2011 kicked back on.. the bastard. Anyway, here is the log. I"m going to try and uninstall AVG so I can run the scan uninterrupted.

ComboFix 12-08-29.03 - Age 08/29/2012 19:15:56.7.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1668 [GMT -4:00]
Running from: C:\Users\Age\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DFR46B8.tmp
C:\Windows\assembly\GAC\Desktop.ini
C:\Windows\system32\drivers\etc\hosts.ics
C:\Windows\system32\SET8346.tmp
C:\Windows\TEMP\logishrd\LVPrcInj01.dll

Infected copy of C:\Windows\system32\Services.exe was found and disinfected
Restored copy from - C:\ComboFix\HarddiskVolumeShadowCopy9_!Windows!ERDNT!cache!services.exe


((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-29 )))))))))))))))))))))))))))))))

timecantkill

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2008-12-07
Operating System : Vista

View user profile

Back to top Go down

ComboFix Log 2

Post by timecantkill on Thu 30 Aug 2012, 11:42 am

Below is the log with AVG uninstalled. Time to reinstall and run the next scan.

ComboFix 12-08-29.03 - Age 08/29/2012 20:14:36.8.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1852 [GMT -4:00]
Running from: c:\users\Age\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\@
c:\windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\L\00000004.@
c:\windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000004.@
c:\windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000008.@
c:\windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\000000cb.@
c:\windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000000.@
c:\windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000032.@
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
---- Previous Run -------
.
C:\DFR46B8.tmp
c:\windows\assembly\GAC\Desktop.ini
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\SET8346.tmp
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
-- Previous Run --
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!ERDNT!cache!services.exe
.
--------
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-30 )))))))))))))))))))))))))))))))
.
.
2012-08-30 00:21 . 2012-08-30 00:27 -------- d-----w- c:\users\Age\AppData\Local\temp
2012-08-30 00:21 . 2012-08-30 00:21 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-30 00:21 . 2012-08-30 00:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-25 16:28 . 2012-08-25 16:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-25 16:28 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-25 16:22 . 2012-08-25 16:22 -------- d-----w- c:\users\Age\AppData\Roaming\SUPERAntiSpyware.com
2012-08-25 16:22 . 2012-08-25 16:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-25 16:22 . 2012-08-25 16:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-16 22:40 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 23:31 . 2012-06-17 19:01 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-16 23:31 . 2011-05-26 22:41 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 16:47 . 2012-07-11 22:39 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 22:39 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 22:39 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-21 00:43 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 00:43 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 00:42 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 00:42 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 00:43 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 00:43 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 00:42 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 00:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-21 00:42 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 00:04 . 2012-07-11 22:39 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 22:39 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-22 15:25 . 2011-04-14 23:05 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VMpTtray.exe"="c:\program files\Sony\VAIO Media plus\VMpTtray.exe" [2008-03-09 86016]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-29 6111232]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-12 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-12 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-12 141848]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-05-27 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-12-01 206120]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start [You must be registered and logged in to see this link.] [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-05-16 00:20 98304 ------w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
backup=c:\windows\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Age^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Age\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2011-01-05 17:11 4321112 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AML]
2008-03-26 22:48 1093632 ----a-w- c:\program files\Sony\VAIO Launcher\AML.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 23:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2008-04-04 03:03 317280 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 19:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 06:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 17:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2008-04-29 04:48 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartWiHelper]
2008-06-27 20:45 77824 ----a-w- c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 18:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Help and Support Demo]
2007-08-28 01:54 290816 ----a-w- c:\program files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOMyMemCenter]
2008-02-29 20:39 679936 ----a-w- c:\program files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIORegistration]
2007-10-17 22:40 20480 ----a-w- c:\program files\Sony\First Experience\WelcomeLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2007-07-20 22:30 577536 ----a-w- c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-04-03 19:23 3558648 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VWLASU]
2008-02-19 19:25 24576 ----a-w- c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe]
2006-09-20 13:35 20480 ------w- c:\windows\System32\spool\drivers\w32x86\3\WrtMon.exe
.
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-17 23:31]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-12 19:18]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-12 19:18]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-11734941-2268584939-366143686-1000Core.job
- c:\users\Age\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-23 23:17]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-11734941-2268584939-366143686-1000UA.job
- c:\users\Age\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-23 23:17]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local;
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Age\AppData\Roaming\Mozilla\Firefox\Profiles\ukp2bmba.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
AddRemove-QcDrv - c:\program files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-08-29 20:27
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(7988)
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\RtkAudioService.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\VERIZONDM\bin\sprtsvc.exe
c:\program files\VERIZONDM\bin\tgsrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Sony\VAIO Power Management\SPMService.exe
c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-08-29 20:32:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-30 00:32
ComboFix2.txt 2011-08-26 23:08
ComboFix3.txt 2011-05-20 04:46
ComboFix4.txt 2011-04-01 02:55
ComboFix5.txt 2012-08-29 23:13
.
Pre-Run: 39,612,039,168 bytes free
Post-Run: 39,440,097,280 bytes free
.
- - End Of File - - 300F49DE198086662FD01ABB47A1CCB2

timecantkill

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2008-12-07
Operating System : Vista

View user profile

Back to top Go down

RogueKiller Log

Post by timecantkill on Thu 30 Aug 2012, 11:53 am

I decided to run RogueKiller before reinstalling AVG; I may actually wait to reinstall since AVG has caused issues with ComboFix and other programs before. On to the main course:

RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: [You must be registered and logged in to see this link.]
Blog: [You must be registered and logged in to see this link.]

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Age [Admin rights]
Mode : Scan -- Date : 08/29/2012 20:48:17

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] RTKAUDIOSERVICE.EXE -- C:\Windows\RtkAudioService.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[TASK][SUSP PATH] winupd : C:\Users\Age\AppData\Local\Temp:winupd.exe -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\L --> FOUND
[ZeroAccess][FOLDER] U : C:\Users\Age\AppData\Local\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Users\Age\AppData\Local\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\L --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHY2250BH +++++
--- User ---
[MBR] 9ed614e0d7cc22ade83606f28eb9ea27
[BSP] 2427c8b7cb8673cf6fa49edb04d9c982 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 8401 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 17207296 | Size: 230072 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt




timecantkill

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2008-12-07
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by Superdave on Fri 31 Aug 2012, 10:48 am

Download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

      Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt


  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button.
  • type exit and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by timecantkill on Fri 31 Aug 2012, 1:36 pm

I'm in the Advanced Boot Options and there is no "Repair your computer" menu item. There is the following: Safe Mode, Safe Mode with Networking, Safe Mode with Command Prompt, Enable Boot Logging, Enable low-resolution video (640x480), Last Known Good Configuration (advanced), Directory Services Restore Mode, Debugging Mode, Disable automatic restart on system failure, Disable Driver Signature Enforcement, and Start Windows Normally. If I had to guess, I would say that Directory Services Restore Mode, but I think it best not to take action on assumptions at this point.

timecantkill

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2008-12-07
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by timecantkill on Sat 01 Sep 2012, 7:14 am

If the Repair your computer item's absence is due to System Recovery Options not being installed on my computer, which I am pretty sure it has been installed since my computer has always had Command Prompt, System Restore, etc., then I imagine I will need a Windows Vista DVD. I hope this is not the case as I do not have a Windows startup disk; if it is the case, is there a quick way I can get a hold of that disk or produce it myself?

timecantkill

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2008-12-07
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by timecantkill on Sat 01 Sep 2012, 11:23 am

Uhhhh and apparently my Recycle Bin has somehow been deleted from my Desktop, which I thought wasn't possible. :S

timecantkill

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2008-12-07
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by Superdave on Sat 01 Sep 2012, 11:56 am

If the Repair your computer item's absence is due to System Recovery Options not being installed on my computer, which I am pretty sure it has been installed since my computer has always had Command Prompt, System Restore, etc., then I imagine I will need a Windows Vista DVD.
Most computers with Vista came with the RC already installed or the option of creating your own repair disks. When you ran ComboFix you would have been asked if you wanted to install the RC. You may be able to borrow a Vista disk but it must be the same version as what you have installed. However please read below.

I am required to give you this warning.

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

Read this article: Danger: Remote Access Trojans.

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one! If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach.

I would counsel you to disconnect this PC from the Internet immediately.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall?

We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by timecantkill on Mon 03 Sep 2012, 4:47 am

Well, shit. I was afraid of that >_<. I'll inform you of my decision by the end of the day...

Can you tell me: If this is an infection that runs so deep my computer will still be a liability even after reformatting? If I attempt to backup the contents of my computer before reformatting, what is the chance that my external harddrive will then become infected? If I backup everything at this point, after I reformat and transfer all my backedup files to my computer, could the infection resume with the backedup files?

timecantkill

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2008-12-07
Operating System : Vista

View user profile

Back to top Go down

Re: Trojan horse BackDoor.Generic12.BIXF and all the fixins

Post by Sponsored content Today at 4:36 am


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum