Solved Sirefef .AA .W .AN .P .AB being detected by anti-virus help please!

Status
Not open for further replies.
Brennan

Brennan

Posts: 141   +3
Microsoft Security Essentials was disabled and wouldn't turn on giving some error about it not being installed (never had it not work for me) so I was suspicious that I had a virus, I ran a MalewareBytes quick scan but it found nothing so I uninstalled MS Security Essentials and reinstalled it; ran a scan and it detected Sirefef .AA, .AB, .AN, .P and .W, During the scanning process a windows error came up saying "critical error computer will be restarted in one minute" (this happened several times) tried to abort it in cmd to no avail. I selected remove on the list of viruses and MS Security Ess. gave me the option to restart to finish the removal which this time I did before the auto shutdown. Judging by what I have been reading I probably still have the virus.. what should I do? Your advice would be very appreciated.
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
Please review the 5-Step removal instructions and post the logs back here for my review.
 
I thought I would mention the problems (virus) first appeared when the Babylon toolbar showed its ugly face which I believe was a result of downloading trial freeware (to separate audio from a video file; the program worked fine), or possibly a torrent, not sure if it was related. Anyway these were the results, Thankyou for your time this is quite frustrating and I appreciate it.

GMER said no modifications and gave me no log.

DDS

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31
Run by User at 0:41:58 on 2012-07-15
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3966.2254 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\CTsvcCDA.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files (x86)\ishutdown\iShutdown\ilauncher.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Creative Detector] "C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe" /R
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ishutdown2] C:\Program Files (x86)\ishutdown\iShutdown\ilauncher.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{DEBEC50A-0523-446D-979C-2166E23665DB} : DhcpNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
BHO-X64: Vuze Remote - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z4oofidk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110195&tt=010712_2&babsrc=KW_ss&mntrId=589b1fbf000000000000485b39f76cef&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110195&tt=010712_2
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 589b1fbf000000000000485b39f76cef
FF - user.js: extensions.BabylonToolbar_i.hardId - 589b1fbf000000000000485b39f76cef
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15527
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:22:44
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-13 2320920]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-2-16 245760]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-2 1262400]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-19 250056]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-12-18 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-7-5 79360]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS --> C:\Windows\system32\DRIVERS\PFC027.SYS [?]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2011-11-15 24176]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-14 19:31:48 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-14 19:31:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-14 19:12:50 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9A697401-0FEA-4E69-82D8-22C106895C28}\mpengine.dll
2012-07-14 08:05:59 98816 ----a-w- C:\Windows\sed.exe
2012-07-14 08:05:59 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-14 08:05:59 256000 ----a-w- C:\Windows\PEV.exe
2012-07-14 08:05:59 208896 ----a-w- C:\Windows\MBR.exe
2012-07-14 08:05:57 -------- d-s---w- C:\ComboFix
2012-07-14 07:47:28 328704 ----a-w- C:\Windows\System32\services.exe.7724DCCFF78EA5C3
2012-07-14 07:43:55 328704 ----a-w- C:\Windows\System32\services.exe.4AB7C7F0E51BCEBC
2012-07-12 19:14:00 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-11 10:03:27 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-07-06 05:24:27 -------- d-----w- C:\MyAudio
2012-07-06 05:22:45 -------- d-----w- C:\Program Files (x86)\BabylonToolbar
2012-07-06 05:22:14 -------- d-----w- C:\Users\User\AppData\Roaming\Babylon
2012-07-06 05:22:14 -------- d-----w- C:\ProgramData\Babylon
2012-07-05 21:14:46 -------- d-----w- C:\Users\User\AppData\Local\{C10A0F99-E347-4810-9CC8-A7EABBB435FA}
2012-07-05 21:13:59 -------- d-----w- C:\Users\User\AppData\Local\{6B40FE08-5D1F-40F4-8E53-57117E930208}
2012-06-28 23:26:45 -------- d-----w- C:\Users\User\AppData\Local\{1F8E927B-8889-4CB5-AC23-C1547454A102}
2012-06-28 23:25:38 -------- d-----w- C:\Users\User\AppData\Local\{D54BE971-E239-487F-9D1C-DFBB5CA13F05}
2012-06-27 18:13:07 -------- d-----w- C:\Users\User\AppData\Local\{09BD7D8B-4489-4270-8858-A75DE8689E6B}
2012-06-27 18:12:15 -------- d-----w- C:\Users\User\AppData\Local\{1BA0E979-F501-4281-AE03-E813D706815E}
2012-06-26 05:43:27 -------- d-----w- C:\Users\User\AppData\Local\{03053413-6EAB-4A30-B208-FF97D8A02CE2}
2012-06-26 05:42:53 -------- d-----w- C:\Users\User\AppData\Local\{D8141412-A7EF-4605-B17F-658019F9BA2A}
2012-06-24 06:09:11 -------- d-----w- C:\Users\User\AppData\Local\{E5CC7818-D0C5-4F28-8541-C453126523AA}
2012-06-24 06:08:34 -------- d-----w- C:\Users\User\AppData\Local\{A739478A-0A34-4CA8-8537-42703D8CA3BF}
2012-06-23 10:37:14 -------- d-----w- C:\Users\User\AppData\Local\Macromedia
2012-06-23 09:16:27 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-23 09:16:27 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-23 05:54:26 -------- d-----w- C:\Users\User\AppData\Local\{82FDBCF1-0983-43D6-95D1-09CCEAF60FE9}
2012-06-23 05:53:43 -------- d-----w- C:\Users\User\AppData\Local\{C4C40B70-E562-41C4-83CF-4CC28DFFF0FA}
2012-06-19 06:12:18 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-19 06:11:14 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-19 06:10:56 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-19 06:10:56 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-19 06:08:39 -------- d-----w- C:\Users\User\AppData\Local\{466E9782-7F9B-41F3-A3B7-5F62618D3891}
2012-06-19 06:07:54 -------- d-----w- C:\Users\User\AppData\Local\{3C68B09F-E821-49EA-9AB3-500B9BEEEADB}
2012-06-17 12:02:30 -------- d-----w- C:\Program Files\iPod
2012-06-17 12:02:29 -------- d-----w- C:\Program Files\iTunes
2012-06-17 11:39:34 -------- d-----w- C:\Users\User\AppData\Local\{B85F3744-CC09-4DEB-A695-B4F8B1A67F45}
2012-06-15 23:13:21 -------- d-----w- C:\Users\User\AppData\Local\{0FA4A4D6-29DD-4849-8BAB-9B96CCE0D6C3}
.
==================== Find3M ====================
.
2012-07-14 07:50:28 328704 ----a-w- C:\Windows\System32\services.exe
2012-07-12 08:33:22 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 08:33:22 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-06 03:43:58 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-07-06 03:43:58 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-07-06 03:43:57 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-07-06 03:43:57 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 19:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:45 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-15 09:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-05-15 03:56:59 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:08:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-20 06:22:18 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2012-04-20 05:05:47 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-04-20 05:00:31 482816 ----a-w- C:\Windows\System32\html.iec
2012-04-20 04:15:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-04-20 03:58:07 386048 ----a-w- C:\Windows\SysWow64\html.iec
2012-04-20 03:24:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-19 03:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 03:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-04-18 17:08:02 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
.
============= FINISH: 0:42:38.61 ===============

Attach


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 13/09/2010 1:18:54 PM
System Uptime: 14/07/2012 11:56:42 AM (13 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P7H55-M PRO
Processor: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz | LGA1156 | 2933/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 19.653 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP634: 28/06/2012 4:35:39 PM - Windows Update
RP635: 02/07/2012 4:35:20 PM - Windows Update
RP636: 05/07/2012 8:44:27 PM - Installed Creative Audio Control Panel
RP637: 05/07/2012 8:45:34 PM - Installed Creative Software AutoUpdate
RP638: 05/07/2012 8:56:00 PM - Installed WaveStudio 7
RP639: 05/07/2012 9:08:54 PM - Windows Update
RP640: 08/07/2012 11:13:51 PM - Windows Update
RP641: 11/07/2012 3:00:16 AM - Windows Update
RP642: 14/07/2012 1:06:08 AM - ComboFix created restore point
RP643: 14/07/2012 12:12:36 PM - Windows Update
.
==== Installed Programs ======================
.
888poker
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
Apple Application Support
Apple Software Update
AviSynth 2.5
Babylon toolbar on IE
Battlestations: Midway
Command and Conquer 3: Tiberium Wars
Counter-Strike: Source
Creative ALchemy
Creative Audio Control Panel
Creative Console Launcher
Creative MediaSource
Creative MediaSource 5
Creative Smart Recorder
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Creative WaveStudio 7
D3DX10
Day of Defeat: Source
Diablo III
Dungeon Siege 2
Dungeon Siege III
Empire Earth Gold Edition
Everything 1.2.1.371
F.E.A.R. 3
FrostWire 4.21.6
Google Chrome
HijackThis 2.0.2
HL-2270DW
Intel(R) Management Engine Components
IrfanView (remove only)
iShutdown
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
Left 4 Dead 2
LibreOffice 3.4
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Messenger Companion
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
QuickTime
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
SequoiaView
Skype™ 5.8
SoundFont Bank Manager
StarCraft II
Steam
System Requirements Lab
System Requirements Lab CYRI
Tibia
Universe Sandbox
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Videora iPod Converter 6
VLC media player 1.1.10
Vuze
Vuze Remote Toolbar
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
World of Warcraft
YouTube Downloader App 3.00
.
==== Event Viewer Messages From Past Week ========
.
15/07/2012 12:12:21 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
15/07/2012 12:12:21 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
14/07/2012 12:52:18 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
14/07/2012 12:52:18 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
14/07/2012 11:59:11 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
14/07/2012 11:59:11 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
14/07/2012 11:57:09 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
.
==== End Of File ===========================

 
Forgot to mention I cannot enable Windows Firewall because of an error "cannot change some of your settings".
 
Download Farbar Recovery Scan Tool and save it to a flash drive.

Please make sure to download the 64-bit version.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button.
  • type exit and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
 
When I tap F8 in the BIOS menu the advanced boot options menu flashes for a second then a list pops up asking me what device I want to boot from either Harddrive or CD-ROM and the computer stars normally no matter which I select.
 
Turns out I was tapping F8 too early anyway I used my Ipod to run the tool since I didn't have a flash drive it's a Hard drive Ipod hope that doesn't make a difference.

Here is the log.

Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 17-07-2012 16:45:38
Running from J:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2306448 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [413208 2010-04-21] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-04-21] (Intel Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-04-21] (Intel Corporation)
HKLM-x32\...\Run: [CTxfiHlp] CTXFIHLP.EXE [x]
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup [602624 2009-03-12] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKU\User\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\User\...\Run: [ishutdown2] C:\Program Files (x86)\ishutdown\iShutdown\ilauncher.exe [17920 2011-05-31] ()
HKU\User\...\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-02] (Google Inc.)
HKU\User\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-10-11] (Valve Corporation)
HKU\User\...\Run: [Creative Detector] "C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe" /R [102400 2004-12-02] (Creative Technology Ltd)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ======

2 Creative Service for CDROM Access; C:\Windows\SysWOW64\CTsvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2009-11-04] (Intel Corporation)

========================== Drivers (Whitelisted) =============

3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
3 pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-11-06] ()

========================== NetSvcs (Whitelisted) ===========

END

Thankyou for your patience.
 
Sorry apparently copy/paste is too complicated for me, I noticed the log seemed incomplete here's the real one.

Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 17-07-2012 16:45:38
Running from J:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2306448 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [413208 2010-04-21] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-04-21] (Intel Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-04-21] (Intel Corporation)
HKLM-x32\...\Run: [CTxfiHlp] CTXFIHLP.EXE [x]
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup [602624 2009-03-12] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKU\User\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\User\...\Run: [ishutdown2] C:\Program Files (x86)\ishutdown\iShutdown\ilauncher.exe [17920 2011-05-31] ()
HKU\User\...\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-02] (Google Inc.)
HKU\User\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-10-11] (Valve Corporation)
HKU\User\...\Run: [Creative Detector] "C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe" /R [102400 2004-12-02] (Creative Technology Ltd)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ======

2 Creative Service for CDROM Access; C:\Windows\SysWOW64\CTsvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2009-11-04] (Intel Corporation)

========================== Drivers (Whitelisted) =============

3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
3 pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-11-06] ()

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-17 16:45 - 2012-07-17 16:45 - 00000000 ____D C:\FRST
2012-07-17 14:38 - 2012-07-17 14:56 - 3224686592 ____A C:\Users\User\Desktop\X15-65733.iso
2012-07-17 14:29 - 2012-07-17 15:40 - 00000000 ____D C:\Windows\pss
2012-07-17 14:08 - 2012-07-17 14:08 - 01437107 ____A (Farbar) C:\Users\User\Desktop\FRST64.exe
2012-07-16 22:57 - 2012-07-16 22:57 - 00012745 ____A C:\Users\User\Desktop\Breaking.Bad.S05E01.Live.Free.or.Die.HDTV.x264-FQM.[eztv].torrent
2012-07-16 08:22 - 2012-07-16 08:22 - 00000212 ____A C:\Users\User\Desktop\VirHelp.url
2012-07-16 07:39 - 2012-07-16 07:39 - 00170191 ____A C:\Users\User\Desktop\[isoHunt] Law and Order - Season 11.torrent
2012-07-15 00:04 - 2012-07-15 00:04 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-15 00:04 - 2012-07-15 00:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-14 23:39 - 2012-07-14 23:39 - 00607260 ____R (Swearware) C:\Users\User\Desktop\dds.scr
2012-07-14 10:55 - 2012-07-14 10:55 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-1.62.0.1300.exe
2012-07-14 10:52 - 2012-07-14 10:52 - 00302592 ____A C:\Users\User\Desktop\4r3mlo0h.exe
2012-07-14 00:14 - 2012-07-14 00:20 - 522565534 ____A C:\Users\User\Desktop\Hirens.BootCD.15.1.zip
2012-07-14 00:05 - 2012-07-14 00:06 - 00000000 ___SD C:\ComboFix
2012-07-14 00:05 - 2012-07-14 00:05 - 00000000 ____D C:\Windows\erdnt
2012-07-14 00:05 - 2012-07-14 00:05 - 00000000 ____D C:\Qoobox
2012-07-14 00:05 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-14 00:05 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-14 00:05 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-14 00:05 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-14 00:05 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-14 00:05 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-14 00:05 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-14 00:05 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-13 23:47 - 2012-07-13 23:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7724DCCFF78EA5C3
2012-07-13 23:43 - 2012-07-13 23:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4AB7C7F0E51BCEBC
2012-07-12 11:14 - 2012-07-12 11:14 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-11 02:03 - 2012-06-11 19:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 20:18 - 2012-06-08 21:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 20:18 - 2012-06-08 20:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 20:18 - 2012-06-05 21:50 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 20:18 - 2012-06-05 21:50 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 20:18 - 2012-06-05 21:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 20:18 - 2012-06-05 21:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 20:18 - 2012-06-01 21:38 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 20:18 - 2012-06-01 21:38 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 20:18 - 2012-06-01 21:37 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 20:18 - 2012-06-01 21:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 20:18 - 2012-06-01 21:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 20:18 - 2012-06-01 20:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 20:18 - 2012-06-01 20:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 20:18 - 2012-06-01 20:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 20:18 - 2012-06-01 20:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-06 03:36 - 2012-07-06 03:36 - 00001080 ____A C:\Windows\System32\settingsbkup.sfm
2012-07-06 03:36 - 2012-07-06 03:36 - 00001080 ____A C:\Windows\System32\settings.sfm
2012-07-05 21:24 - 2012-07-05 21:26 - 00000000 ____D C:\MyAudio
2012-07-05 21:22 - 2012-07-05 21:22 - 00000249 ____A C:\user.js
2012-07-05 21:22 - 2012-07-05 21:22 - 00000000 ____D C:\Users\User\AppData\Roaming\Babylon
2012-07-05 21:22 - 2012-07-05 21:22 - 00000000 ____D C:\Users\All Users\Babylon
2012-07-05 13:14 - 2012-07-05 13:15 - 00000000 ____D C:\Users\User\AppData\Local\{C10A0F99-E347-4810-9CC8-A7EABBB435FA}
2012-07-05 13:13 - 2012-07-05 13:14 - 00000000 ____D C:\Users\User\AppData\Local\{6B40FE08-5D1F-40F4-8E53-57117E930208}
2012-06-28 15:26 - 2012-06-28 15:27 - 00000000 ____D C:\Users\User\AppData\Local\{1F8E927B-8889-4CB5-AC23-C1547454A102}
2012-06-28 15:25 - 2012-06-28 15:26 - 00000000 ____D C:\Users\User\AppData\Local\{D54BE971-E239-487F-9D1C-DFBB5CA13F05}
2012-06-27 10:13 - 2012-06-27 10:13 - 00000000 ____D C:\Users\User\AppData\Local\{09BD7D8B-4489-4270-8858-A75DE8689E6B}
2012-06-27 10:12 - 2012-06-27 10:13 - 00000000 ____D C:\Users\User\AppData\Local\{1BA0E979-F501-4281-AE03-E813D706815E}
2012-06-25 21:43 - 2012-06-25 21:44 - 00000000 ____D C:\Users\User\AppData\Local\{03053413-6EAB-4A30-B208-FF97D8A02CE2}
2012-06-25 21:42 - 2012-06-25 21:43 - 00000000 ____D C:\Users\User\AppData\Local\{D8141412-A7EF-4605-B17F-658019F9BA2A}
2012-06-23 22:09 - 2012-06-23 22:09 - 00000000 ____D C:\Users\User\AppData\Local\{E5CC7818-D0C5-4F28-8541-C453126523AA}
2012-06-23 22:08 - 2012-06-23 22:09 - 00000000 ____D C:\Users\User\AppData\Local\{A739478A-0A34-4CA8-8537-42703D8CA3BF}
2012-06-23 02:37 - 2012-06-23 02:37 - 00000000 ____D C:\Users\User\AppData\Local\Macromedia
2012-06-22 21:54 - 2012-06-22 21:54 - 00000000 ____D C:\Users\User\AppData\Local\{82FDBCF1-0983-43D6-95D1-09CCEAF60FE9}
2012-06-22 21:53 - 2012-06-22 21:54 - 00000000 ____D C:\Users\User\AppData\Local\{C4C40B70-E562-41C4-83CF-4CC28DFFF0FA}
2012-06-20 15:30 - 2012-06-20 15:30 - 00000000 ____D C:\Users\User\Documents\Battlestations-Midway
2012-06-18 22:12 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-18 22:12 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-18 22:12 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-18 22:12 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-18 22:11 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-18 22:11 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-18 22:11 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-18 22:10 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-18 22:10 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-18 22:08 - 2012-06-18 22:09 - 00000000 ____D C:\Users\User\AppData\Local\{466E9782-7F9B-41F3-A3B7-5F62618D3891}
2012-06-18 22:07 - 2012-06-18 22:08 - 00000000 ____D C:\Users\User\AppData\Local\{3C68B09F-E821-49EA-9AB3-500B9BEEEADB}
2012-06-17 04:02 - 2012-06-17 04:03 - 00000000 ____D C:\Program Files\iTunes
2012-06-17 04:02 - 2012-06-17 04:02 - 00000000 ____D C:\Program Files\iPod
2012-06-17 03:39 - 2012-06-17 03:39 - 00000000 ____D C:\Users\User\AppData\Local\{B85F3744-CC09-4DEB-A695-B4F8B1A67F45}

============ 3 Months Modified Files ========================

2012-07-17 15:33 - 2012-04-19 13:31 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-17 15:33 - 2010-09-14 00:15 - 01253529 ____A C:\Windows\WindowsUpdate.log
2012-07-17 15:33 - 2009-07-13 20:45 - 00015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-17 15:33 - 2009-07-13 20:45 - 00015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-17 15:28 - 2010-12-20 23:07 - 00026344 ____A C:\Windows\setupact.log
2012-07-17 15:28 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-17 14:56 - 2012-07-17 14:38 - 3224686592 ____A C:\Users\User\Desktop\X15-65733.iso
2012-07-17 14:28 - 2011-12-02 00:05 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-592917798-1658097988-3837472857-1000UA.job
2012-07-17 14:08 - 2012-07-17 14:08 - 01437107 ____A (Farbar) C:\Users\User\Desktop\FRST64.exe
2012-07-17 03:28 - 2011-12-02 00:05 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-592917798-1658097988-3837472857-1000Core.job
2012-07-16 22:57 - 2012-07-16 22:57 - 00012745 ____A C:\Users\User\Desktop\Breaking.Bad.S05E01.Live.Free.or.Die.HDTV.x264-FQM.[eztv].torrent
2012-07-16 08:22 - 2012-07-16 08:22 - 00000212 ____A C:\Users\User\Desktop\VirHelp.url
2012-07-16 07:39 - 2012-07-16 07:39 - 00170191 ____A C:\Users\User\Desktop\[isoHunt] Law and Order - Season 11.torrent
2012-07-15 00:05 - 2011-02-07 03:22 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-15 00:04 - 2011-02-07 03:21 - 00735282 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-14 23:39 - 2012-07-14 23:39 - 00607260 ____R (Swearware) C:\Users\User\Desktop\dds.scr
2012-07-14 10:55 - 2012-07-14 10:55 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-1.62.0.1300.exe
2012-07-14 10:52 - 2012-07-14 10:52 - 00302592 ____A C:\Users\User\Desktop\4r3mlo0h.exe
2012-07-14 00:20 - 2012-07-14 00:14 - 522565534 ____A C:\Users\User\Desktop\Hirens.BootCD.15.1.zip
2012-07-14 00:06 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-13 23:50 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-13 23:47 - 2012-07-13 23:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7724DCCFF78EA5C3
2012-07-13 23:43 - 2012-07-13 23:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4AB7C7F0E51BCEBC
2012-07-12 00:33 - 2012-04-19 13:31 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-12 00:33 - 2011-05-16 00:03 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-11 03:59 - 2010-09-17 13:39 - 00064856 ____A C:\Windows\PFRO.log
2012-07-11 02:20 - 2009-07-13 20:45 - 00300752 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 02:01 - 2010-09-17 13:22 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-06 03:36 - 2012-07-06 03:36 - 00001080 ____A C:\Windows\System32\settingsbkup.sfm
2012-07-06 03:36 - 2012-07-06 03:36 - 00001080 ____A C:\Windows\System32\settings.sfm
2012-07-05 21:22 - 2012-07-05 21:22 - 00000249 ____A C:\user.js
2012-07-05 19:43 - 2010-12-18 10:47 - 00466520 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-07-05 19:43 - 2010-12-18 10:47 - 00445016 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-07-05 19:43 - 2010-12-18 10:47 - 00123480 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-07-05 19:43 - 2010-12-18 10:47 - 00109144 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-07-05 19:43 - 2010-12-18 10:47 - 00000159 __RAH C:\Windows\ctfile.rfc
2012-06-11 19:02 - 2012-07-11 02:03 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:30 - 2012-07-10 20:18 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:46 - 2012-07-10 20:18 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 21:50 - 2012-07-10 20:18 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:50 - 2012-07-10 20:18 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:09 - 2012-07-10 20:18 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:09 - 2012-07-10 20:18 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-02 14:19 - 2012-06-18 22:12 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-18 22:12 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-18 22:12 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-18 22:11 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-18 22:11 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-18 22:10 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:15 - 2012-06-18 22:12 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-18 22:11 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-18 22:10 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:38 - 2012-07-10 20:18 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:38 - 2012-07-10 20:18 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:37 - 2012-07-10 20:18 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:27 - 2012-07-10 20:18 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:27 - 2012-07-10 20:18 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:48 - 2012-07-10 20:18 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:48 - 2012-07-10 20:18 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:47 - 2012-07-10 20:18 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:42 - 2012-07-10 20:18 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 11:25 - 2010-09-15 08:37 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-23 00:57 - 2012-05-23 00:57 - 00007334 ____A C:\Users\User\Documents\Starcraft Units.odt
2012-05-15 02:48 - 2012-06-01 23:01 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-15 02:48 - 2012-06-01 23:01 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-15 02:48 - 2012-06-01 23:01 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-15 02:48 - 2012-06-01 23:01 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-05-15 02:48 - 2012-06-01 23:01 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-15 02:48 - 2012-06-01 23:01 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-15 02:48 - 2012-06-01 23:01 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-15 02:48 - 2012-06-01 23:01 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-05-15 02:48 - 2012-06-01 23:01 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-15 02:48 - 2012-06-01 23:01 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-15 02:48 - 2012-06-01 23:01 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-15 02:48 - 2012-06-01 23:01 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-15 02:48 - 2012-06-01 23:01 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-15 02:48 - 2012-06-01 23:01 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-05-15 02:48 - 2012-06-01 23:01 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-05-15 02:48 - 2012-06-01 23:01 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-05-15 02:48 - 2012-06-01 23:01 - 00949056 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2012-05-15 02:48 - 2012-06-01 23:01 - 00818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-05-15 02:48 - 2012-06-01 23:01 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
2012-05-15 02:48 - 2012-06-01 23:01 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
2012-05-15 02:48 - 2012-06-01 23:01 - 00246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-05-15 02:48 - 2012-06-01 23:01 - 00202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-05-15 02:48 - 2011-05-21 06:01 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-05-15 02:48 - 2011-05-21 06:01 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-05-15 02:48 - 2011-05-21 06:01 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-05-15 02:48 - 2010-07-10 05:38 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-05-15 02:48 - 2010-07-10 05:38 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-05-15 02:48 - 2010-07-10 05:38 - 00014324 ____A C:\Windows\System32\nvinfo.pb
2012-05-15 01:29 - 2012-06-01 23:02 - 02621723 ____A C:\Windows\System32\nvcoproc.bin
2012-05-15 01:29 - 2010-07-09 16:27 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-05-15 01:29 - 2010-07-09 16:17 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-05-15 01:29 - 2010-07-09 16:17 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-05-15 01:29 - 2010-07-09 16:17 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-05-15 01:28 - 2010-07-09 16:17 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-05-15 01:21 - 2012-05-15 01:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-05-14 19:56 - 2012-06-12 17:52 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:52 - 2012-06-12 17:52 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 19:08 - 2012-06-12 17:52 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 19:06 - 2012-06-12 17:52 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-04 02:52 - 2012-06-12 17:52 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:08 - 2012-06-12 17:52 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:08 - 2012-06-12 17:52 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-01 21:32 - 2012-06-12 17:52 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:50 - 2012-06-12 17:52 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:34 - 2012-06-12 17:52 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:34 - 2012-06-12 17:52 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:28 - 2012-06-12 17:52 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:59 - 2012-06-12 17:51 - 01460224 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:59 - 2012-06-12 17:51 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:59 - 2012-06-12 17:51 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:47 - 2012-06-12 17:51 - 01156608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:47 - 2012-06-12 17:51 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:47 - 2012-06-12 17:51 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-19 22:25 - 2012-06-12 17:52 - 01501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-19 22:25 - 2012-06-12 17:52 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-19 22:23 - 2012-06-12 17:52 - 01026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-04-19 22:22 - 2012-06-12 17:52 - 09373696 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-19 22:22 - 2012-06-12 17:52 - 00736256 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-19 22:22 - 2012-06-12 17:52 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-19 22:22 - 2012-06-12 17:52 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-04-19 22:22 - 2012-06-12 17:52 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-04-19 22:21 - 2012-06-12 17:52 - 12405760 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-19 22:21 - 2012-06-12 17:52 - 02458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-19 22:21 - 2012-06-12 17:52 - 00445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-04-19 22:21 - 2012-06-12 17:52 - 00256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-19 22:21 - 2012-06-12 17:52 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-19 22:18 - 2012-06-12 17:52 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-04-19 21:07 - 2012-06-12 17:52 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-19 21:07 - 2012-06-12 17:52 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-19 21:06 - 2012-06-12 17:52 - 06028288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-19 21:06 - 2012-06-12 17:52 - 00627200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-19 21:06 - 2012-06-12 17:52 - 00606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2012-04-19 21:06 - 2012-06-12 17:52 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-19 21:06 - 2012-06-12 17:52 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-04-19 21:05 - 2012-06-12 17:52 - 11019776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-19 21:05 - 2012-06-12 17:52 - 02072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-19 21:05 - 2012-06-12 17:52 - 00381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-04-19 21:05 - 2012-06-12 17:52 - 00185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-04-19 21:05 - 2012-06-12 17:52 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-19 21:05 - 2012-06-12 17:52 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-04-19 21:03 - 2012-06-12 17:52 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-04-19 21:00 - 2012-06-12 17:52 - 00482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-19 20:15 - 2012-06-12 17:52 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-19 19:58 - 2012-06-12 17:52 - 00386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-04-19 19:24 - 2012-06-12 17:52 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb


ZeroAccess:
C:\Windows\Installer\{5804b618-ffb5-9da5-151c-c2bec33ea925}
C:\Windows\Installer\{5804b618-ffb5-9da5-151c-c2bec33ea925}\L
C:\Windows\Installer\{5804b618-ffb5-9da5-151c-c2bec33ea925}\U

ZeroAccess:
C:\Users\User\AppData\Local\{5804b618-ffb5-9da5-151c-c2bec33ea925}
C:\Users\User\AppData\Local\{5804b618-ffb5-9da5-151c-c2bec33ea925}\@
C:\Users\User\AppData\Local\{5804b618-ffb5-9da5-151c-c2bec33ea925}\L
C:\Users\User\AppData\Local\{5804b618-ffb5-9da5-151c-c2bec33ea925}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3966.05 MB
Available physical RAM: 3342.4 MB
Total Pagefile: 3964.2 MB
Available Pagefile: 3330.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:6.06 GB) NTFS
7 Drive j: (BRENNAN'S I) (Removable) (Total:148.79 GB) (Free:65.68 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 148 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 465 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 465 GB Healthy

==================================================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 148 GB 252 KB

==================================================================================

Disk: 5
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J BRENNAN'S I FAT32 Removable 148 GB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-09 23:30

======================= End Of Log ==========================
 
FRST64 Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\Installer\{5804b618-ffb5-9da5-151c-c2bec33ea925}
C:\Users\User\AppData\Local\{5804b618-ffb5-9da5-151c-c2bec33ea925}
end
Click to expand...

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.



Scan for malware

bf_new.gif
Please download Malwarebytes Anti-Malware from HERE.


Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 02
Ran by SYSTEM at 2012-07-18 13:22:10 Run:1
Running from J:\

==============================================

C:\Windows\Installer\{5804b618-ffb5-9da5-151c-c2bec33ea925} moved successfully.
C:\Users\User\AppData\Local\{5804b618-ffb5-9da5-151c-c2bec33ea925} moved successfully.

==== End of Fixlog ====

During the bootup it gave me a warning that I might not be running a valid version of windows, I skipped over it now it's saying MS Security Essentials will be disabled in 30 days.
 
Not sure. Let's take a look here:

  1. Please download MGADiag and save it to your desktop.
  2. Double click the
    dmjdiag.png
    icon on your desktop.
  3. Push
    dmjcontinue.png
  4. Push
    dmjcopy.png
  5. Go to Start -> Run and type in "Notepad"
  6. Go to Edit -> Paste in notepad.
  7. x out all of the numbers and letters in the line beginning with "Windows Product Key:"
  8. Copy and paste that log here.
 
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.18.09

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
User :: USER-PC [administrator]

18/07/2012 1:31:29 PM
mbam-log-2012-07-18 (13-31-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205178
Time elapsed: 2 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key:
Windows Product Key
Windows Product ID:
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.1.7600.2.00010300.0.0.003
ID:
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7600.win7_gdr.120503-2030
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{EDBEF937-4B49-4554-8EFA-B4428D39C3D6}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010300.0.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-WQ628</PKey><PID>00359-OEM-8703181-27089</PID><PIDType>3</PIDType><SID>S-1-5-21-592917798-1658097988-3837472857</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1303 </Version><SMBIOSVersion major="2" minor="6"/><Date>20100531000000.000000+000</Date></BIOS><HWID>8FB83607018400FC</HWID><UserLCID>1009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7600.16385

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Activation ID: 586bc076-c93d-429a-afe5-a69fbc644e88
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00174-031-827089-02-4105-7600.0000-2572010
Installation ID: 005545103500883903635142017531383574504553207575822514
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: WQ628
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 18/07/2012 1:39:05 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 6:18:2012 01:52
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NgAAAAEABgABAAEAAAACAAAAAQABAAEA6GFgKKgYQsaAluJfyt4cvyb+9gzoYcrEChEQ+Fxd

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 053110 APIC1146
FACP 053110 FACP1146
HPET 053110 OEMHPET
MCFG 053110 OEMMCFG
OEMB 053110 OEMB1146
OSFR 053110 OEMOSFR
SSDT DpgPmm CpuPm
 
It is a genuine and activated copy of Windows. No problems there.

Must be ransom malware. We'll trash that malware fast...

ComboFix

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.
After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:
  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
 
My firewall started working after ComboFix rebooted the comp, I was pretty sure I renamed it svchost.exe not sure why it says combofix.exe.

ComboFix 12-07-19.02 - User 19/07/2012 11:20:19.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3966.2438 [GMT -7:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\User\AppData\Roaming\da15dc20.dat
c:\windows\Installer\{5804b618-ffb5-9da5-151c-c2bec33ea925}\@
c:\windows\Installer\{5804b618-ffb5-9da5-151c-c2bec33ea925}\L\00000004.@
c:\windows\Installer\{5804b618-ffb5-9da5-151c-c2bec33ea925}\L\1afb2d56
c:\windows\Installer\{5804b618-ffb5-9da5-151c-c2bec33ea925}\L\201d3dde
c:\windows\Installer\{5804b618-ffb5-9da5-151c-c2bec33ea925}\n
c:\windows\Installer\{5804b618-ffb5-9da5-151c-c2bec33ea925}\U\00000008.@
.
.
((((((((((((((((((((((((( Files Created from 2012-06-19 to 2012-07-19 )))))))))))))))))))))))))))))))
.
.
2012-07-19 18:27 . 2012-07-19 18:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-19 18:27 . 2012-07-19 18:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-18 20:39 . 2012-07-18 20:39 -------- d-----w- C:\MGADiagToolOutput
2012-07-18 20:38 . 2012-07-18 20:38 -------- d-----w- c:\programdata\Office Genuine Advantage
2012-07-18 20:35 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CDFD7098-7B89-4C19-95F7-3CBCF2731587}\mpengine.dll
2012-07-18 20:31 . 2012-07-18 20:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-18 20:31 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-18 00:45 . 2012-07-18 00:45 -------- d-----w- C:\FRST
2012-07-17 08:15 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-15 08:05 . 2012-07-15 08:05 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68991BE8-B3F6-4CC1-8405-8FCFE5E007F6}\gapaengine.dll
2012-07-15 08:04 . 2012-07-15 08:04 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-15 08:04 . 2012-07-15 08:04 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-14 07:47 . 2012-07-14 07:47 328704 ----a-w- c:\windows\system32\services.exe.7724DCCFF78EA5C3
2012-07-14 07:43 . 2012-07-14 07:43 328704 ----a-w- c:\windows\system32\services.exe.4AB7C7F0E51BCEBC
2012-07-12 19:14 . 2012-07-12 19:14 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-11 10:03 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 05:24 . 2012-07-06 05:26 -------- d-----w- C:\MyAudio
2012-07-06 05:22 . 2012-07-06 05:22 249 ----a-w- C:\user.js
2012-07-06 05:22 . 2012-07-06 05:22 -------- d-----w- c:\users\User\AppData\Roaming\Babylon
2012-07-06 05:22 . 2012-07-06 05:22 -------- d-----w- c:\programdata\Babylon
2012-06-23 10:37 . 2012-06-23 10:37 -------- d-----w- c:\users\User\AppData\Local\Macromedia
2012-06-23 09:16 . 2012-06-14 22:19 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-23 09:16 . 2012-06-14 22:19 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-14 07:50 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-07-12 08:33 . 2012-04-19 21:31 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 08:33 . 2011-05-16 08:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 10:01 . 2010-09-17 21:22 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-06 03:43 . 2010-12-18 18:47 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-07-06 03:43 . 2010-12-18 18:47 123480 ----a-w- c:\windows\system32\OpenAL32.dll
2012-07-06 03:43 . 2010-12-18 18:47 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-07-06 03:43 . 2010-12-18 18:47 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-06-18 10:12 . 2012-07-14 19:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A697401-0FEA-4E69-82D8-22C106895C28}\mpengine.dll
2012-06-02 22:19 . 2012-06-19 06:11 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 06:12 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 06:12 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 06:12 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 06:10 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-19 06:11 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 06:12 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 06:10 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-19 06:11 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-31 19:25 . 2010-09-15 16:37 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 10:48 . 2012-06-02 07:01 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-06-02 07:01 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2012-06-02 07:01 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-06-02 07:01 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-06-02 07:01 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-06-02 07:01 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-06-02 07:01 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-06-02 07:01 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-06-02 07:01 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-06-02 07:01 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-06-02 07:01 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-06-02 07:01 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-06-02 07:01 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-06-02 07:01 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2012-06-02 07:01 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-06-02 07:01 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-06-02 07:01 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-06-02 07:01 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-06-02 07:01 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-06-02 07:01 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-06-02 07:01 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-06-02 07:01 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2011-05-21 14:01 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2011-05-21 14:01 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2011-05-21 14:01 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2010-07-10 13:38 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2010-07-10 13:38 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 09:29 . 2010-07-10 00:17 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2010-07-10 00:27 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2010-07-10 00:17 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-06-02 07:02 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2010-07-10 00:17 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2010-07-10 00:17 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:21 . 2012-05-15 09:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-15 03:56 . 2012-06-13 01:52 1197568 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:52 . 2012-06-13 01:52 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:08 . 2012-06-13 01:52 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-04 10:52 . 2012-06-13 01:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:08 . 2012-06-13 01:52 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08 . 2012-06-13 01:52 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32 . 2012-06-13 01:52 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:50 . 2012-06-13 01:52 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:34 . 2012-06-13 01:52 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:34 . 2012-06-13 01:52 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:28 . 2012-06-13 01:52 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:59 . 2012-06-13 01:51 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:59 . 2012-06-13 01:51 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 05:59 . 2012-06-13 01:51 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 01:51 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:47 . 2012-06-13 01:51 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 01:51 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"ishutdown2"="c:\program files (x86)\ishutdown\iShutdown\ilauncher.exe" [2011-05-31 17920]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-10-11 1242448]
"Creative Detector"="c:\program files (x86)\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-12-18 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-07-06 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-06 202840]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-06 94808]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-23 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-17 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-06 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-06 94808]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 08:33]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-592917798-1658097988-3837472857-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 08:05]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-592917798-1658097988-3837472857-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 08:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-22 2306448]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-22 413208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 386584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-22 161304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z4oofidk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110195&tt=010712_2&babsrc=KW_ss&mntrId=589b1fbf000000000000485b39f76cef&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110195&tt=010712_2
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 589b1fbf000000000000485b39f76cef
FF - user.js: extensions.BabylonToolbar_i.hardId - 589b1fbf000000000000485b39f76cef
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15527
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:22
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-592917798-1658097988-3837472857-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-592917798-1658097988-3837472857-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0b\06\0c\10;#?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\CTsvcCDA.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\SysWOW64\Ctxfihlp.exe
c:\windows\SysWOW64\CTXFISPI.EXE
c:\program files (x86)\Common Files\Steam\SteamService.exe
c:\program files (x86)\ishutdown\iShutdown\iShutdown.exe
.
**************************************************************************
.
Completion time: 2012-07-19 11:36:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-19 18:36
.
Pre-Run: 7,631,380,480 bytes free
Post-Run: 7,769,976,832 bytes free
.
- - End Of File - - 355D54B59D3D8DC2DADE2CDEF685EB22
 
Hang on for the Java till later...

ComboFix Script

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    ClearJavaCache::

    DDS::
    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110195&tt=010712_2&babsrc=KW_ss&mntrId=589b1fbf000000000000485b39f76cef&q=
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110195&tt=010712_2
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - 589b1fbf000000000000485b39f76cef
    FF - user.js: extensions.BabylonToolbar_i.hardId - 589b1fbf000000000000485b39f76cef
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15527
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:22
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

    Reboot::
    Click to expand...
  • Save this as CFScript.txt, in the same location as ComboFix.exe

    CFScriptB-4.gif

  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.
 
ComboFix 12-07-20.02 - User 20/07/2012 12:20:05.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3966.2579 [GMT -7:00]
Running from: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))))
.
.
2012-07-20 19:29 . 2012-07-20 19:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-20 19:29 . 2012-07-20 19:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-19 18:44 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{46D8D371-BFA8-4C7C-853E-4F24CEFD58DB}\mpengine.dll
2012-07-19 18:44 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-18 20:39 . 2012-07-18 20:39 -------- d-----w- C:\MGADiagToolOutput
2012-07-18 20:38 . 2012-07-18 20:38 -------- d-----w- c:\programdata\Office Genuine Advantage
2012-07-18 20:31 . 2012-07-18 20:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-18 20:31 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-18 00:45 . 2012-07-18 00:45 -------- d-----w- C:\FRST
2012-07-15 08:05 . 2012-07-15 08:05 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68991BE8-B3F6-4CC1-8405-8FCFE5E007F6}\gapaengine.dll
2012-07-15 08:04 . 2012-07-15 08:04 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-15 08:04 . 2012-07-15 08:04 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-14 07:47 . 2012-07-14 07:47 328704 ----a-w- c:\windows\system32\services.exe.7724DCCFF78EA5C3
2012-07-14 07:43 . 2012-07-14 07:43 328704 ----a-w- c:\windows\system32\services.exe.4AB7C7F0E51BCEBC
2012-07-12 19:14 . 2012-07-12 19:14 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-11 10:03 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 05:24 . 2012-07-06 05:26 -------- d-----w- C:\MyAudio
2012-07-06 05:22 . 2012-07-06 05:22 249 ----a-w- C:\user.js
2012-07-06 05:22 . 2012-07-06 05:22 -------- d-----w- c:\users\User\AppData\Roaming\Babylon
2012-07-06 05:22 . 2012-07-06 05:22 -------- d-----w- c:\programdata\Babylon
2012-06-23 10:37 . 2012-06-23 10:37 -------- d-----w- c:\users\User\AppData\Local\Macromedia
2012-06-23 09:16 . 2012-06-14 22:19 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-23 09:16 . 2012-06-14 22:19 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-14 07:50 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-07-12 08:33 . 2012-04-19 21:31 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 08:33 . 2011-05-16 08:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 10:01 . 2010-09-17 21:22 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-06 03:43 . 2010-12-18 18:47 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-07-06 03:43 . 2010-12-18 18:47 123480 ----a-w- c:\windows\system32\OpenAL32.dll
2012-07-06 03:43 . 2010-12-18 18:47 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-07-06 03:43 . 2010-12-18 18:47 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-06-18 10:12 . 2012-07-14 19:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A697401-0FEA-4E69-82D8-22C106895C28}\mpengine.dll
2012-06-02 22:19 . 2012-06-19 06:11 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 06:12 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 06:12 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 06:12 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 06:10 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-19 06:11 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 06:12 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 06:10 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-19 06:11 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-31 19:25 . 2010-09-15 16:37 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 10:48 . 2012-06-02 07:01 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-06-02 07:01 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2012-06-02 07:01 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-06-02 07:01 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-06-02 07:01 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-06-02 07:01 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-06-02 07:01 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-06-02 07:01 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-06-02 07:01 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-06-02 07:01 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-06-02 07:01 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-06-02 07:01 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-06-02 07:01 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-06-02 07:01 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2012-06-02 07:01 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-06-02 07:01 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-06-02 07:01 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-06-02 07:01 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-06-02 07:01 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-06-02 07:01 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-06-02 07:01 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-06-02 07:01 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2011-05-21 14:01 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2011-05-21 14:01 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2011-05-21 14:01 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2010-07-10 13:38 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2010-07-10 13:38 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 09:29 . 2010-07-10 00:17 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2010-07-10 00:27 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2010-07-10 00:17 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-06-02 07:02 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2010-07-10 00:17 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2010-07-10 00:17 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:21 . 2012-05-15 09:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-15 03:56 . 2012-06-13 01:52 1197568 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:52 . 2012-06-13 01:52 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:08 . 2012-06-13 01:52 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-04 10:52 . 2012-06-13 01:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:08 . 2012-06-13 01:52 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08 . 2012-06-13 01:52 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32 . 2012-06-13 01:52 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:50 . 2012-06-13 01:52 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:34 . 2012-06-13 01:52 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:34 . 2012-06-13 01:52 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:28 . 2012-06-13 01:52 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:59 . 2012-06-13 01:51 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:59 . 2012-06-13 01:51 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 05:59 . 2012-06-13 01:51 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 01:51 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:47 . 2012-06-13 01:51 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 01:51 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-19_18.29.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-15 16:32 . 2012-07-20 19:32 47572 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-20 19:32 33058 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-13 20:24 . 2012-07-20 19:32 16436 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-592917798-1658097988-3837472857-1000_UserData.bin
- 2010-09-14 08:16 . 2012-07-19 07:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-14 08:16 . 2012-07-19 22:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-14 08:16 . 2012-07-19 22:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-14 08:16 . 2012-07-19 07:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-19 07:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-19 22:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-15 16:32 . 2012-07-19 18:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-15 16:32 . 2012-07-20 19:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-15 16:32 . 2012-07-20 19:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-15 16:32 . 2012-07-19 18:30 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-15 16:32 . 2012-07-19 18:30 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-15 16:32 . 2012-07-20 19:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-15 16:35 . 2012-07-19 18:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-15 16:35 . 2012-07-20 19:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-15 16:35 . 2012-07-20 19:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-15 16:35 . 2012-07-19 18:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-19 18:28 . 2012-07-19 18:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-20 19:30 . 2012-07-20 19:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-19 18:28 . 2012-07-19 18:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-20 19:30 . 2012-07-20 19:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-07-19 18:27 287852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-20 19:29 287852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:34 . 2012-07-20 02:04 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-07-19 08:03 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-12-18 18:49 . 2012-07-20 19:29 27548448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-592917798-1658097988-3837472857-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"ishutdown2"="c:\program files (x86)\ishutdown\iShutdown\ilauncher.exe" [2011-05-31 17920]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-10-11 1242448]
"Creative Detector"="c:\program files (x86)\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-12-18 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-07-06 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-06 202840]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-06 94808]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-23 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-17 1255736]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-06 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-06 94808]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 08:33]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-592917798-1658097988-3837472857-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 08:05]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-592917798-1658097988-3837472857-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 08:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-22 2306448]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-22 413208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 386584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-22 161304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z4oofidk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110195&tt=010712_2&babsrc=KW_ss&mntrId=589b1fbf000000000000485b39f76cef&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110195&tt=010712_2
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 589b1fbf000000000000485b39f76cef
FF - user.js: extensions.BabylonToolbar_i.hardId - 589b1fbf000000000000485b39f76cef
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15527
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:22
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-592917798-1658097988-3837472857-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-592917798-1658097988-3837472857-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0b\06\0c\10;#?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\CTsvcCDA.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\Ctxfihlp.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\SysWOW64\CTXFISPI.EXE
c:\program files (x86)\Common Files\Steam\SteamService.exe
c:\program files (x86)\ishutdown\iShutdown\iShutdown.exe
.
**************************************************************************
.
Completion time: 2012-07-20 12:37:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-20 19:37
ComboFix2.txt 2012-07-19 18:36
.
Pre-Run: 2,930,135,040 bytes free
Post-Run: 5,154,562,048 bytes free
.
- - End Of File - - BB0FCCC31635EE2AEDA8645692D3A16A
 
AND Again...

ComboFix Script

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    DDS::
    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110195&tt=010712_2&babsrc=KW_ss&mntrId=589b1fbf000000000000485b39f76cef&q=
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110195&tt=010712_2
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - 589b1fbf000000000000485b39f76cef
    FF - user.js: extensions.BabylonToolbar_i.hardId - 589b1fbf000000000000485b39f76cef
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15527
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:22
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    Click to expand...
  • Save this as CFScript.txt, in the same location as ComboFix.exe

    CFScriptB-4.gif

  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.
 
Am I doing something wrong? Doesn't seem like anything is changing.

ComboFix 12-07-21.01 - User 21/07/2012 22:51:47.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3966.2550 [GMT -7:00]
Running from: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-22 05:56 . 2012-07-22 05:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-22 05:56 . 2012-07-22 05:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-21 19:40 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89D3335B-F4F1-40F5-8035-3F7759355A96}\mpengine.dll
2012-07-20 19:41 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-18 20:39 . 2012-07-18 20:39 -------- d-----w- C:\MGADiagToolOutput
2012-07-18 20:38 . 2012-07-18 20:38 -------- d-----w- c:\programdata\Office Genuine Advantage
2012-07-18 20:31 . 2012-07-18 20:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-18 20:31 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-18 00:45 . 2012-07-18 00:45 -------- d-----w- C:\FRST
2012-07-15 08:05 . 2012-07-15 08:05 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68991BE8-B3F6-4CC1-8405-8FCFE5E007F6}\gapaengine.dll
2012-07-15 08:04 . 2012-07-15 08:04 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-15 08:04 . 2012-07-15 08:04 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-14 07:47 . 2012-07-14 07:47 328704 ----a-w- c:\windows\system32\services.exe.7724DCCFF78EA5C3
2012-07-14 07:43 . 2012-07-14 07:43 328704 ----a-w- c:\windows\system32\services.exe.4AB7C7F0E51BCEBC
2012-07-12 19:14 . 2012-07-12 19:14 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-11 10:03 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 05:24 . 2012-07-06 05:26 -------- d-----w- C:\MyAudio
2012-07-06 05:22 . 2012-07-06 05:22 249 ----a-w- C:\user.js
2012-07-06 05:22 . 2012-07-06 05:22 -------- d-----w- c:\users\User\AppData\Roaming\Babylon
2012-07-06 05:22 . 2012-07-06 05:22 -------- d-----w- c:\programdata\Babylon
2012-06-23 10:37 . 2012-06-23 10:37 -------- d-----w- c:\users\User\AppData\Local\Macromedia
2012-06-23 09:16 . 2012-06-14 22:19 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-23 09:16 . 2012-06-14 22:19 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-14 07:50 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-07-12 08:33 . 2012-04-19 21:31 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 08:33 . 2011-05-16 08:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 10:01 . 2010-09-17 21:22 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-06 03:43 . 2010-12-18 18:47 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-07-06 03:43 . 2010-12-18 18:47 123480 ----a-w- c:\windows\system32\OpenAL32.dll
2012-07-06 03:43 . 2010-12-18 18:47 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-07-06 03:43 . 2010-12-18 18:47 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-06-18 10:12 . 2012-07-14 19:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A697401-0FEA-4E69-82D8-22C106895C28}\mpengine.dll
2012-06-02 22:19 . 2012-06-19 06:11 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 06:12 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 06:12 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 06:12 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 06:10 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-19 06:11 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 06:12 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 06:10 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-19 06:11 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-31 19:25 . 2010-09-15 16:37 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 10:48 . 2012-06-02 07:01 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-06-02 07:01 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2012-06-02 07:01 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-06-02 07:01 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-06-02 07:01 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-06-02 07:01 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-06-02 07:01 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-06-02 07:01 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-06-02 07:01 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-06-02 07:01 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-06-02 07:01 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-06-02 07:01 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-06-02 07:01 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-06-02 07:01 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2012-06-02 07:01 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-06-02 07:01 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-06-02 07:01 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-06-02 07:01 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-06-02 07:01 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-06-02 07:01 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-06-02 07:01 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-06-02 07:01 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2011-05-21 14:01 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2011-05-21 14:01 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2011-05-21 14:01 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2010-07-10 13:38 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2010-07-10 13:38 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 09:29 . 2010-07-10 00:17 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2010-07-10 00:27 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2010-07-10 00:17 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-06-02 07:02 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2010-07-10 00:17 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2010-07-10 00:17 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:21 . 2012-05-15 09:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-15 03:56 . 2012-06-13 01:52 1197568 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:52 . 2012-06-13 01:52 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:08 . 2012-06-13 01:52 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-04 10:52 . 2012-06-13 01:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:08 . 2012-06-13 01:52 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08 . 2012-06-13 01:52 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32 . 2012-06-13 01:52 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:50 . 2012-06-13 01:52 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:34 . 2012-06-13 01:52 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:34 . 2012-06-13 01:52 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:28 . 2012-06-13 01:52 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:59 . 2012-06-13 01:51 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:59 . 2012-06-13 01:51 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 05:59 . 2012-06-13 01:51 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 01:51 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:47 . 2012-06-13 01:51 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 01:51 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-19_18.29.08 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-09-15 16:35 . 2012-07-19 18:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-15 16:35 . 2012-07-22 05:59 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-15 16:35 . 2012-07-22 05:59 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-15 16:35 . 2012-07-19 18:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-19 18:28 . 2012-07-19 18:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-22 05:57 . 2012-07-22 05:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-19 18:28 . 2012-07-19 18:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-22 05:57 . 2012-07-22 05:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-07-19 18:27 287852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-22 05:56 287852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-12-18 18:49 . 2012-07-22 05:56 27605532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-592917798-1658097988-3837472857-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"ishutdown2"="c:\program files (x86)\ishutdown\iShutdown\ilauncher.exe" [2011-05-31 17920]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-10-11 1242448]
"Creative Detector"="c:\program files (x86)\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-12-18 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-07-06 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-06 202840]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-06 94808]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-23 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-17 1255736]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-06 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-06 94808]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 08:33]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-592917798-1658097988-3837472857-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 08:05]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-592917798-1658097988-3837472857-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 08:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-22 2306448]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-22 413208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 386584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-22 161304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z4oofidk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110195&tt=010712_2&babsrc=KW_ss&mntrId=589b1fbf000000000000485b39f76cef&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110195&tt=010712_2
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 589b1fbf000000000000485b39f76cef
FF - user.js: extensions.BabylonToolbar_i.hardId - 589b1fbf000000000000485b39f76cef
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15527
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:22
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-592917798-1658097988-3837472857-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-592917798-1658097988-3837472857-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0b\06\0c\10;#?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\CTsvcCDA.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\Ctxfihlp.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\SysWOW64\CTXFISPI.EXE
c:\program files (x86)\Common Files\Steam\SteamService.exe
c:\program files (x86)\ishutdown\iShutdown\iShutdown.exe
.
**************************************************************************
.
Completion time: 2012-07-21 23:04:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-22 06:04
ComboFix2.txt 2012-07-20 19:37
ComboFix3.txt 2012-07-19 18:36
.
Pre-Run: 4,023,132,160 bytes free
Post-Run: 2,850,873,344 bytes free
.
- - End Of File - - 42228A4D17A87496BB25BAFA1223ED7A
 
No...that's fine! Le'ts try something else...

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    CreateRestorePoint
    %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
    %AppData%\Local\
    %systemroot%\system32\sysprep
    *.xpi /md5
    %systemroot%\Downloaded Program Files\
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.exe /md5
    "%WinDir%\$NtUninstallKB*$." /30
    %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    %USERPROFILE%\AppData\Local\ /s
    %systemroot%\Installer\ /s
    %systemroot%\system32\Cache\ /s
    %systemroot%\system32\config\systemprofile\Application Data /s
    %PROGRAMFILES%\*.
    %appdata%\*.*
    /md5start
    volsnap.sys
    services.exe
    userinit.exe
    afd.sys
    tcpip.sys
    netbt.sys
    ipsec.sys
    dnsrslvr.dll
    ipnathlp.dll
    netman.dll
    WMIsvc.dll
    srsvc.dll
    sr.sys
    wscsvc.dll
    wuauserv.dll
    qmgr.dll
    es.dll
    cryptsvc.dll
    svchost.exe
    rpcss.dll
    tdx.sys
    wininit.exe
    winlogon.exe
    atapi.sys
    explorer.exe
    /md5stop
  • Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time
Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr
 
OTL logfile created on: 22/07/2012 11:02:55 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\User\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.87 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 62.50% Memory free
6.64 Gb Paging File | 5.00 Gb Available in Paging File | 75.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 2.88 Gb Free Space | 0.62% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/22 23:00:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012/06/20 11:47:13 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/10/11 11:28:41 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/05/31 02:00:56 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\ishutdown\iShutdown\ilauncher.exe
PRC - [2010/06/10 14:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2010/05/05 20:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010/05/05 20:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2009/11/04 13:39:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 13:39:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
PRC - [1999/12/13 02:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTSVCCDA.EXE


========== Modules (No Company Name) ==========

MOD - [2012/06/20 11:47:10 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/06/20 11:47:08 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/06/20 11:47:06 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/06/20 11:47:04 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/06/20 11:47:02 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/06/13 07:57:07 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012/06/13 07:56:58 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012/05/10 15:52:38 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/10 15:52:34 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/31 02:00:56 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\ishutdown\iShutdown\ilauncher.exe
MOD - [2010/05/05 20:56:46 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIRES.DLL
MOD - [2009/03/26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/12 01:33:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/05 20:45:11 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/23 02:16:28 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/20 11:47:13 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/15 03:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/12/18 12:21:20 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/11/04 13:39:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/04 13:39:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [1999/12/13 02:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Windows\SysWOW64\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/18 10:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 23:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/11/06 23:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/05/05 22:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/05/05 22:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/05/05 22:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/05/05 22:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/05/05 22:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/05/05 22:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010/05/05 22:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/05/05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/05/05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/05/05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/05/05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/05/05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/05/05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/04/21 18:18:46 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/15 20:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/12/05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A7 BB 87 4E 84 53 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searc...SP_ss&mntrId=589b1fbf000000000000485b39f76cef
IE - HKCU\..\SearchScopes\{4920A831-C75B-45AE-8A72-5A4A3F5D70BB}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=3C20C497-D187-4605-A021-99A4690960FC
IE - HKCU\..\SearchScopes\{5A682723-4FC1-488F-9414-65722B0E0E8C}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{BC0C2AA9-7FD6-446B-8058-26F32035299C}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.ca"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=11...ss&mntrId=589b1fbf000000000000485b39f76cef&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\User\AppData\Local\RewardsArcade\498\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/10 23:19:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/20 23:12:55 | 000,000,000 | ---D | M]

[2010/12/21 00:43:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2012/07/11 00:49:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z4oofidk.default\extensions
[2011/07/28 00:06:58 | 000,002,396 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z4oofidk.default\searchplugins\askcom.xml
[2012/07/10 23:19:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/11 00:49:30 | 000,525,390 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z4OOFIDK.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2011/12/07 09:32:00 | 000,017,877 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z4OOFIDK.DEFAULT\EXTENSIONS\VTZILLA@VIRUSTOTAL.COM.XPI
[2012/06/14 15:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/29 05:45:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/14 15:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 15:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.ca/
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/?q={searc...SP_ss&mntrId=589b1fbf000000000000485b39f76cef
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.ca/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Click 2 Save = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhnadmefmkcgjpegkbigbnmaakejlka\1.1_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/21 22:57:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
O4 - HKCU..\Run: [Creative Detector] C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [ishutdown2] C:\Program Files (x86)\ishutdown\iShutdown\ilauncher.exe ()
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEBEC50A-0523-446D-979C-2166E23665DB}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5DAD794A-2085-C465-0CAD-1C0350C12F49} - Browser Customizations
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E64B74FA-6578-F5A8-9BDB-CB800A57493D} - Browser Customizations
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/22 23:00:19 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/07/21 23:04:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/21 22:58:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/21 22:48:16 | 004,582,474 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012/07/19 01:07:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{47F569FA-D49F-4BFA-B107-50D6F4646E98}
[2012/07/19 01:07:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{52FCC9BD-51F0-488F-ADF9-E23891FB76AB}
[2012/07/18 13:39:51 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2012/07/18 13:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2012/07/18 13:37:40 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\User\Desktop\MGADiag.exe
[2012/07/18 13:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/18 13:31:10 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/18 13:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/18 13:29:55 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.62.0.1300(1).exe
[2012/07/17 17:45:23 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/17 15:29:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/07/17 15:08:15 | 001,437,107 | ---- | C] (Farbar) -- C:\Users\User\Desktop\FRST64.exe
[2012/07/15 01:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/07/15 01:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/15 00:39:21 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\User\Desktop\dds.scr
[2012/07/14 11:55:49 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/14 01:05:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/14 01:05:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/14 01:05:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/14 01:05:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/14 01:05:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/14 00:47:28 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe.7724DCCFF78EA5C3
[2012/07/14 00:43:55 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe.4AB7C7F0E51BCEBC
[2012/07/12 12:14:00 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/10 21:18:15 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/05 22:24:27 | 000,000,000 | ---D | C] -- C:\MyAudio
[2012/07/05 22:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/07/05 22:22:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Babylon
[2012/07/05 22:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/07/05 14:14:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C10A0F99-E347-4810-9CC8-A7EABBB435FA}
[2012/07/05 14:13:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6B40FE08-5D1F-40F4-8E53-57117E930208}
[2012/06/28 16:26:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1F8E927B-8889-4CB5-AC23-C1547454A102}
[2012/06/28 16:25:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D54BE971-E239-487F-9D1C-DFBB5CA13F05}
[2012/06/27 11:13:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{09BD7D8B-4489-4270-8858-A75DE8689E6B}
[2012/06/27 11:12:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1BA0E979-F501-4281-AE03-E813D706815E}
[2012/06/25 22:43:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{03053413-6EAB-4A30-B208-FF97D8A02CE2}
[2012/06/25 22:42:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D8141412-A7EF-4605-B17F-658019F9BA2A}
[2012/06/23 23:09:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E5CC7818-D0C5-4F28-8541-C453126523AA}
[2012/06/23 23:08:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A739478A-0A34-4CA8-8537-42703D8CA3BF}
[2012/06/23 03:37:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Macromedia

========== Files - Modified Within 30 Days ==========

[2012/07/22 23:00:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/07/22 22:33:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/22 22:28:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-592917798-1658097988-3837472857-1000UA.job
[2012/07/22 04:28:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-592917798-1658097988-3837472857-1000Core.job
[2012/07/21 23:34:07 | 001,203,627 | ---- | M] () -- C:\Users\User\Desktop\comboscript.png
[2012/07/21 23:08:31 | 000,020,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/21 23:08:31 | 000,020,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/21 22:57:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/21 22:57:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/21 22:57:15 | 3119,030,272 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/21 22:56:46 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000007-00000000-00000002-00001102-00000005-00211102}.rfx
[2012/07/21 22:56:46 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000007-00000000-00000002-00001102-00000005-00211102}.rfx
[2012/07/21 22:56:46 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000007-00000000-00000002-00001102-00000005-00211102}.rfx
[2012/07/21 22:48:19 | 004,582,474 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012/07/18 13:37:40 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\User\Desktop\MGADiag.exe
[2012/07/18 13:31:11 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/18 13:30:00 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.62.0.1300(1).exe
[2012/07/17 15:56:18 | 3224,686,592 | ---- | M] () -- C:\Users\User\Desktop\X15-65733.iso
[2012/07/17 15:08:15 | 001,437,107 | ---- | M] (Farbar) -- C:\Users\User\Desktop\FRST64.exe
[2012/07/16 10:29:02 | 000,138,001 | ---- | M] () -- C:\Users\User\Desktop\farbar.png
[2012/07/16 09:22:41 | 000,000,212 | ---- | M] () -- C:\Users\User\Desktop\VirHelp.url
[2012/07/15 01:05:00 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/15 01:04:42 | 000,735,282 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/15 01:04:42 | 000,618,160 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/15 01:04:42 | 000,107,440 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/15 00:39:21 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\User\Desktop\dds.scr
[2012/07/14 11:55:52 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/14 11:52:17 | 000,302,592 | ---- | M] () -- C:\Users\User\Desktop\4r3mlo0h.exe
[2012/07/14 01:20:47 | 522,565,534 | ---- | M] () -- C:\Users\User\Desktop\Hirens.BootCD.15.1.zip
[2012/07/14 01:06:58 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/14 00:50:28 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe
[2012/07/14 00:47:28 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe.7724DCCFF78EA5C3
[2012/07/14 00:43:55 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe.4AB7C7F0E51BCEBC
[2012/07/12 01:33:22 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/12 01:33:22 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/11 03:20:31 | 000,300,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/06 04:36:46 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2012/07/06 04:36:46 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[2012/07/05 22:22:46 | 000,000,249 | ---- | M] () -- C:\user.js
[2012/07/05 20:43:58 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/07/05 20:43:58 | 000,123,480 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/07/05 20:43:57 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/07/05 20:43:57 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012/07/05 20:43:57 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/07/21 23:34:07 | 001,203,627 | ---- | C] () -- C:\Users\User\Desktop\comboscript.png
[2012/07/18 13:31:11 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/17 15:38:12 | 3224,686,592 | ---- | C] () -- C:\Users\User\Desktop\X15-65733.iso
[2012/07/16 10:12:50 | 000,138,001 | ---- | C] () -- C:\Users\User\Desktop\farbar.png
[2012/07/16 09:22:28 | 000,000,212 | ---- | C] () -- C:\Users\User\Desktop\VirHelp.url
[2012/07/15 01:04:48 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/14 11:52:15 | 000,302,592 | ---- | C] () -- C:\Users\User\Desktop\4r3mlo0h.exe
[2012/07/14 01:14:55 | 522,565,534 | ---- | C] () -- C:\Users\User\Desktop\Hirens.BootCD.15.1.zip
[2012/07/14 01:05:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/14 01:05:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/14 01:05:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/14 01:05:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/14 01:05:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/10 23:19:53 | 000,001,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/06 04:36:46 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm
[2012/07/06 04:36:46 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settings.sfm
[2012/07/05 22:22:45 | 000,000,249 | ---- | C] () -- C:\user.js
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/02/29 05:38:47 | 000,003,584 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/16 00:38:54 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012/02/16 00:38:52 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011/03/17 22:07:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/07 04:21:50 | 000,735,282 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/20 17:48:29 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/12/18 11:47:17 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/12/18 11:47:17 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/09/13 13:26:19 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/09/13 13:26:16 | 000,030,566 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/14 15:20:49 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/14 15:20:49 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/14 15:20:49 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/06/14 15:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/06/14 15:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/14 15:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/04/19 22:08:37 | 000,672,856 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/04/19 22:08:37 | 000,672,856 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/06/14 15:20:49 | 000,867,072 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/06/14 15:20:49 | 000,867,072 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/06/14 15:20:49 | 000,867,072 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/06/14 15:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/06/14 15:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/06/14 15:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/04/19 22:08:37 | 000,672,856 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/04/19 22:08:37 | 000,672,856 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2012/07/10 23:27:43 | 000,213,064 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists
[2012/07/10 23:43:20 | 000,000,004 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
[2012/07/10 23:43:19 | 000,011,955 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Local State
[2012/07/10 23:23:28 | 005,631,884 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom
[2012/07/10 23:23:28 | 001,345,468 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Filter 2
[2012/05/23 05:28:58 | 000,006,144 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies
[2012/05/23 05:28:58 | 000,001,544 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal
[2012/07/10 23:23:28 | 000,134,408 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Safe Browsing Csd Whitelist
[2012/07/10 23:23:27 | 002,062,596 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Safe Browsing Download
[2012/07/10 23:23:28 | 000,016,668 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Safe Browsing Download Whitelist
[2011/12/02 02:25:52 | 000,000,055 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Service State
[2012/07/10 23:21:40 | 000,057,344 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Archived History
[2012/07/10 23:21:40 | 000,000,512 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Archived History-journal
[2011/12/02 01:49:25 | 000,005,451 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
[2011/12/02 01:49:25 | 000,005,451 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
[2012/07/10 23:43:13 | 000,016,384 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
[2012/07/10 23:43:19 | 000,130,920 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Current Session
[2012/07/10 23:43:19 | 000,054,003 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
[2011/12/02 01:11:10 | 000,006,144 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
[2012/07/10 23:42:53 | 000,032,768 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Favicons
[2012/07/10 23:42:53 | 000,014,904 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
[2012/05/23 05:28:48 | 000,150,798 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
[2012/07/10 23:43:20 | 000,090,112 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\History
[2012/07/10 23:42:53 | 000,053,248 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-07
[2012/07/10 23:42:53 | 000,016,384 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-07-journal
[2012/07/10 23:43:20 | 000,002,505 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
[2012/07/10 23:43:20 | 000,016,384 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\History-journal
[2011/12/02 01:08:22 | 000,012,288 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Login Data
[2012/07/10 23:21:40 | 000,003,072 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
[2012/07/10 23:21:40 | 000,000,512 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal
[2012/07/10 23:43:20 | 000,045,308 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
[2011/12/02 01:11:40 | 000,013,312 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
[2012/05/23 05:29:47 | 000,000,180 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\README
[2012/05/26 10:34:02 | 000,012,288 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
[2012/07/10 23:24:10 | 000,065,536 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Top Sites
[2012/07/10 23:24:10 | 000,016,384 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
[2012/07/10 23:43:20 | 000,131,072 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Visited Links
[2012/07/10 23:21:50 | 000,090,112 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data
[2012/07/10 23:21:50 | 000,016,384 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
[1 C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\*.tmp files -> C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\*.tmp -> ]
[2012/07/10 23:43:20 | 000,045,056 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
[2012/07/10 23:43:20 | 000,270,336 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
[2012/07/10 23:43:20 | 001,056,768 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
[2012/07/10 23:43:20 | 004,202,496 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
[2012/07/10 23:21:42 | 000,017,764 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001
[2012/07/10 23:21:43 | 000,024,956 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000002
[2012/07/10 23:23:03 | 000,023,844 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003
[2012/07/10 23:23:03 | 000,150,055 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000004
[2012/07/10 23:23:04 | 000,028,693 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000005
[2012/07/10 23:23:04 | 000,016,899 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000006
[2012/07/10 23:23:06 | 000,017,691 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000007
[2012/07/10 23:23:06 | 000,021,021 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000008
[2012/07/10 23:23:06 | 000,033,673 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000009
[2012/07/10 23:23:07 | 000,029,717 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000a
[2012/07/10 23:23:07 | 000,021,777 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000b
[2012/07/10 23:23:13 | 000,045,437 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
[2012/07/10 23:23:13 | 000,072,007 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
[2012/07/10 23:23:13 | 000,038,205 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
[2012/07/10 23:23:14 | 000,024,121 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
[2012/07/10 23:23:14 | 000,086,814 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
[2012/07/10 23:23:14 | 000,045,128 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011
[2012/07/10 23:23:14 | 000,017,958 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012
[2012/07/10 23:23:14 | 000,016,833 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000013
[2012/07/10 23:23:15 | 000,017,426 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000014
[2012/07/10 23:23:16 | 000,040,696 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000015
[2012/07/10 23:23:30 | 000,720,746 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000016
[2012/07/10 23:42:12 | 000,018,016 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000017
[2012/07/10 23:42:12 | 000,018,714 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000018
[2012/07/10 23:42:12 | 000,017,925 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000019
[2012/07/10 23:42:12 | 000,102,588 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001a
[2012/07/10 23:42:13 | 000,146,293 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001b
[2012/07/10 23:42:15 | 000,029,841 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001c
[2012/07/10 23:42:18 | 000,020,542 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001d
[2012/07/10 23:42:20 | 000,071,588 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001e
[2012/07/10 23:42:46 | 000,023,358 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001f
[2012/07/10 23:42:46 | 000,040,737 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000020
[2012/07/10 23:42:46 | 000,033,488 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000021
[2012/07/10 23:42:47 | 000,095,077 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000022
[2012/07/10 23:42:47 | 000,082,403 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000023
[2012/07/10 23:42:47 | 000,132,542 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000024
[2012/07/10 23:42:48 | 000,179,448 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000025
[2012/07/10 23:42:51 | 000,110,007 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000026
[2012/07/10 23:42:51 | 000,075,983 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000027
[2012/07/10 23:42:52 | 000,111,537 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000028
[2012/07/10 23:42:52 | 000,095,415 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000029
[2012/07/10 23:42:53 | 000,083,075 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002a
[2012/07/10 23:42:53 | 000,093,722 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002b
[2012/07/10 23:21:41 | 000,524,656 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\index
[2011/12/02 01:11:10 | 000,007,168 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\databases
 
[2012/07/10 23:21:42 | 000,003,524 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\128.png
[2012/07/10 23:21:42 | 000,000,745 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\manifest.json
[2012/07/10 23:21:42 | 000,000,401 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ar\messages.json
[2012/07/10 23:21:42 | 000,000,427 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\bg\messages.json
[2012/07/10 23:21:42 | 000,000,250 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ca\messages.json
[2012/07/10 23:21:42 | 000,000,255 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\cs\messages.json
[2012/07/10 23:21:42 | 000,000,242 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\da\messages.json
[2012/07/10 23:21:42 | 000,000,226 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\de\messages.json
[2012/07/10 23:21:42 | 000,000,475 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\el\messages.json
[2012/07/10 23:21:42 | 000,000,227 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\en\messages.json
[2012/07/10 23:21:42 | 000,000,240 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\es\messages.json
[2012/07/10 23:21:42 | 000,000,222 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\fi\messages.json
[2012/07/10 23:21:42 | 000,000,236 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\fil\messages.json
[2012/07/10 23:21:42 | 000,000,249 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\fr\messages.json
[2012/07/10 23:21:42 | 000,000,419 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\he\messages.json
[2012/07/10 23:21:42 | 000,000,408 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\hi\messages.json
[2012/07/10 23:21:42 | 000,000,220 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\hr\messages.json
[2012/07/10 23:21:42 | 000,000,253 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\hu\messages.json
[2012/07/10 23:21:42 | 000,000,231 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\id\messages.json
[2012/07/10 23:21:42 | 000,000,224 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\it\messages.json
[2012/07/10 23:21:42 | 000,000,349 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ja\messages.json
[2012/07/10 23:21:42 | 000,000,323 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ko\messages.json
[2012/07/10 23:21:42 | 000,000,266 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\lt\messages.json
[2012/07/10 23:21:42 | 000,000,245 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\lv\messages.json
[2012/07/10 23:21:42 | 000,000,225 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\nl\messages.json
[2012/07/10 23:21:41 | 000,000,216 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\no\messages.json
[2012/07/10 23:21:42 | 000,000,274 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\pl\messages.json
[2012/07/10 23:21:42 | 000,000,237 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\pt_BR\messages.json
[2012/07/10 23:21:42 | 000,000,236 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\pt_PT\messages.json
[2012/07/10 23:21:42 | 000,000,248 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ro\messages.json
[2012/07/10 23:21:42 | 000,000,394 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ru\messages.json
[2012/07/10 23:21:42 | 000,000,241 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sk\messages.json
[2012/07/10 23:21:42 | 000,000,245 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sl\messages.json
[2012/07/10 23:21:42 | 000,000,437 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sr\messages.json
[2012/07/10 23:21:42 | 000,000,238 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sv\messages.json
[2012/07/10 23:21:42 | 000,000,365 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\th\messages.json
[2012/07/10 23:21:42 | 000,000,255 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\tr\messages.json
[2012/07/10 23:21:42 | 000,000,442 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\uk\messages.json
[2012/07/10 23:21:42 | 000,000,310 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\vi\messages.json
[2012/07/10 23:21:42 | 000,000,257 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\zh_CN\messages.json
[2012/07/10 23:21:42 | 000,000,269 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\zh_TW\messages.json
[2012/01/01 13:30:45 | 000,006,442 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\128.png
[2012/01/01 13:30:45 | 000,000,697 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\manifest.json
[2012/01/01 13:30:45 | 000,006,856 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\128.png
[2012/01/01 13:30:45 | 000,000,749 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\16.png
[2012/01/01 13:30:45 | 000,001,946 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\32.png
[2012/01/01 13:30:45 | 000,002,184 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\48.png
[2012/01/01 13:30:45 | 000,000,826 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\manifest.json
[2012/01/01 13:30:45 | 000,000,423 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ar\messages.json
[2012/01/01 13:30:45 | 000,000,515 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\bg\messages.json
[2012/01/01 13:30:45 | 000,000,330 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ca\messages.json
[2012/01/01 13:30:45 | 000,000,355 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\cs\messages.json
[2012/01/01 13:30:45 | 000,000,328 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\da\messages.json
[2012/01/01 13:30:45 | 000,000,307 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\de\messages.json
[2012/01/01 13:30:45 | 000,000,569 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\el\messages.json
[2012/01/01 13:30:45 | 000,000,314 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\en\messages.json
[2012/01/01 13:30:45 | 000,000,314 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\en_GB\messages.json
[2012/01/01 13:30:45 | 000,000,314 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\en_US\messages.json
[2012/01/01 13:30:45 | 000,000,340 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\es\messages.json
[2012/01/01 13:30:45 | 000,000,341 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\es_419\messages.json
[2012/01/01 13:30:45 | 000,000,314 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\et\messages.json
[2012/01/01 13:30:45 | 000,000,305 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\fi\messages.json
[2012/01/01 13:30:45 | 000,000,337 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\fil\messages.json
[2012/01/01 13:30:45 | 000,000,329 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\fr\messages.json
[2012/01/01 13:30:45 | 000,000,471 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\he\messages.json
[2012/01/01 13:30:45 | 000,000,326 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\hi\messages.json
[2012/01/01 13:30:45 | 000,000,340 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\hr\messages.json
[2012/01/01 13:30:45 | 000,000,336 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\hu\messages.json
[2012/01/01 13:30:45 | 000,000,319 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\id\messages.json
[2012/01/01 13:30:45 | 000,000,324 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\it\messages.json
[2012/01/01 13:30:45 | 000,000,388 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ja\messages.json
[2012/01/01 13:30:45 | 000,000,380 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ko\messages.json
[2012/01/01 13:30:45 | 000,000,359 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\lt\messages.json
[2012/01/01 13:30:45 | 000,000,360 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\lv\messages.json
[2012/01/01 13:30:45 | 000,000,323 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\nl\messages.json
[2012/01/01 13:30:45 | 000,000,300 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\no\messages.json
[2012/01/01 13:30:45 | 000,000,336 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\pl\messages.json
[2012/01/01 13:30:45 | 000,000,332 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\pt_BR\messages.json
[2012/01/01 13:30:45 | 000,000,331 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\pt_PT\messages.json
[2012/01/01 13:30:45 | 000,000,332 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ro\messages.json
[2012/01/01 13:30:45 | 000,000,471 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ru\messages.json
[2012/01/01 13:30:45 | 000,000,338 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\sk\messages.json
[2012/01/01 13:30:45 | 000,000,329 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\sl\messages.json
[2012/01/01 13:30:45 | 000,000,483 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\sr\messages.json
[2012/01/01 13:30:45 | 000,000,333 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\sv\messages.json
[2012/01/01 13:30:45 | 000,000,472 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\th\messages.json
[2012/01/01 13:30:45 | 000,000,330 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\tr\messages.json
[2012/01/01 13:30:45 | 000,000,501 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\uk\messages.json
[2012/01/01 13:30:45 | 000,000,363 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\vi\messages.json
[2012/01/01 13:30:45 | 000,000,346 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\zh_CN\messages.json
[2012/01/01 13:30:45 | 000,000,346 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\zh_TW\messages.json
[2012/07/10 23:21:41 | 000,005,369 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\128.png
[2012/07/10 23:21:41 | 000,000,496 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\16.png
[2012/07/10 23:21:41 | 000,001,143 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\32.png
[2012/07/10 23:21:41 | 000,001,858 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\48.png
[2012/07/10 23:21:41 | 000,000,790 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\manifest.json
[2012/07/10 23:21:41 | 000,000,423 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ar\messages.json
[2012/07/10 23:21:41 | 000,000,515 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\bg\messages.json
[2012/07/10 23:21:41 | 000,000,330 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ca\messages.json
[2012/07/10 23:21:41 | 000,000,355 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\cs\messages.json
[2012/07/10 23:21:41 | 000,000,328 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\da\messages.json
[2012/07/10 23:21:41 | 000,000,307 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\de\messages.json
[2012/07/10 23:21:41 | 000,000,569 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\el\messages.json
[2012/07/10 23:21:41 | 000,000,314 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en\messages.json
[2012/07/10 23:21:41 | 000,000,314 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_GB\messages.json
[2012/07/10 23:21:41 | 000,000,314 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_US\messages.json
[2012/07/10 23:21:41 | 000,000,340 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es\messages.json
[2012/07/10 23:21:41 | 000,000,341 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es_419\messages.json
[2012/07/10 23:21:41 | 000,000,314 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\et\messages.json
[2012/07/10 23:21:41 | 000,000,305 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fi\messages.json
[2012/07/10 23:21:41 | 000,000,337 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fil\messages.json
[2012/07/10 23:21:41 | 000,000,329 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fr\messages.json
[2012/07/10 23:21:41 | 000,000,471 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\he\messages.json
[2012/07/10 23:21:41 | 000,000,326 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hi\messages.json
[2012/07/10 23:21:41 | 000,000,340 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hr\messages.json
[2012/07/10 23:21:41 | 000,000,336 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hu\messages.json
[2012/07/10 23:21:41 | 000,000,319 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\id\messages.json
[2012/07/10 23:21:41 | 000,000,324 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\it\messages.json
[2012/07/10 23:21:41 | 000,000,388 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ja\messages.json
[2012/07/10 23:21:41 | 000,000,380 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ko\messages.json
[2012/07/10 23:21:41 | 000,000,359 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lt\messages.json
[2012/07/10 23:21:41 | 000,000,360 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lv\messages.json
[2012/07/10 23:21:41 | 000,000,323 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\nl\messages.json
[2012/07/10 23:21:40 | 000,000,300 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\no\messages.json
[2012/07/10 23:21:41 | 000,000,336 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pl\messages.json
[2012/07/10 23:21:41 | 000,000,332 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_BR\messages.json
[2012/07/10 23:21:41 | 000,000,331 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_PT\messages.json
[2012/07/10 23:21:41 | 000,000,332 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ro\messages.json
[2012/07/10 23:21:41 | 000,000,471 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ru\messages.json
[2012/07/10 23:21:41 | 000,000,338 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sk\messages.json
[2012/07/10 23:21:41 | 000,000,329 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sl\messages.json
[2012/07/10 23:21:41 | 000,000,483 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sr\messages.json
[2012/07/10 23:21:41 | 000,000,333 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sv\messages.json
[2012/07/10 23:21:41 | 000,000,472 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\th\messages.json
[2012/07/10 23:21:41 | 000,000,330 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\tr\messages.json
[2012/07/10 23:21:41 | 000,000,501 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\uk\messages.json
[2012/07/10 23:21:41 | 000,000,363 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\vi\messages.json
[2012/07/10 23:21:41 | 000,000,346 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_CN\messages.json
[2012/07/10 23:21:41 | 000,000,346 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_TW\messages.json
[2012/05/29 02:41:55 | 000,005,872 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhnadmefmkcgjpegkbigbnmaakejlka\1.1_0\background.html
[2012/05/29 02:41:55 | 000,001,404 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhnadmefmkcgjpegkbigbnmaakejlka\1.1_0\indexeddb.js
[2012/05/29 02:41:55 | 000,093,867 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhnadmefmkcgjpegkbigbnmaakejlka\1.1_0\jquery.js
[2012/05/29 02:41:55 | 000,001,582 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhnadmefmkcgjpegkbigbnmaakejlka\1.1_0\lsdb.js
[2012/05/29 02:41:55 | 000,000,658 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhnadmefmkcgjpegkbigbnmaakejlka\1.1_0\manifest.json
[2012/05/29 02:41:55 | 000,001,815 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhnadmefmkcgjpegkbigbnmaakejlka\1.1_0\sqlite.js
[2012/05/29 02:41:55 | 000,000,231 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhnadmefmkcgjpegkbigbnmaakejlka\1.1_0\worker.js
[2012/01/01 13:30:45 | 000,005,283 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\128.png
[2012/01/01 13:30:45 | 000,000,997 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\24.png
[2012/01/01 13:30:45 | 000,002,502 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\48.png
[2012/01/01 13:30:45 | 000,000,805 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\manifest.json
[2012/01/01 13:30:45 | 000,000,556 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ar\messages.json
[2012/01/01 13:30:45 | 000,000,492 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\bg\messages.json
[2012/01/01 13:30:45 | 000,000,262 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ca\messages.json
[2012/01/01 13:30:45 | 000,000,289 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\cs\messages.json
[2012/01/01 13:30:45 | 000,000,240 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\da\messages.json
[2012/01/01 13:30:45 | 000,000,239 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\de\messages.json
[2012/01/01 13:30:45 | 000,000,624 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\el\messages.json
[2012/01/01 13:30:45 | 000,000,215 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\en\messages.json
[2012/01/01 13:30:45 | 000,000,281 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\es\messages.json
[2012/01/01 13:30:45 | 000,000,284 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\fi\messages.json
[2012/01/01 13:30:45 | 000,000,234 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\fil\messages.json
[2012/01/01 13:30:45 | 000,000,272 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\fr\messages.json
[2012/01/01 13:30:45 | 000,000,391 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\hi\messages.json
[2012/01/01 13:30:45 | 000,000,246 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\hr\messages.json
[2012/01/01 13:30:45 | 000,000,234 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\hu\messages.json
[2012/01/01 13:30:45 | 000,000,242 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\id\messages.json
[2012/01/01 13:30:45 | 000,000,260 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\it\messages.json
[2012/01/01 13:30:45 | 000,000,364 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ja\messages.json
[2012/01/01 13:30:45 | 000,000,328 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ko\messages.json
[2012/01/01 13:30:45 | 000,000,269 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\lt\messages.json
[2012/01/01 13:30:45 | 000,000,262 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\lv\messages.json
[2012/01/01 13:30:45 | 000,000,232 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\nl\messages.json
[2012/01/01 13:30:45 | 000,000,210 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\no\messages.json
[2012/01/01 13:30:45 | 000,000,292 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\pl\messages.json
[2012/01/01 13:30:45 | 000,000,230 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\pt_BR\messages.json
[2012/01/01 13:30:45 | 000,000,231 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\pt_PT\messages.json
[2012/01/01 13:30:45 | 000,000,281 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ro\messages.json
[2012/01/01 13:30:45 | 000,000,482 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ru\messages.json
[2012/01/01 13:30:45 | 000,000,210 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\se\messages.json
[2012/01/01 13:30:45 | 000,000,238 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\sk\messages.json
[2012/01/01 13:30:45 | 000,000,249 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\sl\messages.json
[2012/01/01 13:30:45 | 000,000,511 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\sr\messages.json
[2012/01/01 13:30:45 | 000,000,471 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\th\messages.json
[2012/01/01 13:30:45 | 000,000,250 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\tr\messages.json
[2012/01/01 13:30:45 | 000,000,536 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\uk\messages.json
[2012/01/01 13:30:45 | 000,000,257 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\vi\messages.json
[2012/01/01 13:30:45 | 000,000,339 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\zh_CN\messages.json
[2012/01/01 13:30:45 | 000,000,321 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\zh_TW\messages.json
[2012/07/10 23:21:41 | 000,005,920 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\128.png
[2012/07/10 23:21:41 | 000,000,755 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\manifest.json
[2012/07/10 23:21:41 | 000,000,556 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ar\messages.json
[2012/07/10 23:21:41 | 000,000,492 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\bg\messages.json
[2012/07/10 23:21:41 | 000,000,262 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ca\messages.json
[2012/07/10 23:21:41 | 000,000,289 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\cs\messages.json
[2012/07/10 23:21:41 | 000,000,240 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\da\messages.json
[2012/07/10 23:21:41 | 000,000,239 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\de\messages.json
[2012/07/10 23:21:41 | 000,000,624 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\el\messages.json
[2012/07/10 23:21:41 | 000,000,215 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\en\messages.json
[2012/07/10 23:21:41 | 000,000,281 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\es\messages.json
[2012/07/10 23:21:41 | 000,000,284 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fi\messages.json
[2012/07/10 23:21:41 | 000,000,234 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fil\messages.json
[2012/07/10 23:21:41 | 000,000,272 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fr\messages.json
[2012/07/10 23:21:41 | 000,000,391 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hi\messages.json
[2012/07/10 23:21:41 | 000,000,246 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hr\messages.json
[2012/07/10 23:21:41 | 000,000,234 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hu\messages.json
[2012/07/10 23:21:41 | 000,000,242 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\id\messages.json
[2012/07/10 23:21:41 | 000,000,260 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\it\messages.json
[2012/07/10 23:21:41 | 000,000,364 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ja\messages.json
[2012/07/10 23:21:41 | 000,000,328 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ko\messages.json
[2012/07/10 23:21:41 | 000,000,269 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\lt\messages.json
[2012/07/10 23:21:41 | 000,000,262 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\lv\messages.json
[2012/07/10 23:21:41 | 000,000,232 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\nl\messages.json
[2012/07/10 23:21:40 | 000,000,210 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\no\messages.json
[2012/07/10 23:21:41 | 000,000,292 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\pl\messages.json
[2012/07/10 23:21:41 | 000,000,230 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\pt_BR\messages.json
[2012/07/10 23:21:41 | 000,000,231 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\pt_PT\messages.json
[2012/07/10 23:21:41 | 000,000,281 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ro\messages.json
[2012/07/10 23:21:41 | 000,000,482 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ru\messages.json
[2012/07/10 23:21:40 | 000,000,210 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\se\messages.json
[2012/07/10 23:21:41 | 000,000,238 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\sk\messages.json
[2012/07/10 23:21:41 | 000,000,249 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\sl\messages.json
[2012/07/10 23:21:41 | 000,000,511 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\sr\messages.json
[2012/07/10 23:21:41 | 000,000,471 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\th\messages.json
[2012/07/10 23:21:41 | 000,000,250 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\tr\messages.json
[2012/07/10 23:21:41 | 000,000,536 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\uk\messages.json
[2012/07/10 23:21:41 | 000,000,257 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\vi\messages.json
[2012/07/10 23:21:41 | 000,000,339 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\zh_CN\messages.json
[2012/07/10 23:21:41 | 000,000,321 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\zh_TW\messages.json
[4 C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp files -> C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp -> ]
[4 C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp files -> C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp -> ]
[2011/12/02 01:42:56 | 000,003,072 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eemcgdkfndhakfknompkggombfjjjeno_0.localstorage
[2012/07/10 23:21:44 | 000,008,192 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nbhnadmefmkcgjpegkbigbnmaakejlka_0.localstorage
[2012/07/10 23:21:44 | 000,003,608 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nbhnadmefmkcgjpegkbigbnmaakejlka_0.localstorage-journal
[2011/12/02 01:06:11 | 000,000,000 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css
[2011/12/02 01:08:05 | 000,075,968 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\DECODED_IMAGES
[2011/12/02 01:08:05 | 000,000,024 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\DECODED_MESSAGE_CATALOGS
[2011/10/02 12:31:30 | 000,122,677 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\rewardsarcade.crx
[2011/12/02 01:08:04 | 000,001,389 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\background.html
[2011/12/02 01:08:04 | 000,000,398 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\background.js
[2011/12/02 01:08:04 | 000,003,869 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\extension.js
[2011/12/02 01:08:05 | 000,001,454 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\manifest.json
[2011/12/02 01:08:04 | 000,000,000 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\popup.html
[2011/12/02 01:08:05 | 000,016,538 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\icons\icon128.png
[2011/12/02 01:08:05 | 000,000,782 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\icons\icon16.png
[2011/12/02 01:08:05 | 000,003,552 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\icons\icon48.png
[2011/12/02 01:08:04 | 000,001,859 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\icons\actions\icon1.png
[2011/12/02 01:08:04 | 000,004,063 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\icons\notifications\icon1.png
[2011/12/02 01:08:05 | 000,044,360 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\background.js
[2011/12/02 01:08:04 | 000,003,281 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\api\analytics.js
[2011/12/02 01:08:04 | 000,008,452 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\api\chrome.js
[2011/12/02 01:08:04 | 000,007,674 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\api\cookie.js
[2011/12/02 01:08:04 | 000,000,610 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\api\debug.js
[2011/12/02 01:08:04 | 000,002,053 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\api\dom.js
[2011/12/02 01:08:04 | 000,005,487 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\api\fb_api.js
[2011/12/02 01:08:04 | 000,000,538 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\api\installer.js
[2011/12/02 01:08:04 | 000,001,948 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\api\message.js
[2011/12/02 01:08:04 | 000,002,634 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\api\push.js
[2011/12/02 01:08:04 | 000,002,708 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\api\request.js
[2011/12/02 01:08:04 | 000,002,564 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\api\time.js
[2011/12/02 01:08:05 | 000,019,802 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\lib\app_api.js
[2011/12/02 01:08:05 | 000,004,895 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\lib\async_api.js
[2011/12/02 01:08:05 | 000,004,855 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\lib\bg_app_api.js
[2011/12/02 01:08:05 | 000,004,243 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\lib\cookie_store.js
[2011/12/02 01:08:05 | 000,003,399 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\lib\data_store.js
[2011/12/02 01:08:05 | 000,023,402 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\lib\faye-browser-min.js
[2011/12/02 01:08:05 | 000,004,873 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\lib\fb_bridge.js
[2011/12/02 01:08:05 | 000,163,579 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\lib\jquery-1.4.2.js
[2011/12/02 01:08:05 | 000,002,177 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\lib\jquery_later.js
[2011/12/02 01:08:05 | 000,003,393 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\lib\util.js
 
Status
Not open for further replies.

Similar threads

ravisunny2
Solved Need help with possible infection
Replies
11
Views
3K
Broni
Broni
A
Solved My computer was hit by unknown malware
2
Replies
30
Views
11K
Broni
Broni
learninmypc
Solved Slow to boot up & shut down
Replies
6
Views
4K
Broni
Broni

Latest posts

Back