also @ TechSpot: Check your bill: AT&T adds new 'administrative fee' to wireless bills

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Sirefef .AA .W .AN .P .AB being detected by anti-virus help please!

Discussion in 'Virus and Malware Removal' started by Brennan, Jul 14, 2012.

Page 2 of 4

Brennan Newcomer, in training Posts: 52

This is how I do it right?

Brennan, Jul 22, 2012

#21
Jay Pfoutz Malware Helper Posts: 4,286 +49
No...that's fine! Le'ts try something else...

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in

msconfig
safebootminimal
activex
drivers32
netsvcs
CreateRestorePoint
%AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
%AppData%\Local\
%systemroot%\system32\sysprep
*.xpi /md5
%systemroot%\Downloaded Program Files\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\System32\config\*.sav
%SYSTEMDRIVE%\*.exe /md5
"%WinDir%\$NtUninstallKB*$." /30
%systemdrive%\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
%USERPROFILE%\AppData\Local\ /s
%systemroot%\Installer\ /s
%systemroot%\system32\Cache\ /s
%systemroot%\system32\config\systemprofile\Application Data /s
%PROGRAMFILES%\*.
%appdata%\*.*
/md5start
volsnap.sys
services.exe
userinit.exe
afd.sys
tcpip.sys
netbt.sys
ipsec.sys
dnsrslvr.dll
ipnathlp.dll
netman.dll
WMIsvc.dll
srsvc.dll
sr.sys
wscsvc.dll
wuauserv.dll
qmgr.dll
es.dll
cryptsvc.dll
svchost.exe
rpcss.dll
tdx.sys
wininit.exe
winlogon.exe
atapi.sys
explorer.exe
/md5stop

Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr
Jay Pfoutz, Jul 22, 2012

#22
Brennan Newcomer, in training Posts: 52

OTL logfile created on: 22/07/2012 11:02:55 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\User\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.87 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 62.50% Memory free
6.64 Gb Paging File | 5.00 Gb Available in Paging File | 75.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 2.88 Gb Free Space | 0.62% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/22 23:00:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012/06/20 11:47:13 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/10/11 11:28:41 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/05/31 02:00:56 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\ishutdown\iShutdown\ilauncher.exe
PRC - [2010/06/10 14:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2010/05/05 20:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010/05/05 20:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2009/11/04 13:39:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 13:39:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
PRC - [1999/12/13 02:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTSVCCDA.EXE

========== Modules (No Company Name) ==========

MOD - [2012/06/20 11:47:10 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/06/20 11:47:08 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/06/20 11:47:06 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/06/20 11:47:04 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/06/20 11:47:02 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/06/13 07:57:07 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012/06/13 07:56:58 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012/05/10 15:52:38 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/10 15:52:34 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/31 02:00:56 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\ishutdown\iShutdown\ilauncher.exe
MOD - [2010/05/05 20:56:46 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIRES.DLL
MOD - [2009/03/26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/12 01:33:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/05 20:45:11 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/23 02:16:28 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/20 11:47:13 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/15 03:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/12/18 12:21:20 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/11/04 13:39:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/04 13:39:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [1999/12/13 02:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Windows\SysWOW64\CTSVCCDA.EXE -- (Creative Service for CDROM Access)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/18 10:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 23:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/11/06 23:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/05/05 22:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/05/05 22:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/05/05 22:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/05/05 22:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/05/05 22:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/05/05 22:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010/05/05 22:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/05/05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/05/05 22:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/05/05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/05/05 22:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/05/05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/05/05 22:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/04/21 18:18:46 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/15 20:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/12/05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A7 BB 87 4E 84 53 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searc...SP_ss&mntrId=589b1fbf000000000000485b39f76cef
IE - HKCU\..\SearchScopes\{4920A831-C75B-45AE-8A72-5A4A3F5D70BB}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=3C20C497-D187-4605-A021-99A4690960FC
IE - HKCU\..\SearchScopes\{5A682723-4FC1-488F-9414-65722B0E0E8C}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{BC0C2AA9-7FD6-446B-8058-26F32035299C}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.ca"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=11...ss&mntrId=589b1fbf000000000000485b39f76cef&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\User\AppData\Local\RewardsArcade\498\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/10 23:19:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/20 23:12:55 | 000,000,000 | ---D | M]

[2010/12/21 00:43:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2012/07/11 00:49:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z4oofidk.default\extensions
[2011/07/28 00:06:58 | 000,002,396 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z4oofidk.default\searchplugins\askcom.xml
[2012/07/10 23:19:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/11 00:49:30 | 000,525,390 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z4OOFIDK.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2011/12/07 09:32:00 | 000,017,877 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z4OOFIDK.DEFAULT\EXTENSIONS\VTZILLA@VIRUSTOTAL.COM.XPI
[2012/06/14 15:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/29 05:45:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/14 15:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 15:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.ca/
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/?q={searc...SP_ss&mntrId=589b1fbf000000000000485b39f76cef
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.ca/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Click 2 Save = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhnadmefmkcgjpegkbigbnmaakejlka\1.1_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/21 22:57:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
O4 - HKCU..\Run: [Creative Detector] C:\Program Files (x86)\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [ishutdown2] C:\Program Files (x86)\ishutdown\iShutdown\ilauncher.exe ()
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEBEC50A-0523-446D-979C-2166E23665DB}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5DAD794A-2085-C465-0CAD-1C0350C12F49} - Browser Customizations
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E64B74FA-6578-F5A8-9BDB-CB800A57493D} - Browser Customizations
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Brennan, Jul 23, 2012

#23
Brennan Newcomer, in training Posts: 52

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/22 23:00:19 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/07/21 23:04:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/21 22:58:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/21 22:48:16 | 004,582,474 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012/07/19 01:07:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{47F569FA-D49F-4BFA-B107-50D6F4646E98}
[2012/07/19 01:07:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{52FCC9BD-51F0-488F-ADF9-E23891FB76AB}
[2012/07/18 13:39:51 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2012/07/18 13:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2012/07/18 13:37:40 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\User\Desktop\MGADiag.exe
[2012/07/18 13:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/18 13:31:10 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/18 13:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/18 13:29:55 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.62.0.1300(1).exe
[2012/07/17 17:45:23 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/17 15:29:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/07/17 15:08:15 | 001,437,107 | ---- | C] (Farbar) -- C:\Users\User\Desktop\FRST64.exe
[2012/07/15 01:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/07/15 01:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/15 00:39:21 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\User\Desktop\dds.scr
[2012/07/14 11:55:49 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/14 01:05:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/14 01:05:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/14 01:05:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/14 01:05:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/14 01:05:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/14 00:47:28 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe.7724DCCFF78EA5C3
[2012/07/14 00:43:55 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe.4AB7C7F0E51BCEBC
[2012/07/12 12:14:00 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/10 21:18:15 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/05 22:24:27 | 000,000,000 | ---D | C] -- C:\MyAudio
[2012/07/05 22:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/07/05 22:22:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Babylon
[2012/07/05 22:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/07/05 14:14:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C10A0F99-E347-4810-9CC8-A7EABBB435FA}
[2012/07/05 14:13:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6B40FE08-5D1F-40F4-8E53-57117E930208}
[2012/06/28 16:26:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1F8E927B-8889-4CB5-AC23-C1547454A102}
[2012/06/28 16:25:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D54BE971-E239-487F-9D1C-DFBB5CA13F05}
[2012/06/27 11:13:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{09BD7D8B-4489-4270-8858-A75DE8689E6B}
[2012/06/27 11:12:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1BA0E979-F501-4281-AE03-E813D706815E}
[2012/06/25 22:43:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{03053413-6EAB-4A30-B208-FF97D8A02CE2}
[2012/06/25 22:42:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D8141412-A7EF-4605-B17F-658019F9BA2A}
[2012/06/23 23:09:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E5CC7818-D0C5-4F28-8541-C453126523AA}
[2012/06/23 23:08:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A739478A-0A34-4CA8-8537-42703D8CA3BF}
[2012/06/23 03:37:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Macromedia

========== Files - Modified Within 30 Days ==========

[2012/07/22 23:00:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/07/22 22:33:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/22 22:28:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-592917798-1658097988-3837472857-1000UA.job
[2012/07/22 04:28:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-592917798-1658097988-3837472857-1000Core.job
[2012/07/21 23:34:07 | 001,203,627 | ---- | M] () -- C:\Users\User\Desktop\comboscript.png
[2012/07/21 23:08:31 | 000,020,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/21 23:08:31 | 000,020,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/21 22:57:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/21 22:57:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/21 22:57:15 | 3119,030,272 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/21 22:56:46 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000007-00000000-00000002-00001102-00000005-00211102}.rfx
[2012/07/21 22:56:46 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000007-00000000-00000002-00001102-00000005-00211102}.rfx
[2012/07/21 22:56:46 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000007-00000000-00000002-00001102-00000005-00211102}.rfx
[2012/07/21 22:48:19 | 004,582,474 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012/07/18 13:37:40 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\User\Desktop\MGADiag.exe
[2012/07/18 13:31:11 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/18 13:30:00 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.62.0.1300(1).exe
[2012/07/17 15:56:18 | 3224,686,592 | ---- | M] () -- C:\Users\User\Desktop\X15-65733.iso
[2012/07/17 15:08:15 | 001,437,107 | ---- | M] (Farbar) -- C:\Users\User\Desktop\FRST64.exe
[2012/07/16 10:29:02 | 000,138,001 | ---- | M] () -- C:\Users\User\Desktop\farbar.png
[2012/07/16 09:22:41 | 000,000,212 | ---- | M] () -- C:\Users\User\Desktop\VirHelp.url
[2012/07/15 01:05:00 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/15 01:04:42 | 000,735,282 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/15 01:04:42 | 000,618,160 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/15 01:04:42 | 000,107,440 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/15 00:39:21 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\User\Desktop\dds.scr
[2012/07/14 11:55:52 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/14 11:52:17 | 000,302,592 | ---- | M] () -- C:\Users\User\Desktop\4r3mlo0h.exe
[2012/07/14 01:20:47 | 522,565,534 | ---- | M] () -- C:\Users\User\Desktop\Hirens.BootCD.15.1.zip
[2012/07/14 01:06:58 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/14 00:50:28 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe
[2012/07/14 00:47:28 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe.7724DCCFF78EA5C3
[2012/07/14 00:43:55 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe.4AB7C7F0E51BCEBC
[2012/07/12 01:33:22 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/12 01:33:22 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/11 03:20:31 | 000,300,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/06 04:36:46 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2012/07/06 04:36:46 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[2012/07/05 22:22:46 | 000,000,249 | ---- | M] () -- C:\user.js
[2012/07/05 20:43:58 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/07/05 20:43:58 | 000,123,480 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/07/05 20:43:57 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/07/05 20:43:57 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012/07/05 20:43:57 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/07/21 23:34:07 | 001,203,627 | ---- | C] () -- C:\Users\User\Desktop\comboscript.png
[2012/07/18 13:31:11 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/17 15:38:12 | 3224,686,592 | ---- | C] () -- C:\Users\User\Desktop\X15-65733.iso
[2012/07/16 10:12:50 | 000,138,001 | ---- | C] () -- C:\Users\User\Desktop\farbar.png
[2012/07/16 09:22:28 | 000,000,212 | ---- | C] () -- C:\Users\User\Desktop\VirHelp.url
[2012/07/15 01:04:48 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/14 11:52:15 | 000,302,592 | ---- | C] () -- C:\Users\User\Desktop\4r3mlo0h.exe
[2012/07/14 01:14:55 | 522,565,534 | ---- | C] () -- C:\Users\User\Desktop\Hirens.BootCD.15.1.zip
[2012/07/14 01:05:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/14 01:05:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/14 01:05:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/14 01:05:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/14 01:05:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/10 23:19:53 | 000,001,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/06 04:36:46 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm
[2012/07/06 04:36:46 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settings.sfm
[2012/07/05 22:22:45 | 000,000,249 | ---- | C] () -- C:\user.js
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/02/29 05:38:47 | 000,003,584 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/16 00:38:54 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012/02/16 00:38:52 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011/03/17 22:07:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/07 04:21:50 | 000,735,282 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/20 17:48:29 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/12/18 11:47:17 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/12/18 11:47:17 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/09/13 13:26:19 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/09/13 13:26:16 | 000,030,566 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/14 15:20:49 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/14 15:20:49 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/14 15:20:49 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/06/14 15:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/06/14 15:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/14 15:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 18:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/04/19 22:08:37 | 000,672,856 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/04/19 22:08:37 | 000,672,856 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/06/14 15:20:49 | 000,867,072 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/06/14 15:20:49 | 000,867,072 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/06/14 15:20:49 | 000,867,072 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/06/14 15:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/06/14 15:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/06/14 15:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/07/09 21:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/04/19 22:08:37 | 000,672,856 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/04/19 22:08:37 | 000,672,856 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2012/07/10 23:27:43 | 000,213,064 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists
[2012/07/10 23:43:20 | 000,000,004 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
[2012/07/10 23:43:19 | 000,011,955 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Local State
[2012/07/10 23:23:28 | 005,631,884 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom
[2012/07/10 23:23:28 | 001,345,468 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Filter 2
[2012/05/23 05:28:58 | 000,006,144 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies
[2012/05/23 05:28:58 | 000,001,544 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal
[2012/07/10 23:23:28 | 000,134,408 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Safe Browsing Csd Whitelist
[2012/07/10 23:23:27 | 002,062,596 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Safe Browsing Download
[2012/07/10 23:23:28 | 000,016,668 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Safe Browsing Download Whitelist
[2011/12/02 02:25:52 | 000,000,055 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Service State
[2012/07/10 23:21:40 | 000,057,344 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Archived History
[2012/07/10 23:21:40 | 000,000,512 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Archived History-journal
[2011/12/02 01:49:25 | 000,005,451 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
[2011/12/02 01:49:25 | 000,005,451 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
[2012/07/10 23:43:13 | 000,016,384 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
[2012/07/10 23:43:19 | 000,130,920 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Current Session
[2012/07/10 23:43:19 | 000,054,003 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
[2011/12/02 01:11:10 | 000,006,144 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
[2012/07/10 23:42:53 | 000,032,768 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Favicons
[2012/07/10 23:42:53 | 000,014,904 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
[2012/05/23 05:28:48 | 000,150,798 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
[2012/07/10 23:43:20 | 000,090,112 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\History
[2012/07/10 23:42:53 | 000,053,248 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-07
[2012/07/10 23:42:53 | 000,016,384 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-07-journal
[2012/07/10 23:43:20 | 000,002,505 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
[2012/07/10 23:43:20 | 000,016,384 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\History-journal
[2011/12/02 01:08:22 | 000,012,288 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Login Data
[2012/07/10 23:21:40 | 000,003,072 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
[2012/07/10 23:21:40 | 000,000,512 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal
[2012/07/10 23:43:20 | 000,045,308 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
[2011/12/02 01:11:40 | 000,013,312 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
[2012/05/23 05:29:47 | 000,000,180 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\README
[2012/05/26 10:34:02 | 000,012,288 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
[2012/07/10 23:24:10 | 000,065,536 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Top Sites
[2012/07/10 23:24:10 | 000,016,384 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
[2012/07/10 23:43:20 | 000,131,072 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Visited Links
[2012/07/10 23:21:50 | 000,090,112 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data
[2012/07/10 23:21:50 | 000,016,384 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
[1 C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\*.tmp files -> C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\*.tmp -> ]
[2012/07/10 23:43:20 | 000,045,056 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
[2012/07/10 23:43:20 | 000,270,336 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
[2012/07/10 23:43:20 | 001,056,768 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
[2012/07/10 23:43:20 | 004,202,496 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
[2012/07/10 23:21:42 | 000,017,764 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001
[2012/07/10 23:21:43 | 000,024,956 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000002
[2012/07/10 23:23:03 | 000,023,844 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003
[2012/07/10 23:23:03 | 000,150,055 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000004
[2012/07/10 23:23:04 | 000,028,693 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000005
[2012/07/10 23:23:04 | 000,016,899 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000006
[2012/07/10 23:23:06 | 000,017,691 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000007
[2012/07/10 23:23:06 | 000,021,021 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000008
[2012/07/10 23:23:06 | 000,033,673 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000009
[2012/07/10 23:23:07 | 000,029,717 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000a
[2012/07/10 23:23:07 | 000,021,777 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000b
[2012/07/10 23:23:13 | 000,045,437 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
[2012/07/10 23:23:13 | 000,072,007 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
[2012/07/10 23:23:13 | 000,038,205 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
[2012/07/10 23:23:14 | 000,024,121 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
[2012/07/10 23:23:14 | 000,086,814 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
[2012/07/10 23:23:14 | 000,045,128 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011
[2012/07/10 23:23:14 | 000,017,958 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012
[2012/07/10 23:23:14 | 000,016,833 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000013
[2012/07/10 23:23:15 | 000,017,426 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000014
[2012/07/10 23:23:16 | 000,040,696 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000015
[2012/07/10 23:23:30 | 000,720,746 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000016
[2012/07/10 23:42:12 | 000,018,016 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000017
[2012/07/10 23:42:12 | 000,018,714 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000018
[2012/07/10 23:42:12 | 000,017,925 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000019
[2012/07/10 23:42:12 | 000,102,588 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001a
[2012/07/10 23:42:13 | 000,146,293 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001b
[2012/07/10 23:42:15 | 000,029,841 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001c
[2012/07/10 23:42:18 | 000,020,542 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001d
[2012/07/10 23:42:20 | 000,071,588 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001e
[2012/07/10 23:42:46 | 000,023,358 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001f
[2012/07/10 23:42:46 | 000,040,737 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000020
[2012/07/10 23:42:46 | 000,033,488 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000021
[2012/07/10 23:42:47 | 000,095,077 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000022
[2012/07/10 23:42:47 | 000,082,403 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000023
[2012/07/10 23:42:47 | 000,132,542 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000024
[2012/07/10 23:42:48 | 000,179,448 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000025
[2012/07/10 23:42:51 | 000,110,007 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000026
[2012/07/10 23:42:51 | 000,075,983 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000027
[2012/07/10 23:42:52 | 000,111,537 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000028
[2012/07/10 23:42:52 | 000,095,415 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000029
[2012/07/10 23:42:53 | 000,083,075 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002a
[2012/07/10 23:42:53 | 000,093,722 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002b
[2012/07/10 23:21:41 | 000,524,656 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache\index
[2011/12/02 01:11:10 | 000,007,168 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\databases

Brennan, Jul 23, 2012

#24
Brennan Newcomer, in training Posts: 52

[2012/07/10 23:21:42 | 000,003,524 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\128.png
[2012/07/10 23:21:42 | 000,000,745 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\manifest.json
[2012/07/10 23:21:42 | 000,000,401 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ar\messages.json
[2012/07/10 23:21:42 | 000,000,427 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\bg\messages.json
[2012/07/10 23:21:42 | 000,000,250 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ca\messages.json
[2012/07/10 23:21:42 | 000,000,255 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\cs\messages.json
[2012/07/10 23:21:42 | 000,000,242 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\da\messages.json
[2012/07/10 23:21:42 | 000,000,226 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\de\messages.json
[2012/07/10 23:21:42 | 000,000,475 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\el\messages.json
[2012/07/10 23:21:42 | 000,000,227 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\en\messages.json
[2012/07/10 23:21:42 | 000,000,240 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\es\messages.json
[2012/07/10 23:21:42 | 000,000,222 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\fi\messages.json
[2012/07/10 23:21:42 | 000,000,236 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\fil\messages.json
[2012/07/10 23:21:42 | 000,000,249 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\fr\messages.json
[2012/07/10 23:21:42 | 000,000,419 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\he\messages.json
[2012/07/10 23:21:42 | 000,000,408 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\hi\messages.json
[2012/07/10 23:21:42 | 000,000,220 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\hr\messages.json
[2012/07/10 23:21:42 | 000,000,253 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\hu\messages.json
[2012/07/10 23:21:42 | 000,000,231 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\id\messages.json
[2012/07/10 23:21:42 | 000,000,224 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\it\messages.json
[2012/07/10 23:21:42 | 000,000,349 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ja\messages.json
[2012/07/10 23:21:42 | 000,000,323 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ko\messages.json
[2012/07/10 23:21:42 | 000,000,266 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\lt\messages.json
[2012/07/10 23:21:42 | 000,000,245 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\lv\messages.json
[2012/07/10 23:21:42 | 000,000,225 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\nl\messages.json
[2012/07/10 23:21:41 | 000,000,216 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\no\messages.json
[2012/07/10 23:21:42 | 000,000,274 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\pl\messages.json
[2012/07/10 23:21:42 | 000,000,237 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\pt_BR\messages.json
[2012/07/10 23:21:42 | 000,000,236 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\pt_PT\messages.json
[2012/07/10 23:21:42 | 000,000,248 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ro\messages.json
[2012/07/10 23:21:42 | 000,000,394 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ru\messages.json
[2012/07/10 23:21:42 | 000,000,241 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sk\messages.json
[2012/07/10 23:21:42 | 000,000,245 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sl\messages.json
[2012/07/10 23:21:42 | 000,000,437 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sr\messages.json
[2012/07/10 23:21:42 | 000,000,238 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sv\messages.json
[2012/07/10 23:21:42 | 000,000,365 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\th\messages.json
[2012/07/10 23:21:42 | 000,000,255 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\tr\messages.json
[2012/07/10 23:21:42 | 000,000,442 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\uk\messages.json
[2012/07/10 23:21:42 | 000,000,310 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\vi\messages.json
[2012/07/10 23:21:42 | 000,000,257 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\zh_CN\messages.json
[2012/07/10 23:21:42 | 000,000,269 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\zh_TW\messages.json
[2012/01/01 13:30:45 | 000,006,442 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\128.png
[2012/01/01 13:30:45 | 000,000,697 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\manifest.json
[2012/01/01 13:30:45 | 000,006,856 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\128.png
[2012/01/01 13:30:45 | 000,000,749 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\16.png
[2012/01/01 13:30:45 | 000,001,946 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\32.png
[2012/01/01 13:30:45 | 000,002,184 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\48.png
[2012/01/01 13:30:45 | 000,000,826 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\manifest.json
[2012/01/01 13:30:45 | 000,000,423 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ar\messages.json
[2012/01/01 13:30:45 | 000,000,515 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\bg\messages.json
[2012/01/01 13:30:45 | 000,000,330 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ca\messages.json
[2012/01/01 13:30:45 | 000,000,355 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\cs\messages.json
[2012/01/01 13:30:45 | 000,000,328 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\da\messages.json
[2012/01/01 13:30:45 | 000,000,307 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\de\messages.json
[2012/01/01 13:30:45 | 000,000,569 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\el\messages.json
[2012/01/01 13:30:45 | 000,000,314 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\en\messages.json
[2012/01/01 13:30:45 | 000,000,314 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\en_GB\messages.json
[2012/01/01 13:30:45 | 000,000,314 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\en_US\messages.json
[2012/01/01 13:30:45 | 000,000,340 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\es\messages.json
[2012/01/01 13:30:45 | 000,000,341 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\es_419\messages.json
[2012/01/01 13:30:45 | 000,000,314 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\et\messages.json
[2012/01/01 13:30:45 | 000,000,305 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\fi\messages.json
[2012/01/01 13:30:45 | 000,000,337 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\fil\messages.json
[2012/01/01 13:30:45 | 000,000,329 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\fr\messages.json
[2012/01/01 13:30:45 | 000,000,471 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\he\messages.json
[2012/01/01 13:30:45 | 000,000,326 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\hi\messages.json
[2012/01/01 13:30:45 | 000,000,340 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\hr\messages.json
[2012/01/01 13:30:45 | 000,000,336 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\hu\messages.json
[2012/01/01 13:30:45 | 000,000,319 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\id\messages.json
[2012/01/01 13:30:45 | 000,000,324 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\it\messages.json
[2012/01/01 13:30:45 | 000,000,388 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ja\messages.json
[2012/01/01 13:30:45 | 000,000,380 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ko\messages.json
[2012/01/01 13:30:45 | 000,000,359 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\lt\messages.json
[2012/01/01 13:30:45 | 000,000,360 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\lv\messages.json
[2012/01/01 13:30:45 | 000,000,323 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\nl\messages.json
[2012/01/01 13:30:45 | 000,000,300 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\no\messages.json
[2012/01/01 13:30:45 | 000,000,336 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\pl\messages.json
[2012/01/01 13:30:45 | 000,000,332 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\pt_BR\messages.json
[2012/01/01 13:30:45 | 000,000,331 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\pt_PT\messages.json
[2012/01/01 13:30:45 | 000,000,332 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ro\messages.json
[2012/01/01 13:30:45 | 000,000,471 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ru\messages.json
[2012/01/01 13:30:45 | 000,000,338 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\sk\messages.json
[2012/01/01 13:30:45 | 000,000,329 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\sl\messages.json
[2012/01/01 13:30:45 | 000,000,483 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\sr\messages.json
[2012/01/01 13:30:45 | 000,000,333 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\sv\messages.json
[2012/01/01 13:30:45 | 000,000,472 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\th\messages.json
[2012/01/01 13:30:45 | 000,000,330 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\tr\messages.json
[2012/01/01 13:30:45 | 000,000,501 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\uk\messages.json
[2012/01/01 13:30:45 | 000,000,363 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\vi\messages.json
[2012/01/01 13:30:45 | 000,000,346 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\zh_CN\messages.json
[2012/01/01 13:30:45 | 000,000,346 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\zh_TW\messages.json
[2012/07/10 23:21:41 | 000,005,369 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\128.png
[2012/07/10 23:21:41 | 000,000,496 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\16.png
[2012/07/10 23:21:41 | 000,001,143 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\32.png
[2012/07/10 23:21:41 | 000,001,858 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\48.png
[2012/07/10 23:21:41 | 000,000,790 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\manifest.json
[2012/07/10 23:21:41 | 000,000,423 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ar\messages.json
[2012/07/10 23:21:41 | 000,000,515 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\bg\messages.json
[2012/07/10 23:21:41 | 000,000,330 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ca\messages.json
[2012/07/10 23:21:41 | 000,000,355 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\cs\messages.json
[2012/07/10 23:21:41 | 000,000,328 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\da\messages.json
[2012/07/10 23:21:41 | 000,000,307 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\de\messages.json
[2012/07/10 23:21:41 | 000,000,569 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\el\messages.json
[2012/07/10 23:21:41 | 000,000,314 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en\messages.json
[2012/07/10 23:21:41 | 000,000,314 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_GB\messages.json
[2012/07/10 23:21:41 | 000,000,314 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\en_US\messages.json
[2012/07/10 23:21:41 | 000,000,340 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es\messages.json
[2012/07/10 23:21:41 | 000,000,341 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\es_419\messages.json
[2012/07/10 23:21:41 | 000,000,314 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\et\messages.json
[2012/07/10 23:21:41 | 000,000,305 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fi\messages.json
[2012/07/10 23:21:41 | 000,000,337 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fil\messages.json
[2012/07/10 23:21:41 | 000,000,329 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\fr\messages.json
[2012/07/10 23:21:41 | 000,000,471 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\he\messages.json
[2012/07/10 23:21:41 | 000,000,326 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hi\messages.json
[2012/07/10 23:21:41 | 000,000,340 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hr\messages.json
[2012/07/10 23:21:41 | 000,000,336 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\hu\messages.json
[2012/07/10 23:21:41 | 000,000,319 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\id\messages.json
[2012/07/10 23:21:41 | 000,000,324 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\it\messages.json
[2012/07/10 23:21:41 | 000,000,388 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ja\messages.json
[2012/07/10 23:21:41 | 000,000,380 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ko\messages.json
[2012/07/10 23:21:41 | 000,000,359 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lt\messages.json
[2012/07/10 23:21:41 | 000,000,360 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\lv\messages.json
[2012/07/10 23:21:41 | 000,000,323 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\nl\messages.json
[2012/07/10 23:21:40 | 000,000,300 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\no\messages.json
[2012/07/10 23:21:41 | 000,000,336 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pl\messages.json
[2012/07/10 23:21:41 | 000,000,332 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_BR\messages.json
[2012/07/10 23:21:41 | 000,000,331 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\pt_PT\messages.json
[2012/07/10 23:21:41 | 000,000,332 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ro\messages.json
[2012/07/10 23:21:41 | 000,000,471 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\ru\messages.json
[2012/07/10 23:21:41 | 000,000,338 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sk\messages.json
[2012/07/10 23:21:41 | 000,000,329 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sl\messages.json
[2012/07/10 23:21:41 | 000,000,483 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sr\messages.json
[2012/07/10 23:21:41 | 000,000,333 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\sv\messages.json
[2012/07/10 23:21:41 | 000,000,472 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\th\messages.json
[2012/07/10 23:21:41 | 000,000,330 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\tr\messages.json
[2012/07/10 23:21:41 | 000,000,501 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\uk\messages.json
[2012/07/10 23:21:41 | 000,000,363 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\vi\messages.json
[2012/07/10 23:21:41 | 000,000,346 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_CN\messages.json
[2012/07/10 23:21:41 | 000,000,346 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\_locales\zh_TW\messages.json
[2012/05/29 02:41:55 | 000,005,872 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhnadmefmkcgjpegkbigbnmaakejlka\1.1_0\background.html
[2012/05/29 02:41:55 | 000,001,404 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhnadmefmkcgjpegkbigbnmaakejlka\1.1_0\indexeddb.js
[2012/05/29 02:41:55 | 000,093,867 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhnadmefmkcgjpegkbigbnmaakejlka\1.1_0\jquery.js
[2012/05/29 02:41:55 | 000,001,582 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhnadmefmkcgjpegkbigbnmaakejlka\1.1_0\lsdb.js
[2012/05/29 02:41:55 | 000,000,658 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhnadmefmkcgjpegkbigbnmaakejlka\1.1_0\manifest.json
[2012/05/29 02:41:55 | 000,001,815 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhnadmefmkcgjpegkbigbnmaakejlka\1.1_0\sqlite.js
[2012/05/29 02:41:55 | 000,000,231 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhnadmefmkcgjpegkbigbnmaakejlka\1.1_0\worker.js
[2012/01/01 13:30:45 | 000,005,283 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\128.png
[2012/01/01 13:30:45 | 000,000,997 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\24.png
[2012/01/01 13:30:45 | 000,002,502 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\48.png
[2012/01/01 13:30:45 | 000,000,805 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\manifest.json
[2012/01/01 13:30:45 | 000,000,556 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ar\messages.json
[2012/01/01 13:30:45 | 000,000,492 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\bg\messages.json
[2012/01/01 13:30:45 | 000,000,262 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ca\messages.json
[2012/01/01 13:30:45 | 000,000,289 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\cs\messages.json
[2012/01/01 13:30:45 | 000,000,240 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\da\messages.json
[2012/01/01 13:30:45 | 000,000,239 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\de\messages.json
[2012/01/01 13:30:45 | 000,000,624 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\el\messages.json
[2012/01/01 13:30:45 | 000,000,215 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\en\messages.json
[2012/01/01 13:30:45 | 000,000,281 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\es\messages.json
[2012/01/01 13:30:45 | 000,000,284 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\fi\messages.json
[2012/01/01 13:30:45 | 000,000,234 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\fil\messages.json
[2012/01/01 13:30:45 | 000,000,272 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\fr\messages.json
[2012/01/01 13:30:45 | 000,000,391 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\hi\messages.json
[2012/01/01 13:30:45 | 000,000,246 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\hr\messages.json
[2012/01/01 13:30:45 | 000,000,234 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\hu\messages.json
[2012/01/01 13:30:45 | 000,000,242 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\id\messages.json
[2012/01/01 13:30:45 | 000,000,260 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\it\messages.json
[2012/01/01 13:30:45 | 000,000,364 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ja\messages.json
[2012/01/01 13:30:45 | 000,000,328 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ko\messages.json
[2012/01/01 13:30:45 | 000,000,269 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\lt\messages.json
[2012/01/01 13:30:45 | 000,000,262 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\lv\messages.json
[2012/01/01 13:30:45 | 000,000,232 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\nl\messages.json
[2012/01/01 13:30:45 | 000,000,210 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\no\messages.json
[2012/01/01 13:30:45 | 000,000,292 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\pl\messages.json
[2012/01/01 13:30:45 | 000,000,230 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\pt_BR\messages.json
[2012/01/01 13:30:45 | 000,000,231 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\pt_PT\messages.json
[2012/01/01 13:30:45 | 000,000,281 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ro\messages.json
[2012/01/01 13:30:45 | 000,000,482 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ru\messages.json
[2012/01/01 13:30:45 | 000,000,210 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\se\messages.json
[2012/01/01 13:30:45 | 000,000,238 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\sk\messages.json
[2012/01/01 13:30:45 | 000,000,249 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\sl\messages.json
[2012/01/01 13:30:45 | 000,000,511 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\sr\messages.json
[2012/01/01 13:30:45 | 000,000,471 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\th\messages.json
[2012/01/01 13:30:45 | 000,000,250 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\tr\messages.json
[2012/01/01 13:30:45 | 000,000,536 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\uk\messages.json
[2012/01/01 13:30:45 | 000,000,257 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\vi\messages.json
[2012/01/01 13:30:45 | 000,000,339 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\zh_CN\messages.json
[2012/01/01 13:30:45 | 000,000,321 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\zh_TW\messages.json
[2012/07/10 23:21:41 | 000,005,920 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\128.png
[2012/07/10 23:21:41 | 000,000,755 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\manifest.json
[2012/07/10 23:21:41 | 000,000,556 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ar\messages.json
[2012/07/10 23:21:41 | 000,000,492 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\bg\messages.json
[2012/07/10 23:21:41 | 000,000,262 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ca\messages.json
[2012/07/10 23:21:41 | 000,000,289 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\cs\messages.json
[2012/07/10 23:21:41 | 000,000,240 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\da\messages.json
[2012/07/10 23:21:41 | 000,000,239 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\de\messages.json
[2012/07/10 23:21:41 | 000,000,624 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\el\messages.json
[2012/07/10 23:21:41 | 000,000,215 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\en\messages.json
[2012/07/10 23:21:41 | 000,000,281 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\es\messages.json
[2012/07/10 23:21:41 | 000,000,284 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fi\messages.json
[2012/07/10 23:21:41 | 000,000,234 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fil\messages.json
[2012/07/10 23:21:41 | 000,000,272 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\fr\messages.json
[2012/07/10 23:21:41 | 000,000,391 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hi\messages.json
[2012/07/10 23:21:41 | 000,000,246 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hr\messages.json
[2012/07/10 23:21:41 | 000,000,234 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\hu\messages.json
[2012/07/10 23:21:41 | 000,000,242 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\id\messages.json
[2012/07/10 23:21:41 | 000,000,260 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\it\messages.json
[2012/07/10 23:21:41 | 000,000,364 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ja\messages.json
[2012/07/10 23:21:41 | 000,000,328 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ko\messages.json
[2012/07/10 23:21:41 | 000,000,269 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\lt\messages.json
[2012/07/10 23:21:41 | 000,000,262 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\lv\messages.json
[2012/07/10 23:21:41 | 000,000,232 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\nl\messages.json
[2012/07/10 23:21:40 | 000,000,210 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\no\messages.json
[2012/07/10 23:21:41 | 000,000,292 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\pl\messages.json
[2012/07/10 23:21:41 | 000,000,230 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\pt_BR\messages.json
[2012/07/10 23:21:41 | 000,000,231 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\pt_PT\messages.json
[2012/07/10 23:21:41 | 000,000,281 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ro\messages.json
[2012/07/10 23:21:41 | 000,000,482 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\ru\messages.json
[2012/07/10 23:21:40 | 000,000,210 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\se\messages.json
[2012/07/10 23:21:41 | 000,000,238 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\sk\messages.json
[2012/07/10 23:21:41 | 000,000,249 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\sl\messages.json
[2012/07/10 23:21:41 | 000,000,511 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\sr\messages.json
[2012/07/10 23:21:41 | 000,000,471 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\th\messages.json
[2012/07/10 23:21:41 | 000,000,250 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\tr\messages.json
[2012/07/10 23:21:41 | 000,000,536 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\uk\messages.json
[2012/07/10 23:21:41 | 000,000,257 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\vi\messages.json
[2012/07/10 23:21:41 | 000,000,339 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\zh_CN\messages.json
[2012/07/10 23:21:41 | 000,000,321 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\_locales\zh_TW\messages.json
[4 C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp files -> C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp -> ]
[4 C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp files -> C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp -> ]
[2011/12/02 01:42:56 | 000,003,072 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eemcgdkfndhakfknompkggombfjjjeno_0.localstorage
[2012/07/10 23:21:44 | 000,008,192 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nbhnadmefmkcgjpegkbigbnmaakejlka_0.localstorage
[2012/07/10 23:21:44 | 000,003,608 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nbhnadmefmkcgjpegkbigbnmaakejlka_0.localstorage-journal
[2011/12/02 01:06:11 | 000,000,000 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css
[2011/12/02 01:08:05 | 000,075,968 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\DECODED_IMAGES
[2011/12/02 01:08:05 | 000,000,024 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\DECODED_MESSAGE_CATALOGS
[2011/10/02 12:31:30 | 000,122,677 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\rewardsarcade.crx
[2011/12/02 01:08:04 | 000,001,389 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\background.html
[2011/12/02 01:08:04 | 000,000,398 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\background.js
[2011/12/02 01:08:04 | 000,003,869 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\extension.js
[2011/12/02 01:08:05 | 000,001,454 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\manifest.json
[2011/12/02 01:08:04 | 000,000,000 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\popup.html
[2011/12/02 01:08:05 | 000,016,538 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\icons\icon128.png
[2011/12/02 01:08:05 | 000,000,782 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\icons\icon16.png
[2011/12/02 01:08:05 | 000,003,552 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\icons\icon48.png
[2011/12/02 01:08:04 | 000,001,859 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\icons\actions\icon1.png
[2011/12/02 01:08:04 | 000,004,063 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\icons\notifications\icon1.png
[2011/12/02 01:08:05 | 000,044,360 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\background.js
[2011/12/02 01:08:04 | 000,003,281 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\api\analytics.js
[2011/12/02 01:08:04 | 000,008,452 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\api\chrome.js
[2011/12/02 01:08:04 | 000,007,674 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\api\cookie.js
[2011/12/02 01:08:04 | 000,000,610 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\api\debug.js
[2011/12/02 01:08:04 | 000,002,053 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\api\dom.js
[2011/12/02 01:08:04 | 000,005,487 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\api\fb_api.js
[2011/12/02 01:08:04 | 000,000,538 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\api\installer.js
[2011/12/02 01:08:04 | 000,001,948 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\api\message.js
[2011/12/02 01:08:04 | 000,002,634 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\api\push.js
[2011/12/02 01:08:04 | 000,002,708 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\api\request.js
[2011/12/02 01:08:04 | 000,002,564 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\api\time.js
[2011/12/02 01:08:05 | 000,019,802 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\lib\app_api.js
[2011/12/02 01:08:05 | 000,004,895 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\lib\async_api.js
[2011/12/02 01:08:05 | 000,004,855 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\lib\bg_app_api.js
[2011/12/02 01:08:05 | 000,004,243 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\lib\cookie_store.js
[2011/12/02 01:08:05 | 000,003,399 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\lib\data_store.js
[2011/12/02 01:08:05 | 000,023,402 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\lib\faye-browser-min.js
[2011/12/02 01:08:05 | 000,004,873 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\lib\fb_bridge.js
[2011/12/02 01:08:05 | 000,163,579 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\lib\jquery-1.4.2.js
[2011/12/02 01:08:05 | 000,002,177 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\lib\jquery_later.js
[2011/12/02 01:08:05 | 000,003,393 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_9524\CRX_INSTALL\js\lib\util.js

Brennan, Jul 23, 2012

#25

Brennan Newcomer, in training Posts: 52

< %USERPROFILE%\AppData\Local\ /s >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %PROGRAMFILES%\*. >
[2012/01/12 14:32:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2011/07/13 13:13:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2011/01/06 06:44:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AviSynth 2.5
[2011/10/29 01:56:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2012/02/16 00:38:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Brother
[2012/02/16 00:38:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Browny02
[2012/07/21 22:54:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2011/01/16 06:21:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
[2012/07/05 20:56:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative
[2012/07/05 20:45:28 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Creative Installation Information
[2012/06/26 09:25:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Diablo III
[2011/09/01 05:49:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Electronic Arts
[2012/07/21 23:31:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Everything
[2011/05/07 13:16:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FrostWire
[2011/10/27 01:45:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Full Tilt Poker
[2011/12/12 10:13:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GOG.com
[2012/07/05 20:52:44 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/09/13 13:29:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2012/06/13 07:53:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2011/12/14 04:39:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\IrfanView
[2012/02/24 05:45:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ishutdown
[2012/06/17 05:03:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2011/10/27 18:49:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2011/12/15 01:04:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LibreOffice 3.4
[2012/07/18 13:31:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/15 01:04:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Security Client
[2012/05/20 03:00:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/12/18 11:24:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/12/18 10:42:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2012/07/10 23:19:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2012/07/11 03:19:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2012/06/02 00:04:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/12/18 11:47:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenAL
[2012/05/07 02:46:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PacificPoker
[2012/05/18 22:42:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2011/01/06 06:43:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Red Kawa
[2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2011/01/06 06:44:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Regensoft
[2012/04/18 18:19:20 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2012/07/10 20:28:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\StarCraft II
[2012/07/22 01:51:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
[2012/04/18 02:34:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SystemRequirementsLab
[2012/02/11 03:32:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Tibia
[2012/04/18 03:59:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\trend micro
[2011/07/22 06:30:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TuneUpMedia
[2009/07/13 21:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2012/01/28 03:09:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Universe Sandbox
[2010/12/21 02:40:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2012/01/05 06:45:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vuze
[2011/12/19 01:09:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vuze_Remote
[2009/07/13 22:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2012/04/13 23:16:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2010/12/17 14:42:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/10/15 08:43:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009/07/13 22:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009/07/13 22:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009/07/13 22:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2012/06/15 03:13:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\World of Warcraft

< %appdata%\*.* >

< MD5 for: AFD.SYS >
[2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/27 21:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2011/04/24 19:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009/07/13 16:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2011/12/27 21:01:12 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=CCA39961E76B491DDF44B1E90FC8971D -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
[2011/04/24 19:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/12/27 20:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/27 20:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
[2011/04/24 20:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011/04/24 19:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2012/04/23 21:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2012/04/23 21:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2012/04/23 22:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
[2012/04/23 21:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\erdnt\cache86\cryptsvc.dll
[2012/04/23 21:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\SysWOW64\cryptsvc.dll
[2012/04/23 21:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
[2009/07/13 18:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009/07/13 18:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2012/04/23 22:22:32 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=B7337E9C9E5936355BB700AA33E0936E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll
[2012/04/23 22:36:46 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=CE8BF1423AEE47DA5275FBC8AD3BD642 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_d2773c98cda297d3\cryptsvc.dll
[2012/04/23 22:59:45 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=F02786B66375292E58C8777082D4396D -- C:\Windows\erdnt\cache64\cryptsvc.dll
[2012/04/23 22:59:45 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=F02786B66375292E58C8777082D4396D -- C:\Windows\SysNative\cryptsvc.dll
[2012/04/23 22:59:45 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=F02786B66375292E58C8777082D4396D -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_d24deecfb43ce339\cryptsvc.dll
[2012/04/23 21:33:53 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=F522279B4717E2BFF269C771FAC2B78E -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2011/03/02 23:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsrslvr.dll
[2009/07/13 18:40:32 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=676108C4E3AA6F6B34633748BD0BEBD9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_3dd76e849c0a6a12\dnsrslvr.dll
[2011/03/02 23:17:10 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=85CF424C74A1D5EC33533E1DBFF9920A -- C:\Windows\SysNative\dnsrslvr.dll
[2011/03/02 23:17:10 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=85CF424C74A1D5EC33533E1DBFF9920A -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_3ddf452a9c04f6b8\dnsrslvr.dll
[2011/03/02 23:12:55 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=B2205BAEAE4C178ABEB1B149751FC2B9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsrslvr.dll
[2011/03/02 23:23:37 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=D8065FA366D28746EE3D75F08ED6B2FE -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_3eabc3f7b4f01eb1\dnsrslvr.dll

< MD5 for: ES.DLL >
[2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\erdnt\cache64\es.dll
[2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\SysNative\es.dll
[2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
[2012/06/28 03:27:57 | 000,008,216 | ---- | M] () MD5=8C4CBA187C451FAE0C9C1674B9C3AC39 -- C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.47\Locales\es.dll
[2012/07/09 21:07:57 | 000,008,216 | ---- | M] () MD5=D088A143E3692E65FCEECBEAF6B66E08 -- C:\Users\User\AppData\Local\Google\Chrome\Application\20.0.1132.57\Locales\es.dll
[2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\erdnt\cache86\es.dll
[2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\SysWOW64\es.dll
[2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll

< MD5 for: EXPLORER.EXE >
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\SysNative\ipnathlp.dll
[2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\ipnathlp.dll

< MD5 for: NETBT.SYS >
[2009/07/13 16:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=9162B273A44AB9DCE5B44362731D062A -- C:\Windows\SysNative\drivers\netbt.sys
[2009/07/13 16:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=9162B273A44AB9DCE5B44362731D062A -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_bc59ba0910f52e0c\netbt.sys

< MD5 for: NETMAN.DLL >
[2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\erdnt\cache64\netman.dll
[2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\SysNative\netman.dll
[2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll

< MD5 for: QMGR.DLL >
[2009/07/13 18:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\erdnt\cache64\qmgr.dll
[2009/07/13 18:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\SysNative\qmgr.dll
[2009/07/13 18:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: RPCSS.DLL >
[2009/07/13 18:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=7266972E86890E2B30C0C322E906B027 -- C:\Windows\erdnt\cache64\rpcss.dll
[2009/07/13 18:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=7266972E86890E2B30C0C322E906B027 -- C:\Windows\SysNative\rpcss.dll
[2009/07/13 18:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=7266972E86890E2B30C0C322E906B027 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll

< MD5 for: SERVICES.EXE >
[2012/07/14 00:50:28 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2012/07/14 00:50:28 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/24 22:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2011/09/29 10:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2011/06/20 23:16:55 | 001,888,128 | ---- | M] (Microsoft Corporation) MD5=5279D4DD69C7C71524B8E7A5746D15CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys
[2010/06/13 23:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2012/03/30 03:19:17 | 001,877,872 | ---- | M] (Microsoft Corporation) MD5=5EFD096DEF47F8B88EF591DA92143440 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
[2011/04/24 22:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2012/03/30 04:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\erdnt\cache64\tcpip.sys
[2012/03/30 04:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\SysNative\drivers\tcpip.sys
[2012/03/30 04:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
[2010/04/09 04:06:28 | 001,898,376 | ---- | M] (Microsoft Corporation) MD5=7FC877A25796D8ADF539E64703FCA7E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2ca8c580036f65\tcpip.sys
[2012/03/30 03:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2010/06/13 23:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/13 18:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011/04/24 22:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011/06/20 23:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2010/04/09 00:56:29 | 001,892,232 | ---- | M] (Microsoft Corporation) MD5=A9C0F786AC1F736891D05CE0A1D29DEB -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9ea52499331463\tcpip.sys
[2011/09/29 09:17:51 | 001,886,064 | ---- | M] (Microsoft Corporation) MD5=AC3E29880DB5659532A1AA3439304A43 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[2012/03/30 04:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2011/04/24 23:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011/06/20 23:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys
[2011/06/20 23:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2011/09/29 09:24:44 | 001,897,328 | ---- | M] (Microsoft Corporation) MD5=F18F56EFC0BFB9C87BA01C37B27F4DA5 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[2011/09/29 09:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: TDX.SYS >
[2009/07/13 16:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\erdnt\cache64\tdx.sys
[2009/07/13 16:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\SysNative\drivers\tdx.sys
[2009/07/13 16:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_4632b9f2f5c6af5e\tdx.sys

< MD5 for: USERINIT.EXE >
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache86\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\erdnt\cache64\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2009/07/13 18:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\SysNative\drivers\volsnap.sys
[2009/07/13 18:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_1b1a512d99c5b72c\volsnap.sys
[2009/07/13 18:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\erdnt\cache64\wininit.exe
[2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\erdnt\cache86\wininit.exe
[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\erdnt\cache64\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WMISVC.DLL >
[2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\SysNative\wbem\WMIsvc.dll
[2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7600.16385_none_fca7ad7710a22535\WMIsvc.dll

< MD5 for: WSCSVC.DLL >
[2010/12/20 23:09:08 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=34D280957E8681E4BD9492B3F1FC27B9 -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.20862_none_76d192b6e4d9ed67\wscsvc.dll
[2010/12/20 23:16:27 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=8F9F3969933C02DA96EB0F84576DB43E -- C:\Windows\SysNative\wscsvc.dll
[2010/12/20 23:16:27 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=8F9F3969933C02DA96EB0F84576DB43E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16723_none_767435e5cb9af730\wscsvc.dll
[2009/07/13 18:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16385_none_76354f59cbc9dce8\wscsvc.dll

< End of report >

Brennan, Jul 23, 2012

#26

Brennan Newcomer, in training Posts: 52

OTL Extras logfile created on: 22/07/2012 11:02:55 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\User\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.87 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 62.50% Memory free
6.64 Gb Paging File | 5.00 Gb Available in Paging File | 75.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 2.88 Gb Free Space | 0.62% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{7AD1CB49-8904-429D-A8F2-9B00C2DF9225}C:\program files (x86)\steam\steamapps\brennanb\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\brennanb\counter-strike source\hl2.exe |
"TCP Query User{85CF49DD-4131-48A9-934E-2460FDE7B408}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{C0A4D0AF-1CF3-412C-BBAA-617696ACC053}C:\program files (x86)\ishutdown\ishutdown\ishutdown.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ishutdown\ishutdown\ishutdown.exe |
"UDP Query User{7AE475E9-3BCE-4589-BE63-4F1D5343D9D9}C:\program files (x86)\steam\steamapps\brennanb\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\brennanb\counter-strike source\hl2.exe |
"UDP Query User{B81FBB08-5DB4-4814-82A6-4F88959A1F17}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{FE5BB7A2-DBFC-47A7-B17C-52EF5D902698}C:\program files (x86)\ishutdown\ishutdown\ishutdown.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ishutdown\ishutdown\ishutdown.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08AB3EB6-158A-4415-8627-C41C629CC611}" = iShutdown
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D64833F8-860D-4216-8EDC-DD08AD68C0B5}" = LibreOffice 3.4
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2270DW
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"888poker" = 888poker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio Control Panel
"AviSynth" = AviSynth 2.5
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Diablo III" = Diablo III
"Empire Earth Gold Edition_is1" = Empire Earth Gold Edition
"Everything" = Everything 1.2.1.371
"FrostWire" = FrostWire 4.21.6
"HijackThis" = HijackThis 2.0.2
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"SequoiaView" = SequoiaView
"SFBM" = SoundFont Bank Manager
"Smart Recorder" = Creative Smart Recorder
"StarCraft II" = StarCraft II
"Steam App 21100" = F.E.A.R. 3
"Steam App 240" = Counter-Strike: Source
"Steam App 24790" = Command and Conquer 3: Tiberium Wars
"Steam App 300" = Day of Defeat: Source
"Steam App 39160" = Dungeon Siege III
"Steam App 39200" = Dungeon Siege 2
"Steam App 550" = Left 4 Dead 2
"Steam App 6870" = Battlestations: Midway
"SystemRequirementsLab" = System Requirements Lab
"Tibia_is1" = Tibia
"Universe Sandbox" = Universe Sandbox
"Videora iPod Converter" = Videora iPod Converter 6
"VLC media player" = VLC media player 1.1.10
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WaveStudio 7" = Creative WaveStudio 7
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"YouTube Downloader App" = YouTube Downloader App 3.00

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 13/06/2012 8:14:13 AM | Computer Name = User-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 28/06/2012 1:41:18 AM | Computer Name = User-PC | Source = Application Hang | ID = 1002
Description = The program hl2.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1270 Start Time:
01cd54ef7798ce25 Termination Time: 225 Application Path: c:\program files (x86)\steam\steamapps\brennanb\counter-strike
source\hl2.exe Report Id:

Error - 29/06/2012 4:08:42 AM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4f6cfb24 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4fb52e6c Exception code: 0xc0000005 Fault offset: 0x7468e36c Faulting
process id: 0xb88 Faulting application start time: 0x01cd55c4f95e06a5 Faulting application
path: c:\program files (x86)\steam\steamapps\brennanb\counter-strike source\hl2.exe
Faulting
module path: filesystem_steam.dll Report Id: a3af8c8e-c1c1-11e1-81f6-485b39f76cef

Error - 05/07/2012 10:08:57 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4febb13c Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4ff1ec29 Exception code: 0xc0000005 Fault offset: 0x7412e279 Faulting
process id: 0x13f4 Faulting application start time: 0x01cd5b1a3e2e093e Faulting application
path: c:\program files (x86)\steam\steamapps\brennanb\counter-strike source\hl2.exe
Faulting
module path: filesystem_steam.dll Report Id: 8ae96056-c70f-11e1-be4f-485b39f76cef

Error - 10/07/2012 10:50:01 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4febb13c Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4ff1ec29 Exception code: 0xc0000005 Fault offset: 0x6c2de279 Faulting
process id: 0x13c0 Faulting application start time: 0x01cd5f0c09cb1f8a Faulting application
path: c:\program files (x86)\steam\steamapps\brennanb\counter-strike source\hl2.exe
Faulting
module path: filesystem_steam.dll Report Id: 1bd078a6-cb03-11e1-bc18-485b39f76cef

Error - 17/07/2012 6:11:06 PM | Computer Name = User-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 13.0.1.4548 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: fd8 Start
Time: 01cd628204cba94a Termination Time: 229 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 4b6797ca-d05c-11e1-8a03-485b39f76cef

Error - 19/07/2012 1:12:39 AM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerPlugin_11_3_300_265.exe, version:
11.3.300.265, time stamp: 0x4febd5ac Faulting module name: NPSWF32_11_3_300_265.dll,
version: 11.3.300.265, time stamp: 0x4febd798 Exception code: 0xc0000005 Fault offset:
0x001d1e33 Faulting process id: 0x12e8 Faulting application start time: 0x01cd65393c37cc78
Faulting
application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Faulting
module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll Report
Id: 5c0f2afa-d160-11e1-8f13-485b39f76cef

Error - 19/07/2012 3:15:01 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerPlugin_11_3_300_265.exe, version:
11.3.300.265, time stamp: 0x4febd5ac Faulting module name: NPSWF32_11_3_300_265.dll,
version: 11.3.300.265, time stamp: 0x4febd798 Exception code: 0xc0000005 Fault offset:
0x000d6da0 Faulting process id: 0x2fc Faulting application start time: 0x01cd65dd935e19e5
Faulting
application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Faulting
module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll Report
Id: 094c3121-d1d6-11e1-8f2d-485b39f76cef

Error - 19/07/2012 6:15:43 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerPlugin_11_3_300_265.exe, version:
11.3.300.265, time stamp: 0x4febd5ac Faulting module name: NPSWF32_11_3_300_265.dll,
version: 11.3.300.265, time stamp: 0x4febd798 Exception code: 0xc0000005 Fault offset:
0x004923d1 Faulting process id: 0x1d3c Faulting application start time: 0x01cd65fa5c679591
Faulting
application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Faulting
module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll Report
Id: 47663953-d1ef-11e1-8f2d-485b39f76cef

Error - 22/07/2012 1:49:43 AM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: nvtray.exe, version: 7.17.13.142, time
stamp: 0x4fb20fcd Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850,
time stamp: 0x4e211da1 Exception code: 0xc000041d Fault offset: 0x000000000000a88d
Faulting
process id: 0xc8c Faulting application start time: 0x01cd66ae332ccc65 Faulting application
path: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe Faulting module path:
C:\Windows\system32\KERNELBASE.dll Report Id: 08b1a5bc-d3c1-11e1-81c4-485b39f76cef

[ Media Center Events ]
Error - 16/11/2010 12:52:44 PM | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 8:52:44 AM - Error connecting to the internet. 8:52:44 AM - Unable
to contact server..

Error - 16/11/2010 12:52:50 PM | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 8:52:49 AM - Error connecting to the internet. 8:52:49 AM - Unable
to contact server..

Error - 17/11/2010 12:25:49 PM | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 8:25:49 AM - Error connecting to the internet. 8:25:49 AM - Unable
to contact server..

Error - 17/11/2010 12:25:58 PM | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 8:25:54 AM - Error connecting to the internet. 8:25:54 AM - Unable
to contact server..

Error - 18/11/2010 1:39:56 PM | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 9:39:56 AM - Error connecting to the internet. 9:39:56 AM - Unable
to contact server..

Error - 18/11/2010 1:40:05 PM | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 9:40:01 AM - Error connecting to the internet. 9:40:01 AM - Unable
to contact server..

Error - 19/11/2010 1:10:24 PM | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 9:10:24 AM - Error connecting to the internet. 9:10:24 AM - Unable
to contact server..

Error - 19/11/2010 1:10:34 PM | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 9:10:30 AM - Error connecting to the internet. 9:10:30 AM - Unable
to contact server..

Error - 20/11/2010 1:18:14 PM | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 9:18:09 AM - Error connecting to the internet. 9:18:09 AM - Unable
to contact server..

Error - 05/01/2012 12:33:21 AM | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 8:33:16 PM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

[ System Events ]
Error - 20/07/2012 3:33:02 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 20/07/2012 3:33:02 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 20/07/2012 3:35:43 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the eventlog service.

Error - 22/07/2012 1:49:41 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 22/07/2012 1:49:41 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 22/07/2012 1:54:35 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 22/07/2012 1:56:36 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 22/07/2012 1:57:32 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 22/07/2012 2:00:27 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 22/07/2012 2:00:27 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

< End of report >

Brennan, Jul 23, 2012

#27
Jay Pfoutz Malware Helper Posts: 4,286 +49
ESET Online Scan

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats and the option Scan unwanted applications is checked

Click Scan (This scan can take several hours, so please be patient)

Once the scan is completed, you may close the window

Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic
Jay Pfoutz, Jul 23, 2012

#28
Brennan Newcomer, in training Posts: 52

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f9f25a16f618d1428505d2c3a678de5e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-24 10:26:04
# local_time=2012-07-24 03:26:04 (-0800, Pacific Daylight Time)
# country="Canada"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 7452881 7452881 0 0
# compatibility_mode=5893 16776574 100 94 54022 94664674 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=297154
# found=3
# cleaned=3
# scan_time=4340
C:\backup\Drive(D)\Documents and Settings\Brennan\Local Settings\Temp\CSM1A.tmp a variant of Win32/Adware.Mongoose.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\backup\Local Settings\Temp\CSM1A.tmp a variant of Win32/Adware.Mongoose.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\Installer\{5804b618-ffb5-9da5-151c-c2bec33ea925}\U\00000008.@.vir Win64/Agent.BA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Brennan, Jul 24, 2012

#29
Jay Pfoutz Malware Helper Posts: 4,286 +49
Please run OTL

Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

:OTL
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searc...SP_ss&mntrId=589b1fbf000000000000485b39f76cef
IE - HKCU\..\SearchScopes\{4920A831-C75B-45AE-8A72-5A4A3F5D70BB}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=3C20C497-D187-4605-A021-99A4690960FC
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=11...ss&mntrId=589b1fbf000000000000485b39f76cef&q="
[2011/07/28 00:06:58 | 000,002,396 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z4oofidk.default\searchplugins\askcom.xml
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/?q={searc...SP_ss&mntrId=589b1fbf000000000000485b39f76cef
CHR - Extension: Click 2 Save = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhnadmefmkcgjpegkbigbnmaakejlka\1.1_0\
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

:commands
[emptytemp]
[reboot]

Then click the Run Fix button at the top.

Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.

Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)
Jay Pfoutz, Jul 24, 2012

#30
Brennan Newcomer, in training Posts: 52

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4920A831-C75B-45AE-8A72-5A4A3F5D70BB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4920A831-C75B-45AE-8A72-5A4A3F5D70BB}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "http://search.babylon.com/?affID=11...ss&mntrId=589b1fbf000000000000485b39f76cef&q=" removed from keyword.URL
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z4oofidk.default\searchplugins\askcom.xml moved successfully.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhnadmefmkcgjpegkbigbnmaakejlka\1.1_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
File C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

Brennan, Jul 24, 2012

#31
Brennan Newcomer, in training Posts: 52

Great for some reason now this fake antivirus thing has taken over my computer (LiveSecurityPlatinum) even after "removal" with Malewarebytes, I am now in safe-mode w/ networking because it wouldn't let me open my "infected programs" aka everything in normal mode. It says no action taken but I was sure I selected removal and it prompted me to restart.

Database version: v2012.07.18.09

Windows 7 x64 NTFS (Safe Mode)
Internet Explorer 8.0.7600.16385
User :: USER-PC [administrator]

25/07/2012 1:38:27 AM
mbam-log-2012-07-25 (01-41-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207183
Time elapsed: 2 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> No action taken.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|hdwwabel (IPH.Trojan.Agent.CPN) -> Data: rundll32 "C:\Users\User\AppData\Local\Temp\ntkrkrnl.dll",CreateProcessNotify -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> No action taken.

Files Detected: 3
C:\Users\User\AppData\Local\Temp\ntkrkrnl.dll (IPH.Trojan.Agent.CPN) -> No action taken.
C:\Users\User\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> No action taken.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> No action taken.

(end)

Brennan, Jul 25, 2012

#32
Brennan Newcomer, in training Posts: 52

I did another scan with Malewarebytes in safemode this time it detected different things and successfully removed them and now it (the fake antivirus scareware) "seems" like it's gone. Here's the other log.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.25.03

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7600.16385
User :: USER-PC [administrator]

25/07/2012 1:55:59 AM
mbam-log-2012-07-25 (01-55-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208530
Time elapsed: 2 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|7531CC770009EDE70303F3074F147CE7 (Trojan.LameShield) -> Data: C:\ProgramData\7531CC770009EDE70303F3074F147CE7\7531CC770009EDE70303F3074F147CE7.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\ProgramData\7531CC770009EDE70303F3074F147CE7\7531CC770009EDE70303F3074F147CE7.exe (Trojan.LameShield) -> Quarantined and deleted successfully.

(end)

Brennan, Jul 25, 2012

#33
Jay Pfoutz Malware Helper Posts: 4,286 +49
Something else is hidden, then...

Please download aswMBR from here

Save aswMBR.exe to your Desktop

Double click aswMBR.exe to run it

Click the Scan button to start the scan as illustrated below

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

Once the scan finishes click Save log to save the log to your Desktop

Copy and paste the contents of aswMBR.txt back here for review
Jay Pfoutz, Jul 25, 2012

#34
Brennan Newcomer, in training Posts: 52

Thankyou for your time and patience with me in this.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-25 04:02:30
-----------------------------
04:02:30.710 OS Version: Windows x64 6.1.7600
04:02:30.710 Number of processors: 4 586 0x2502
04:02:30.710 ComputerName: USER-PC UserName: User
04:02:31.349 Initialize success
04:03:46.804 AVAST engine defs: 12072500
04:04:16.345 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
04:04:16.347 Disk 0 Vendor: WDC_WD5000AAKS-00UU3A0 01.03B01 Size: 476940MB BusType: 3
04:04:16.349 Disk 0 MBR read successfully
04:04:16.350 Disk 0 MBR scan
04:04:16.353 Disk 0 Windows 7 default MBR code
04:04:16.356 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
04:04:16.389 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
04:04:16.448 Disk 0 scanning C:\Windows\system32\drivers
04:04:27.761 Service scanning
04:04:58.789 Modules scanning
04:04:58.789 Disk 0 trace - called modules:
04:04:58.820 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
04:04:58.820 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048bd060]
04:04:58.836 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8004662520]
04:04:58.836 5 ACPI.sys[fffff88000ed3781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800465e680]
04:04:59.959 AVAST engine scan C:\Windows
04:05:03.984 AVAST engine scan C:\Windows\system32
04:08:33.260 AVAST engine scan C:\Windows\system32\drivers
04:08:45.974 AVAST engine scan C:\Users\User
04:25:03.757 AVAST engine scan C:\ProgramData
04:28:51.377 Scan finished successfully
04:39:14.333 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
04:39:14.442 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

Brennan, Jul 25, 2012

#35
Jay Pfoutz Malware Helper Posts: 4,286 +49
I'm only glad to help.

Download RogueKiller and save it on your desktop.

Quit all programs

Start RogueKiller.exe.

Wait until Prescan has finished ...

Click on Scan

Wait for the end of the scan.

The report has been created on the desktop.

Click on the Delete button.

The report has been created on the desktop.

Next click on the ShortcutsFix

The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.
Jay Pfoutz, Jul 25, 2012

#36
Brennan Newcomer, in training Posts: 52

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: User [Admin rights]
Mode: Scan -- Date: 07/25/2012 14:40:21

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKS-00UU3A0 ATA Device +++++
--- User ---
[MBR] 0af43876e4cee27dd482a2b70b27b356
[BSP] 9cba2c0a0cebbb0adaf098c14e15233e : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: User [Admin rights]
Mode: Remove -- Date: 07/25/2012 14:40:49

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKS-00UU3A0 ATA Device +++++
--- User ---
[MBR] 0af43876e4cee27dd482a2b70b27b356
[BSP] 9cba2c0a0cebbb0adaf098c14e15233e : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: User [Admin rights]
Mode: Shortcuts HJfix -- Date: 07/25/2012 14:41:48

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 7 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 129 / Fail 0
My documents: Success 4 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 1418 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 11932 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume3 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume6 -- 0x2 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Brennan, Jul 25, 2012

#37
Jay Pfoutz Malware Helper Posts: 4,286 +49
WhyIGotInfected

Download WhyIGotInfected.exe to your Desktop.

Double-click on WhyIGotInfected.exe to start the program.

In "Plugins"

Click on "Scan".

Then click "Report." Close the report.

If the lines appear in red, the plugin is outdated. In this case, double click on the line in question, and it will download and install the plugin (from the official site)

When all outdated plugins are updated:

Click again on "Scan".

Then click the "Report".

Copy paste the contents of two reports (on the desktop, WIGIReport [x].txt) in your next reply.
Jay Pfoutz, Jul 26, 2012

#38
Brennan Newcomer, in training Posts: 52

WhyIGotInfected v1.5.4(by Tigzy)
********************************

Run : 26/07/2012 3:15:37 AM [Normal Mode]
Machine : USER-PC (4 CPUs) [User : NOT ADMIN]
OS: Microsoft Windows 7 Home Premium (x64)

~~ Plugins check: ~~

OUTDATED [Microsoft Windows 7 Home Premium ] Current : -- Latest : Service Pack 1
OUTDATED [Firefox (x86)] Current : 13.0.1 -- Latest : 14.0.1
OUTDATED [Internet Explorer] Current : 8.0.7600.16385 -- Latest : 9.0.8112.16421
OUTDATED [Internet Explorer (x86)] Current : 8.0.7600.16385 -- Latest : 9.0.8112.16421
OUTDATED [Java (x86)] Current : 1.6.0_31 -- Latest : 1.7.0_05
OUTDATED [Adobe Reader (x86)] Current : 90 -- Latest : 10
UPTODATE [Adobe Flash FF Plugin] Current : 11.3.300.265 -- Latest : 11.3.300.265
UPTODATE [Adobe Flash FF Plugin (x86)] Current : 11.3.300.265 -- Latest : 11.3.300.265

Finished
<C:\Users\User\Desktop\WIGIReport[0].txt>
WIGIReport[0].txt

WhyIGotInfected v1.5.4(by Tigzy)
********************************

Run : 26/07/2012 3:55:26 AM [Normal Mode]
Machine : USER-PC (4 CPUs) [User : NOT ADMIN]
OS: Microsoft Windows 7 Home Premium (x64)

~~ Plugins check: ~~

OUTDATED [Microsoft Windows 7 Home Premium ] Current : -- Latest : Service Pack 1 - Windows Update isn't listing it.
UPTODATE [Firefox (x86)] Current : 14.0.1 -- Latest : 14.0.1
UPTODATE [Internet Explorer] Current : 9.0.8112.16421 -- Latest : 9.0.8112.16421
UPTODATE [Internet Explorer (x86)] Current : 9.0.8112.16421 -- Latest : 9.0.8112.16421
UPTODATE [Java (x86)] Current : 1.7.0_05 -- Latest : 1.7.0_05
OUTDATED [Adobe Reader (x86)] Current : 100 -- Latest : 10 - Installed and working maybe it's checking for the French version? (It linked to the French website)
UPTODATE [Adobe Flash FF Plugin] Current : 11.3.300.265 -- Latest : 11.3.300.265
UPTODATE [Adobe Flash FF Plugin (x86)] Current : 11.3.300.265 -- Latest : 11.3.300.265

Finished
<C:\Users\User\Desktop\WIGIReport[1].txt>
WIGIReport[0].txt ; WIGIReport[1].txt

Brennan, Jul 26, 2012

#39
Jay Pfoutz Malware Helper Posts: 4,286 +49
Installed and working maybe it's checking for the French version?

Probably. LOL

Here is the information obtained from:http://windows.microsoft.com/en-US/windows7/install-windows-7-service-pack-1

Downloading and installing SP1 from the Microsoft Download Center
If you have problems getting the service pack from Windows Update, you can download the SP1 installation package from the Microsoft Download Center, and then install SP1 manually.

Go to the Windows 7 Service Pack 1 download webpage on the Microsoft website, and then click Continue.

Choose either the 32-bit (x86) or the 64-bit (x64) version of SP1 depending on whether you're running the 32-bit or the 64-bit version of Windows 7, and then click Download.

To find out which version you're running, click the Start button , right-click Computer, and then click Properties. Under System, next to System type, you can view the operating system.

To install SP1 immediately, click Open or Run, and then follow the instructions on your screen. To install SP1 later, click Save and download the installation file to your computer. When you're ready to install SP1, double-click the file.

On the Install Windows 7 Service Pack 1 page, click Next.

Follow the instructions on your screen. Your computer might restart during the installation.

After installation is complete, log on to your computer at the Windows logon prompt. You might see a notification indicating whether the update was successful.

If you disabled your antivirus software, enable it again.
Jay Pfoutz, Jul 26, 2012

#40

Page 2 of 4

Topic Status:: Not open for further replies.

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.