Solved Unable to view AV websites

Status
Not open for further replies.
D

dymock

Posts: 7   +0
Hello,

I am unable to view AV websites, microsoft and some others, these all redirect back to my homepage or provide a missing URL page. Also had trouble with internet banking asking for far more information than is normally required (only on this pc) so obviously have changed passwords, etc, from another pc. This happens in both FF and Chrome, the other pc I use is entirely unaffected.

I haven't been able to find any malware as yet, using Avast and other programmes I already had installed and then laterly following your 5 steps as recorded below. I would be grateful for any help with this as it seems to be outfoxing all the programmes I have tried so far. Malware came up with nothing as copied below and GMER was also blank, hence no log.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.15.03

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Me :: ALAN [administrator]

15/05/2012 13:41:49
mbam-log-2012-05-15 (13-41-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196830
Time elapsed: 3 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by Me at 15:54:18 on 2012-05-15
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3836.1803 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Advent\AIO\Center\ADAIOHostService.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\spool\drivers\x64\3\ADAiO2MUI.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Windows\splwow64.exe
C:\Users\Me\AppData\Roaming\Qaaqi\toyd.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\notepad.exe
Q:\140066.enu\Office14\WINWORDC.EXE
Q:\140066.enu\Office14\OffSpon.EXE
C:\Users\Me\Downloads\n21qw65h.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Mehoc] C:\Users\Me\AppData\Roaming\Qaaqi\toyd.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_Plugin.exe -update plugin
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Me\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{66AF9F3D-33FC-4E8E-971B-F65E7FA4224F} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{66AF9F3D-33FC-4E8E-971B-F65E7FA4224F}\4597464697E6 : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce-x64: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\w02wtz2o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
R2 Advent AIO Network Discovery Service;Advent AIO Network Discovery Service;C:\Program Files (x86)\Advent\AIO\Center\ADAIOHostService.exe [2011-10-14 361904]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-2-16 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-5-15 44768]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-2-16 673088]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-15 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 253600]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-15 136176]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-05-15 12:40:50 -------- d-----w- C:\Users\Me\AppData\Roaming\Malwarebytes
2012-05-15 12:40:39 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-15 12:40:38 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-15 12:40:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-15 10:49:33 -------- d-----w- C:\Users\Me\AppData\Roaming\SUPERAntiSpyware.com
2012-05-15 10:49:01 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-05-15 10:49:01 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-05-15 10:23:13 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-05-15 10:23:13 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-15 09:20:27 -------- d-----w- C:\Users\Me\AppData\Local\Google
2012-05-15 09:20:14 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-05-15 09:20:11 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-05-15 09:20:07 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-05-15 09:19:22 41184 ----a-w- C:\Windows\avastSS.scr
2012-05-15 09:19:11 -------- d-----w- C:\ProgramData\AVAST Software
2012-05-15 09:19:11 -------- d-----w- C:\Program Files\AVAST Software
2012-05-08 09:36:34 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{646AC93D-FABE-4C88-AFC9-327C1C998A12}\offreg.dll
2012-04-19 08:56:19 -------- d-----w- C:\Users\Me\AppData\Roaming\Qaaqi
2012-04-19 08:56:19 -------- d-----w- C:\Users\Me\AppData\Roaming\Inkea
2012-04-19 08:56:19 -------- d-----w- C:\Users\Me\AppData\Roaming\Apefr
.
==================== Find3M ====================
.
2012-04-04 13:46:37 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-04 13:46:36 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 11:21:58 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2012-03-17 12:05:33 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-23 08:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-16 06:47:28 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-02-16 06:47:28 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-02-16 06:47:28 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2012-02-16 06:34:58 0 ----a-w- C:\Windows\ativpsrm.bin
2012-02-16 06:19:14 455680 ----a-w- C:\Windows\System32\deployJava1.dll
2012-02-16 06:13:59 78848 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-02-16 06:08:52 80 --sh--r- C:\Windows\CT4CET.bin
2012-02-16 05:59:26 51712 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2012-02-16 05:59:26 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2012-02-16 05:58:49 30296 ----a-w- C:\Windows\System32\drivers\msahci.sys
2012-02-16 05:58:44 630272 ----a-w- C:\Windows\System32\evr.dll
2012-02-16 05:58:44 488448 ----a-w- C:\Windows\SysWow64\evr.dll
2012-02-16 05:58:38 327680 ----a-w- C:\Windows\System32\drivers\udfs.sys
2012-02-16 05:58:29 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2012-02-16 05:58:29 100864 ----a-w- C:\Windows\System32\fontsub.dll
2012-02-16 05:56:06 91648 ----a-w- C:\Windows\System32\isoburn.exe
2012-02-16 05:56:06 86528 ----a-w- C:\Windows\SysWow64\isoburn.exe
2012-02-16 05:50:34 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2012-02-16 05:50:34 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2012-02-16 05:50:25 46592 ----a-w- C:\Windows\System32\msasn1.dll
2012-02-16 05:50:25 34816 ----a-w- C:\Windows\SysWow64\msasn1.dll
2012-02-16 05:49:43 1975296 ----a-w- C:\Windows\System32\CertEnroll.dll
2012-02-16 05:49:43 1320960 ----a-w- C:\Windows\SysWow64\CertEnroll.dll
.
============= FINISH: 15:56:30.96 ===============

As nothing obvious (to me at least) seems to be showing up as a problem I am unsure what to do next, barring a complete reinstall.

Thanks for any help.
 
Welcome to TechSpot! I'll help with the malware. You do have several malware entries plus some 'mystery' entries we'll have to look into.

There is a another log from DDS named Attach.txt. Please see if you can locate that on your system> paste it in your next reply please and do no zip it.
Since you're working from the thread steps, did you miss GMER? If so please run. If you ran, did it produce a log?

Regarding this:
Also had trouble with internet banking asking for far more information than is normally required
Click to expand...

What is the source of the request? Email? Or when you logon to the bank site?
Either way, please do not give out any additional information regarding the banking or any other financial transactions at this point.
------------------------------------------------------
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------

  • Download Combofix from HERE or HEREand save to the desktop
    • Double click combofix.exe
      cf-icon.jpg
      & follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
      Click to expand...
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • Close any open browsers.
  • Before you run the Combofix scan, please disable any security software you have running.
    (If you need help with this, please see HERE)
  • Click on Yes, to continue scanning for malware
  • If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficultyand terminates prematurely, the connection can be manually restored by restarting your machine.
-----------------------------------------------------------------

You can try to access this Eset Online Virus Scan:
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

If Eset won't run in either FF or CHR, please try it in IE.
---------------------------------------------------------------
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
Threads are closed after 5 days if there is no reply.

Please leave the logs in your next reply.
 
Sorry I missed the Attach.txt log from DDS, I was thrown by the 'do not post this yet' note at the top, log posted below.

I ran GMER but it did not produce a log, do you want me to run it again?

The bank problems are when trying to log on, it presented a webform much like the normal bank style but asking for all sorts of extra information. So I changed my password and so on, on another machine and checked with their helpline to confirm the info requested is bogus.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 05/03/2012 14:28:16
System Uptime: 09/05/2012 10:54:36 (149 hours ago)
.
Motherboard: Dell Inc. | | 0C8PJJ
Processor: AMD Athlon(tm) II P360 Dual-Core Processor | CPU 1 | 1679/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 227.601 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP15: 06/05/2012 21:49:54 - Scheduled Checkpoint
RP16: 15/05/2012 10:18:49 - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
7-Zip 9.20
AdC4USelfUpdater
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2
Advanced Audio FX Engine
ADVENT AIO Printer
Advent Essentials
aioscnnr
avast! Free Antivirus
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CyberLink PowerDVD 9.5
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Getting Started Guide
Dell Webcam Central
GnuWin32: sed-4.2.1
Google Chrome
Google Update Helper
Java Auto Updater
Java(TM) 6 Update 22
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 11.0 (x86 en-GB)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.3
PreReq
Realtek High Definition Audio Driver
Roxio Burn
Skype Toolbars
Skype™ 4.1
Spybot - Search & Destroy
Universal Extractor 1.6.1
VLC media player 2.0.1
.
==== Event Viewer Messages From Past Week ========
.
15/05/2012 12:13:11, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR12.
14/05/2012 17:34:14, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.76. The computer with the IP address 192.168.1.64 did not allow the name to be claimed by this computer.
10/05/2012 16:38:55, Error: bowser [8003] - The master browser has received a server announcement from the computer NICI-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{66AF9F3D-33FC-4E8E-971B-F65E7FA4224F}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================
ComboFix 12-05-16.01 - Me 16/05/2012 9:47.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3836.1618 [GMT 1:00]
Running from: c:\users\Me\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Me\AppData\Roaming\Qaaqi
c:\users\Me\AppData\Roaming\Qaaqi\toyd.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-16 to 2012-05-16 )))))))))))))))))))))))))))))))
.
.
2012-05-15 12:40 . 2012-05-15 12:40 -------- d-----w- c:\users\Me\AppData\Roaming\Malwarebytes
2012-05-15 12:40 . 2012-05-15 12:40 -------- d-----w- c:\programdata\Malwarebytes
2012-05-15 12:40 . 2012-05-15 12:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-15 12:40 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-15 10:49 . 2012-05-15 10:49 -------- d-----w- c:\users\Me\AppData\Roaming\SUPERAntiSpyware.com
2012-05-15 10:49 . 2012-05-15 10:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-15 10:49 . 2012-05-15 10:49 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-15 10:23 . 2012-05-15 10:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-15 10:23 . 2012-05-15 10:23 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-05-15 09:20 . 2012-05-15 09:24 -------- d-----w- c:\users\Me\AppData\Local\Google
2012-05-15 09:20 . 2012-05-15 09:22 -------- d-----w- c:\program files (x86)\Google
2012-05-15 09:20 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-05-15 09:20 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-05-15 09:20 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-05-15 09:20 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-05-15 09:20 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-15 09:20 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-15 09:20 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-05-15 09:19 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-05-15 09:19 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-05-15 09:19 . 2012-05-15 09:19 -------- d-----w- c:\programdata\AVAST Software
2012-05-15 09:19 . 2012-05-15 09:19 -------- d-----w- c:\program files\AVAST Software
2012-04-19 08:56 . 2012-05-16 08:29 -------- d-----w- c:\users\Me\AppData\Roaming\Inkea
2012-04-19 08:56 . 2012-04-19 08:56 -------- d-----w- c:\users\Me\AppData\Roaming\Apefr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 13:46 . 2012-04-04 13:46 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-04 13:46 . 2012-03-18 17:23 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 11:23 . 2012-04-04 11:23 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-04-04 11:23 . 2012-04-04 11:23 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-04-04 11:23 . 2012-04-04 11:23 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-04-04 11:23 . 2012-04-04 11:23 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-04-04 11:23 . 2012-04-04 11:23 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-04-04 11:23 . 2012-04-04 11:23 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-04-04 11:23 . 2012-04-04 11:23 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-04-04 11:23 . 2012-04-04 11:23 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-04-04 11:23 . 2012-04-04 11:23 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-04-04 11:23 . 2012-04-04 11:23 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-04-04 11:23 . 2012-04-04 11:23 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-04-04 11:23 . 2012-04-04 11:23 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-04-04 11:23 . 2012-04-04 11:23 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-04-04 11:23 . 2012-04-04 11:23 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-04-04 11:23 . 2012-04-04 11:23 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-04-04 11:23 . 2012-04-04 11:23 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-04-04 11:23 . 2012-04-04 11:23 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-04-04 11:23 . 2012-04-04 11:23 448512 ----a-w- c:\windows\system32\html.iec
2012-04-04 11:23 . 2012-04-04 11:23 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-04-04 11:23 . 2012-04-04 11:23 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-04-04 11:23 . 2012-04-04 11:23 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-04-04 11:23 . 2012-04-04 11:23 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-04-04 11:23 . 2012-04-04 11:23 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-04-04 11:23 . 2012-04-04 11:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-04 11:23 . 2012-04-04 11:23 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-04-04 11:23 . 2012-04-04 11:23 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-04-04 11:23 . 2012-04-04 11:23 222208 ----a-w- c:\windows\system32\msls31.dll
2012-04-04 11:23 . 2012-04-04 11:23 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-04-04 11:23 . 2012-04-04 11:23 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-04-04 11:23 . 2012-04-04 11:23 160256 ----a-w- c:\windows\system32\wextract.exe
2012-04-04 11:23 . 2012-04-04 11:23 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-04-04 11:23 . 2012-04-04 11:23 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-04-04 11:23 . 2012-04-04 11:23 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-04-04 11:23 . 2012-04-04 11:23 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-04-04 11:23 . 2012-04-04 11:23 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-04-04 11:23 . 2012-04-04 11:23 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-04-04 11:23 . 2012-04-04 11:23 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-04-04 11:23 . 2012-04-04 11:23 12288 ----a-w- c:\windows\system32\mshta.exe
2012-04-04 11:23 . 2012-04-04 11:23 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-04-04 11:23 . 2012-04-04 11:23 114176 ----a-w- c:\windows\system32\admparse.dll
2012-04-04 11:23 . 2012-04-04 11:23 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-04-04 11:23 . 2012-04-04 11:23 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-04-04 11:21 . 2012-04-04 11:21 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-04-04 11:21 . 2012-04-04 11:21 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2012-04-04 11:21 . 2012-04-04 11:21 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-04-04 11:21 . 2012-04-04 11:21 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-04-04 11:21 . 2012-04-04 11:21 4068864 ----a-w- c:\windows\system32\mf.dll
2012-04-04 11:21 . 2012-04-04 11:21 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2012-04-04 11:21 . 2012-04-04 11:21 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-04-04 11:21 . 2012-04-04 11:21 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-04-04 11:21 . 2012-04-04 11:21 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-04-04 11:21 . 2012-04-04 11:21 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-04-04 11:21 . 2012-04-04 11:21 206848 ----a-w- c:\windows\system32\mfps.dll
2012-04-04 11:21 . 2012-04-04 11:21 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2012-04-04 11:21 . 2012-04-04 11:21 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-04-04 11:21 . 2012-04-04 11:21 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-04-04 11:21 . 2012-04-04 11:21 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2012-04-04 11:21 . 2012-04-04 11:21 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2012-04-04 11:21 . 2012-04-04 11:21 144384 ----a-w- c:\windows\system32\cdd.dll
2012-04-04 11:21 . 2012-04-04 11:21 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2012-04-04 11:21 . 2012-04-04 11:21 1133568 ----a-w- c:\windows\system32\FntCache.dll
2012-03-20 02:51 . 2012-04-03 10:31 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{646AC93D-FABE-4C88-AFC9-327C1C998A12}\mpengine.dll
2012-03-17 12:05 . 2012-03-17 12:06 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 08:18 . 2012-03-30 08:36 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-01 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-24 102400]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-14 50472]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-05-21 165184]
.
c:\users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-15 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 253600]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-15 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Advent AIO Network Discovery Service;Advent AIO Network Discovery Service;c:\program files (x86)\Advent\AIO\Center\ADAIOHostService.exe [2011-10-14 361904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-05-21 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-05-21 673088]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWSNX
*NewlyCreated* - SASDIFSV
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 13:46]
.
2012-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-15 09:20]
.
2012-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-15 09:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-06-30 3200672]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-15 10918504]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"ADAiO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\ADAiO2MUI.exe" [2010-10-18 2779136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\w02wtz2o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Mehoc - c:\users\Me\AppData\Roaming\Qaaqi\toyd.exe
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2012-05-16 10:21:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-16 09:21
.
Pre-Run: 248,283,992,064 bytes free
Post-Run: 247,950,123,008 bytes free
.
- - End Of File - - 9371FDD5B2A708E8813F677C65CD9CE4

ESET worked fine in FF, here is the log:

C:\Qoobox\Quarantine\C\Users\Me\AppData\Roaming\Qaaqi\toyd.exe.vir a variant of Win32/Kryptik.AFHN trojan cleaned by deleting - quarantined

Thanks very much for your help so far!
 
Please tell me about the system:

Install Date: 05/03/2012 14:28:16>> Original install or reinstall?
System Uptime: 09/05/2012 10:54:36 (149 hours ago)>> Install date to current up time is 6 days.

System has been running for 6.2 days. Do you know that you need to reboot Windows occasionally to free up memory?

There is major activity showing on 2012-04-04 11:21 so this must be newly reinstalled or upgraded?

About Avast:
You put it on the system 2012-03-06 23:01> "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
But you downloded it again 2012-05-15 09:19 -------- d-----w- c:\program files\AVAST Software

About Mbam:
You already had it on the system 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
But you downloaded it again on 2012-05-15 12:40 . -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

The only possible malware entries I see so far are:
2012-04-19 08:56 . 2012-05-16 08:29 -------- d-----w- c:\users\Me\AppData\Roaming\Inkea
2012-04-19 08:56 . 2012-04-19 08:56 -------- d-----w- c:\users\Me\AppData\Roaming\Apefr

Can you clarify this for me please:
I am unable to view AV websites, microsoft and some others, these all redirect back to my homepage or provide a missing URL page
Click to expand...

The one entry in Eset for Qoobox is a file that has been quarantined in Combofix already.
 
Bobbye said:
Please tell me about the system:

Install Date: 05/03/2012 14:28:16>> Original install or reinstall? This was (roughly) the purchase date from Dell Outlet, the computer is refurbished by them so I assume this is is when they refurbished it.
System Uptime: 09/05/2012 10:54:36 (149 hours ago)>> Install date to current up time is 6 days. Not sure I follow?

System has been running for 6.2 days. Do you know that you need to reboot Windows occasionally to free up memory? Ah yes, this machine is used pretty much just for internet browsing so I have been a little lax with rebooting (used to Macs, though no excuse I know). I will make a point of rebooting more often, thanks for pointing it out.

There is major activity showing on 2012-04-04 11:21 so this must be newly reinstalled or upgraded? This was a system restore, unless I have got my dates muddled, following quite a large number of updates that caused the machine to refuse to hibernate and have problems with logons and so on, hence the restore.

About Avast:
You put it on the system 2012-03-06 23:01> "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
But you downloded it again 2012-05-15 09:19 -------- d-----w- c:\program files\AVAST Software I reinstalled it as I thought the other one had been uninstalled, possibly just forgetfulness on my part.

About Mbam:
You already had it on the system 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
But you downloaded it again on 2012-05-15 12:40 . -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware Never used MBAM before coming to this website, so not sure why it would already be on the system.

The only possible malware entries I see so far are:
2012-04-19 08:56 . 2012-05-16 08:29 -------- d-----w- c:\users\Me\AppData\Roaming\Inkea
2012-04-19 08:56 . 2012-04-19 08:56 -------- d-----w- c:\users\Me\AppData\Roaming\Apefr

Can you clarify this for me please:
I am unable to view AV websites, microsoft and some others, these all redirect back to my homepage or provide a missing URL page
Click to expand...
Up until following your advice when trying to visit an AV website on this machine (including AVG, Avast, Norton and other sites including spybot and SAS) I was returned to the homepage or given a dead URL message. I was able to search for AVG for example and could see the link in google but could not follow it. This has only been the case very recently as far as I am aware.

Since running ESET and Combofix under your instruction I can now access AV websites on this machine, though I am reluctant to try the bank website until you give the all clear.

The one entry in Eset for Qoobox is a file that has been quarantined in Combofix already.
Click to expand...

My replies in blue, thanks for your help so far.
 
I can get to AV websites and microsoft fine without being diverted and I have justed tried the bank website and the information requested is back to normal, so that quarantined trojan you found appears to be the cause of that at least. Thank you.
 
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
File::
DDS::
C:\Users\Me\Downloads\n21qw65h.exe
uRun: [Mehoc] C:\Users\Me\AppData\Roaming\Qaaqi\toyd.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Folder::
C:\Users\Me\AppData\Local\Google
C:\Users\Me\AppData\Roaming\Qaaqi
C:\Users\Me\AppData\Roaming\Inkea
C:\Users\Me\AppData\Roaming\Apefr
c:\program files (x86)\Google
 
Clearjavacache::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
About your Office Programs. You should review the following. Keep what you want, remove what you're not going to use:

You have this in the Startup Menu:
StartupFolder: C:\Users\Me\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
Click to expand...

Installed:
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
OpenOffice.org 3.3

Re:Office Starter 2010> http://office.microsoft.com/en-us/starter/
Q:\140066.enu\Office14\WINWORDC.EXE>> Word 2010 Starter
Q:\140066.enu\Office14\OffSpon.EXE>> offspon.exe is the process that displays the rotating advertisements in Microsoft Office Starter Edition
It is a legitimate program, but because its sole purpose is to display advertisements, it should be uninstalled
===================================================
Please check the referenced site for this process:
2012-04-04 11:21 144384 ----a-w- c:\windows\system32\cdd.dll>>>
Microsoft Canonical Display Driver Code Execution Vulnerability>>> http://www.securiteam.com/windowsntfocus/5AP391521W.html
=================================================
Please update the following:
Note: Check each download screen for any pre-checked Toolbars or BHOs. Uncheck them before the download.
Adobe Reader > Current is vX(10.xx)> Adobe Reader Update
Java(TM) > Current is v6u32> Java Updates .
Uninstall any earlier versions in of both as they are vulnerabilities for the system.

Please leave the new Combofix log after you run the script.
 
Any particular reason it is going after Chrome so much? For reference FF is my default browser.

Thanks.

Here is the log as requested:

ComboFix 12-05-26.02 - Me 26/05/2012 13:18:47.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3836.2648 [GMT 1:00]
Running from: c:\users\Me\Downloads\ComboFix.exe
Command switches used :: c:\users\Me\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\avcodec-54.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\avformat-54.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\avutil-51.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\chrome.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\chrome_frame_helper.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\chrome_frame_helper.exe
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\chrome_launcher.exe
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\d3dcompiler_43.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\d3dx9_43.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\default_apps\external_extensions.json
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\default_apps\gmail.crx
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\default_apps\search.crx
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\default_apps\youtube.crx
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Extensions\external_extensions.json
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\flashplayerapp.exe
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\flashplayercplapp.cpl
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\icudt.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Installer\setup.exe
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\libegl.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\libglesv2.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\am.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\am.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\ar.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\ar.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\bg.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\bg.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\bn.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\bn.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\ca.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\ca.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\cs.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\cs.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\da.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\da.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\de.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\de.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\el.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\el.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\en-GB.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\en-GB.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\en-US.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\en-US.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\es-419.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\es-419.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\es.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\es.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\et.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\et.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\fa.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\fa.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\fi.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\fi.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\fil.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\fil.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\fr.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\fr.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\gu.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\gu.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\he.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\he.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\hi.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\hi.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\hr.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\hr.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\hu.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\hu.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\id.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\id.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\it.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\it.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\ja.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\ja.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\kn.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\kn.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\ko.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\ko.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\lt.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\lt.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\lv.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\lv.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\ml.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\ml.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\mr.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\mr.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\ms.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\ms.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\nb.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\nb.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\nl.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\nl.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\pl.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\pl.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\pt-BR.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\pt-BR.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\pt-PT.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\pt-PT.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\ro.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\ro.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\ru.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\ru.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\sk.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\sk.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\sl.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\sl.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\sr.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\sr.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\sv.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\sv.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\sw.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\sw.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\ta.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\ta.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\te.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\te.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\th.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\th.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\tr.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\tr.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\uk.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\uk.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\vi.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\vi.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\zh-CN.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\zh-CN.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\zh-TW.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Locales\zh-TW.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\nacl_irt_x86_32.nexe
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\nacl_irt_x86_64.nexe
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\nacl64.exe
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\npchrome_frame.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\pdf.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\plugin.vch
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\ppgooglenaclpluginchrome.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\resources.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\xinput1_3.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\avformat-54.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\avutil-51.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\chrome.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\chrome_frame_helper.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\chrome_frame_helper.exe
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\chrome_launcher.exe
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\d3dcompiler_43.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\d3dx9_43.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\default_apps\external_extensions.json
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\default_apps\gmail.crx
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\default_apps\search.crx
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\default_apps\youtube.crx
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Extensions\external_extensions.json
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\flashplayerapp.exe
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\flashplayercplapp.cpl
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\icudt.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Installer\chrome.7z
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Installer\setup.exe
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\libegl.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\libglesv2.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\am.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\am.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\ar.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\ar.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\bg.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\bg.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\bn.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\bn.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\ca.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\ca.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\cs.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\cs.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\da.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\da.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\de.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\de.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\el.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\el.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\en-GB.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\en-GB.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\en-US.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\en-US.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\es-419.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\es-419.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\es.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\es.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\et.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\et.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\fa.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\fa.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\fi.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\fi.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\fil.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\fil.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\fr.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\fr.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\gu.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\gu.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\he.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\he.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\hi.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\hi.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\hr.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\hr.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\hu.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\hu.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\id.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\id.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\it.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\it.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\ja.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\ja.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\kn.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\kn.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\ko.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\ko.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\lt.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\lt.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\lv.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\lv.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\ml.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\ml.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\mr.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\mr.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\ms.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\ms.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\nb.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\nb.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\nl.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\nl.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\pl.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\pl.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\pt-BR.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\pt-BR.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\pt-PT.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\pt-PT.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\ro.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\ro.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\ru.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\ru.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\sk.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\sk.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\sl.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\sl.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\sr.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\sr.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\sv.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\sv.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\sw.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\sw.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\ta.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\ta.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\te.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\te.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\th.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\th.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\tr.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\tr.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\uk.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\uk.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\vi.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\vi.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\zh-CN.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\zh-CN.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\zh-TW.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Locales\zh-TW.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\nacl_irt_x86_32.nexe
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\nacl_irt_x86_64.nexe
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\nacl64.exe
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\npchrome_frame.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\plugin.vch
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\ppgooglenaclpluginchrome.dll
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\resources.pak
c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\xinput1_3.dll
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\master_preferences
c:\program files (x86)\Google\Chrome\Application\wow_helper.exe
c:\program files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.21.111\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.21.111\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.21.111\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.21.111\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.21.111\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.21.111\goopdate.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.21.111\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.21.111\psmachine.dll
c:\program files (x86)\Google\Update\1.3.21.111\psuser.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.111\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\19.0.1084.52\chrome_updater.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\users\Me\AppData\Local\Google
c:\users\Me\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Archived History
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000002
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000004
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000005
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000006
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000007
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000008
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000009
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000a
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000b
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000013
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000014
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000015
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000016
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000017
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Cache\index
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Cookies
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Current Session
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\128.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\manifest.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ar\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\bg\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ca\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\cs\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\da\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\de\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\el\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\en\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\en_GB\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\en_US\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\es\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\es_419\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\et\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\fi\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\fil\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\fr\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\he\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\hi\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\hr\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\hu\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\id\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\it\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ja\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ko\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\lt\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\lv\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\nl\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\no\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\pl\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\pt_BR\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\pt_PT\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ro\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\ru\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\sk\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\sl\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\sr\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\sv\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\th\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\tr\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\uk\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\vi\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\zh_CN\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\_locales\zh_TW\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\128.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\16.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\32.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\48.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\manifest.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\ar\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\be\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\bg\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\ca\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\cs\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\da\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\de\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\el\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\en\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\en_GB\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\es\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\et\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\fa\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\fi\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\fr\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\he\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\hr\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\hu\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\id\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\it\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\ja\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\ko\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\nb\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\nl\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\pl\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\pt_BR\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\pt_PT\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\ro\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\ru\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\sk\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\sl\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\sr\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\sv\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\th\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\tr\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\uk\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\ur\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\vi\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\zh_CN\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\zh_TW\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\background.html
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\manifest.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\popup.html
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\scripts\anchor.js
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\scripts\background.js
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\scripts\dateFormat.js
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\scripts\jquery.js
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\scripts\mouse.js
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\scripts\pbj.js
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\scripts\popup.js
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\scripts\protobuf.js
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\scripts\query.js
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\scripts\ratings.js
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\scripts\warnDlg.js
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\scripts\wrc_gpb.js
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\css\anchor.css
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\css\popup.css
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\background-body.jpg
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\background-right-bottom.jpg
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\background-right-top.jpg
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\close.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\disabled.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\grey.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\horizontal-line-white.jpg
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\horizontal-line.jpg
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icon_incorrect.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\corporate-small-disable.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\corporate-small-selected.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\corporate.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\drugs-small-disable.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\drugs-small-selected.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\drugs.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\gambling-small-disable.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\gambling-small-selected.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\gambling.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\green-1.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\green-2.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\green-3.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\green-hover.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\green-selected.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\green.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\green1-16.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\green1-small.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\green2-16.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\green2-small.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\green3-16.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\green3-24.png
 
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\green3-small.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\grey-0.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\grey-3.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\grey-small.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\grey0-16.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\grey3-16.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\illegal-small-disable.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\illegal-small-selected.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\illegal.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\it-small-disable.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\it-small-selected.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\it.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\limet-hover.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\limet-selected.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\limet.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\line-dark-horizontal.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\line-light-horizontal.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\logo128.jpg
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\logo256.jpg
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\logo48.jpg
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\logo64.jpg
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\news-small-disable.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\news-small-selected.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\news.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\orange-hover.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\orange-selected.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\orange.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\orange1-16.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\orange2-16.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\orange3-16.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\pornography-small-disable.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\pornography-small-selected.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\pornography.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\red-1.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\red-2.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\red-3.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\red-hover.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\red-selected.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\red.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\red1-16.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\red1-small.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\red2-16.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\red2-small.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\red3-16.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\red3-small.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\shopping-small-disable.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\shopping-small-selected.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\shopping.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\social-small-disable.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\social-small-selected.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\social.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\violence-small-disable.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\violence-small-selected.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\violence.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\weapons-small-disable.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\weapons-small-selected.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\weapons.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\yellow-1.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\yellow-2.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\yellow-3.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\yellow-hover.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\yellow-selected.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\yellow.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\yellow1-16.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\yellow1-small.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\yellow2-16.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\yellow2-small.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\yellow3-16.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\yellow3-small.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\logo.jpg
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\vertical-line.jpg
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ar\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\bg\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ca\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\cs\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\da\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\de\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\el\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\en\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\es\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\fi\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\fil\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\fr\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\hi\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\hr\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\hu\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\id\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\it\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ja\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ko\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\lt\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\lv\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\nl\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\no\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\pl\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\pt_BR\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\pt_PT\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ro\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\ru\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\se\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\sk\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\sl\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\sr\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\th\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\tr\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\uk\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\vi\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\zh_CN\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\_locales\zh_TW\messages.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\128.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\24.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\48.png
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\manifest.json
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Favicons
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-05
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\History
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Last Session
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_icmlaeflemplmjndnaapfdbbnpncnbda_0.localstorage
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Top Sites
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Visited Links
c:\users\Me\AppData\Local\Google\Chrome\User Data\Default\Web Data
c:\users\Me\AppData\Local\Google\Chrome\User Data\First Run
c:\users\Me\AppData\Local\Google\Chrome\User Data\Local State
c:\users\Me\AppData\Roaming\Apefr
c:\users\Me\AppData\Roaming\Apefr\iviri.ukm
c:\users\Me\AppData\Roaming\Inkea
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Files Created from 2012-04-26 to 2012-05-26 )))))))))))))))))))))))))))))))
.
.
2012-05-26 12:30 . 2012-05-26 12:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-18 17:27 . 2012-05-18 17:27 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-18 17:27 . 2012-05-18 17:27 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-18 17:27 . 2012-05-18 17:27 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-16 09:27 . 2012-05-16 09:27 -------- d-----w- c:\program files (x86)\ESET
2012-05-15 12:40 . 2012-05-15 12:40 -------- d-----w- c:\users\Me\AppData\Roaming\Malwarebytes
2012-05-15 12:40 . 2012-05-15 12:40 -------- d-----w- c:\programdata\Malwarebytes
2012-05-15 12:40 . 2012-05-15 12:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-15 12:40 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-15 10:49 . 2012-05-15 10:49 -------- d-----w- c:\users\Me\AppData\Roaming\SUPERAntiSpyware.com
2012-05-15 10:49 . 2012-05-15 10:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-15 10:49 . 2012-05-15 10:49 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-15 10:23 . 2012-05-18 16:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-15 10:23 . 2012-05-15 10:23 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-05-15 09:20 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-05-15 09:20 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-05-15 09:20 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-05-15 09:20 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-05-15 09:20 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-15 09:20 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-15 09:20 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-05-15 09:19 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-05-15 09:19 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-05-15 09:19 . 2012-05-15 09:19 -------- d-----w- c:\programdata\AVAST Software
2012-05-15 09:19 . 2012-05-15 09:19 -------- d-----w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-26 12:05 . 2012-04-04 13:46 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-26 12:05 . 2012-03-18 17:23 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 11:23 . 2012-04-04 11:23 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-04-04 11:23 . 2012-04-04 11:23 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-04-04 11:23 . 2012-04-04 11:23 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-04-04 11:23 . 2012-04-04 11:23 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-04-04 11:23 . 2012-04-04 11:23 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-04-04 11:23 . 2012-04-04 11:23 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-04-04 11:23 . 2012-04-04 11:23 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-04-04 11:23 . 2012-04-04 11:23 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-04-04 11:23 . 2012-04-04 11:23 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-04-04 11:23 . 2012-04-04 11:23 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-04-04 11:23 . 2012-04-04 11:23 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-04-04 11:23 . 2012-04-04 11:23 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-04-04 11:23 . 2012-04-04 11:23 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-04-04 11:23 . 2012-04-04 11:23 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-04-04 11:23 . 2012-04-04 11:23 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-04-04 11:23 . 2012-04-04 11:23 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-04-04 11:23 . 2012-04-04 11:23 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-04-04 11:23 . 2012-04-04 11:23 448512 ----a-w- c:\windows\system32\html.iec
2012-04-04 11:23 . 2012-04-04 11:23 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-04-04 11:23 . 2012-04-04 11:23 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-04-04 11:23 . 2012-04-04 11:23 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-04-04 11:23 . 2012-04-04 11:23 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-04-04 11:23 . 2012-04-04 11:23 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-04-04 11:23 . 2012-04-04 11:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-04 11:23 . 2012-04-04 11:23 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-04-04 11:23 . 2012-04-04 11:23 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-04-04 11:23 . 2012-04-04 11:23 222208 ----a-w- c:\windows\system32\msls31.dll
2012-04-04 11:23 . 2012-04-04 11:23 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-04-04 11:23 . 2012-04-04 11:23 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-04-04 11:23 . 2012-04-04 11:23 160256 ----a-w- c:\windows\system32\wextract.exe
2012-04-04 11:23 . 2012-04-04 11:23 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-04-04 11:23 . 2012-04-04 11:23 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-04-04 11:23 . 2012-04-04 11:23 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-04-04 11:23 . 2012-04-04 11:23 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-04-04 11:23 . 2012-04-04 11:23 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-04-04 11:23 . 2012-04-04 11:23 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-04-04 11:23 . 2012-04-04 11:23 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-04-04 11:23 . 2012-04-04 11:23 12288 ----a-w- c:\windows\system32\mshta.exe
2012-04-04 11:23 . 2012-04-04 11:23 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-04-04 11:23 . 2012-04-04 11:23 114176 ----a-w- c:\windows\system32\admparse.dll
2012-04-04 11:23 . 2012-04-04 11:23 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-04-04 11:23 . 2012-04-04 11:23 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-04-04 11:21 . 2012-04-04 11:21 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-04-04 11:21 . 2012-04-04 11:21 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2012-04-04 11:21 . 2012-04-04 11:21 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-04-04 11:21 . 2012-04-04 11:21 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-04-04 11:21 . 2012-04-04 11:21 4068864 ----a-w- c:\windows\system32\mf.dll
2012-04-04 11:21 . 2012-04-04 11:21 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2012-04-04 11:21 . 2012-04-04 11:21 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-04-04 11:21 . 2012-04-04 11:21 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-04-04 11:21 . 2012-04-04 11:21 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-04-04 11:21 . 2012-04-04 11:21 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-04-04 11:21 . 2012-04-04 11:21 206848 ----a-w- c:\windows\system32\mfps.dll
2012-04-04 11:21 . 2012-04-04 11:21 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2012-04-04 11:21 . 2012-04-04 11:21 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-04-04 11:21 . 2012-04-04 11:21 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-04-04 11:21 . 2012-04-04 11:21 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2012-04-04 11:21 . 2012-04-04 11:21 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2012-04-04 11:21 . 2012-04-04 11:21 144384 ----a-w- c:\windows\system32\cdd.dll
2012-04-04 11:21 . 2012-04-04 11:21 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2012-04-04 11:21 . 2012-04-04 11:21 1133568 ----a-w- c:\windows\system32\FntCache.dll
2012-03-20 02:51 . 2012-04-03 10:31 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{646AC93D-FABE-4C88-AFC9-327C1C998A12}\mpengine.dll
2012-03-17 12:05 . 2012-03-17 12:06 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-16_09.04.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-26 12:31 . 2012-05-26 12:31 11799 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-05-16 09:01 . 2012-05-16 09:01 11799 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2009-07-14 04:54 . 2012-05-26 12:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-16 09:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-16 09:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-26 12:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-26 12:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-16 09:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-05-26 12:06 37706 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-02-16 13:11 . 2012-05-10 22:09 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-16 13:11 . 2012-05-16 12:11 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-16 13:11 . 2012-05-16 12:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-16 13:11 . 2012-05-10 22:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-16 12:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-10 22:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:46 . 2012-04-06 13:19 82368 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2012-05-19 09:12 82368 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-01-03 08:45 . 2012-01-03 08:45 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\ViewerPS.dll
+ 2012-01-03 21:51 . 2012-01-03 21:51 37296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\reader_sl.exe
+ 2012-01-03 08:44 . 2012-01-03 08:44 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\PDFPrevHndlr.dll
+ 2012-01-03 21:15 . 2012-01-03 21:15 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\eula.exe
+ 2012-01-03 20:52 . 2012-01-03 20:52 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\acrotextextractor.exe
+ 2012-01-03 07:19 . 2012-01-03 07:19 16824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRd32Info.exe
+ 2012-01-03 07:16 . 2012-01-03 07:16 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\acroiehelpershim.dll
+ 2012-01-03 07:16 . 2012-01-03 07:16 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroIEHelper.dll
+ 2012-03-05 14:30 . 2012-05-26 12:06 5996 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1720574590-3732189336-2306953407-1000_UserData.bin
+ 2012-05-26 12:32 . 2012-05-26 12:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-16 09:02 . 2012-05-16 09:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-16 09:02 . 2012-05-16 09:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-26 12:32 . 2012-05-26 12:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-26 12:05 . 2012-05-26 12:05 351904 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
+ 2012-04-04 13:46 . 2012-05-26 12:05 257696 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-03-06 00:05 . 2012-05-26 07:43 233210 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2012-03-05 18:12 . 2012-05-26 11:51 213404 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-05-26 11:53 620086 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-16 08:28 620086 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-16 08:28 107978 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-05-26 11:53 107978 c:\windows\system32\perfc009.dat
+ 2012-05-26 12:05 . 2012-05-26 12:05 630944 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_Plugin.exe
- 2009-07-14 05:01 . 2012-05-16 09:01 273868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-26 12:31 273868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-05 21:19 . 2012-05-26 12:31 274636 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1720574590-3732189336-2306953407-1000-8192.dat
- 2012-03-05 21:19 . 2012-05-16 09:01 274636 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1720574590-3732189336-2306953407-1000-8192.dat
+ 2012-04-09 19:22 . 2012-05-26 12:03 522908 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1720574590-3732189336-2306953407-1000-4096.dat
- 2012-04-09 19:22 . 2012-05-16 09:01 522908 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1720574590-3732189336-2306953407-1000-4096.dat
+ 2012-01-03 07:23 . 2012-01-03 07:23 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\pdfshell.dll
+ 2012-01-03 07:22 . 2012-01-03 07:22 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\nppdf32.dll
+ 2012-01-03 08:43 . 2012-01-03 08:43 550360 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AdobeCollabSync.exe
+ 2012-01-03 07:40 . 2012-01-03 07:40 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRdIF.dll
+ 2012-01-03 21:50 . 2012-01-03 21:50 357808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRd32.exe
+ 2012-01-03 07:16 . 2012-01-03 07:16 665008 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroPDF.dll
+ 2012-01-03 08:38 . 2012-01-03 08:38 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\acrobroker.exe
+ 2012-01-03 08:08 . 2012-01-03 08:08 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\a3dutility.exe
+ 2012-05-26 12:05 . 2012-05-26 12:05 8797856 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
- 2009-07-14 04:45 . 2012-04-04 13:46 3860045 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-05-16 09:05 3860045 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-03-27 15:47 . 2012-03-27 15:47 4959232 c:\windows\Installer\2b2da.msp
+ 2012-01-04 07:05 . 2012-01-04 07:05 3979776 c:\windows\Installer\2b249.msi
+ 2012-01-03 07:18 . 2012-01-03 07:18 2405784 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\rt3d.dll
+ 2011-11-17 15:50 . 2011-11-17 15:50 6543872 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\authplay.dll
+ 2012-05-26 12:05 . 2012-05-26 12:05 11590304 c:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll
+ 2012-01-03 21:15 . 2012-01-03 21:15 20559288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-01 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-24 102400]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-14 50472]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Conime"="c:\windows\system32\conime.exe" [BU]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-05-21 165184]
.
c:\users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-18 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Advent AIO Network Discovery Service;Advent AIO Network Discovery Service;c:\program files (x86)\Advent\AIO\Center\ADAIOHostService.exe [2011-10-14 361904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-05-21 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-05-21 673088]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
.
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-15 10918504]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"ADAiO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\ADAiO2MUI.exe" [2010-10-18 2779136]
"combofix"="c:\combofix\CF9111.3XE" [2009-07-14 344576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Me\AppData\Roaming\Mozilla\Firefox\Profiles\w02wtz2o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Google Chrome - c:\program files (x86)\Google\Chrome\Application\19.0.1084.52\Installer\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2012-05-26 13:49:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-26 12:48
ComboFix2.txt 2012-05-16 09:21
.
Pre-Run: 246,955,307,008 bytes free
Post-Run: 246,400,622,592 bytes free
.
- - End Of File - - 5F83142B8399E03A6853A98F0B161E42
 
The Chrome deletions in Combofix show to be related to Google Chrome Portable. This is described as a "web browser that runs web pages and applications with lightning speed, designed to be simple and stylish. It is packaged as a portable app so you can take your browser experience with you." More HERE.

According to the descriptions, an online installer that will download additional files during setup> c:\program files (x86)\Google\Chrome\Application\19.0.1084.46\Installer\setup.exe

I removed a Google entry in the script. Apparently it contained the Chrome browser> this is why there are so many Chome deletions. However, it looks like Chrome may have been burned from a Torrent site and it was what contained the previous entries I mentioned . If you want to use Chrome in the future, please download it from the home site. Do a Custom install and don't include anything in it you don't need/want/use.
===================================================
Looks like you ran Combofix a few years ago and didn't properly remove it:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF9111.3XE" [2009-07-14 344576]
.
Click to expand...
===================================================
The system is clean. You can go ahead with the following:

Remove all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
    [o] Click START> then RUN
    [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  • Download OTCleanIt by OldTimer and save it to your Desktop.
    [o] Double click OTCleanIt.exe.
    [o] Click the CleanUp! button.
    [o] If you are prompted to Reboot during the cleanup, select Yes.
    [o]The tool will delete itself once it finishes.
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
  • Set a new, clean Restore Point
    [o] Click on Start> right click on Computer> Properties
    [o] Select System Protection
    [o] Click on the Create button (near bottom)
    [o] Type a name for the Restore Point
    [o] Click on Create again to save the restore point.
  • Deleting all but the most recent System Protection point in Windows 7
    [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
    [o] Click Disk Cleanup from there.
    image2.png

    [o] Click Clean up system files
    This restarts Disk Cleanup to run in elevated mode.
    [o] Click the More Options tab
    w7-srp2.png

    [o] Click the Clean up under System Restore and Shadow Copies.
    [o] Click OK.
    [o] You will get a confirmation screen> Just click Delete.
    [o] Click OK on the Disk Cleanup Screen.
    [o] Click Delete Files on the Confirmation screen.
image6.png

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
Images courtesy lytebyte.

Empty the Recycle Bin
 
Done, thank you.

Chrome came bundled with the Avast download, so not sure why it looks like a torrent/appears problematic. I don't use it unless FF is playing up anyway so am happy to ignore it.

I bought the computer refurbished from Dell in March, so no idea what the old combofix files were used for.

Thank you for your help with this, I appreciate the time you have put in to helping.
 
Are you sure Chrome came bundled with Avast? This is the first I've heard of that. Was it pre-checked on the download screen? Did you do a Custom Install instead of Standard?

And it's interesting that Dell is shipping out refurbished systems with Combofix on them! This is the second or third notice I've had of that. If Dell thinks it's necessary to go through Combofix on the machines, they should not be shipping them out with it still on!

Glad to help- stay safe!
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
784
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back