Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

tdss bootkit


  • This topic is locked This topic is locked
24 replies to this topic

#1 History Fox

History Fox

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 15 May 2012 - 10:19 PM

I am running 64-bit Windows 7.
MBAM detected the Happili virus which it removed.
I suspect I have been infected with the TDSS bootkit.
I have run various tools to try to detect/remove this but have not succeeded.

Edited by hamluis, 20 May 2012 - 01:29 PM.
Moved from Am I Infected to Malware Removal Logs, per request - Hamluis.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:36 AM

Posted 16 May 2012 - 01:16 AM

Hi!

MBAM detected the Happili virus which it removed.

Can you please post this log file?

Grab Malwarebytes' Anti-Malware Log-File

  • Open Malwarebytes' Anti-Malware
  • Select the Logs tab
  • Click on the latest log. The bottom most log is the latest
  • Click Open
  • Notepad will open. Please post this log in your next reply.


----

I have run various tools to try to detect/remove this but have not succeeded.

What tools have you run already? Can you post the log files from these tools you ran?

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 History Fox

History Fox
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 19 May 2012 - 10:57 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.16.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Stephen :: TOSHIBA-LAPTOP [administrator]

5/15/2012 9:48:21 PM
mbam-log-2012-05-15 (21-48-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198266
Time elapsed: 2 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Stephen\AppData\Local\Temp\0.9904746521074973 (Trojan.Happili) -> Quarantined and deleted successfully.

(end)

#4 History Fox

History Fox
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 19 May 2012 - 11:00 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-15 19:46:43
-----------------------------
19:46:43.088 OS Version: Windows x64 6.1.7601 Service Pack 1
19:46:43.088 Number of processors: 4 586 0x2A07
19:46:43.098 ComputerName: TOSHIBA-LAPTOP UserName: Stephen
19:46:44.808 Initialize success
19:46:45.798 AVAST engine defs: 12051501
19:46:56.613 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:46:56.613 Disk 0 Vendor: TOSHIBA_ GT00 Size: 476940MB BusType: 3
19:46:56.633 Disk 0 MBR read successfully
19:46:56.643 Disk 0 MBR scan
19:46:56.643 Disk 0 Windows VISTA default MBR code
19:46:56.653 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:46:56.673 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 461442 MB offset 3074048
19:46:56.703 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 13997 MB offset 948107264
19:46:56.743 Disk 0 scanning C:\windows\system32\drivers
19:47:06.731 Service scanning
19:47:32.979 Modules scanning
19:47:32.989 Disk 0 trace - called modules:
19:47:33.059 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:47:33.069 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80068fa060]
19:47:33.079 3 CLASSPNP.SYS[fffff880017cd43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800569c050]
19:47:33.851 AVAST engine scan C:\
20:48:15.572 Scan finished successfully
20:49:59.476 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
20:49:59.486 The log file has been saved successfully to "C:\aswMBR.txt"


11:03:02.0766 5276 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
11:03:02.0980 5276 ============================================================
11:03:02.0980 5276 Current date / time: 2012/05/15 11:03:02.0980
11:03:02.0980 5276 SystemInfo:
11:03:02.0980 5276
11:03:02.0980 5276 OS Version: 6.1.7601 ServicePack: 1.0
11:03:02.0980 5276 Product type: Workstation
11:03:02.0981 5276 ComputerName: TOSHIBA-LAPTOP
11:03:02.0981 5276 UserName: Stephen
11:03:02.0981 5276 Windows directory: C:\windows
11:03:02.0981 5276 System windows directory: C:\windows
11:03:02.0981 5276 Running under WOW64
11:03:02.0981 5276 Processor architecture: Intel x64
11:03:02.0981 5276 Number of processors: 4
11:03:02.0981 5276 Page size: 0x1000
11:03:02.0981 5276 Boot type: Normal boot
11:03:02.0981 5276 ============================================================
11:03:03.0682 5276 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:03:03.0692 5276 Drive \Device\Harddisk1\DR16 - Size: 0x3C800000 (0.95 Gb), SectorSize: 0x800, Cylinders: 0x1E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:03:03.0704 5276 ============================================================
11:03:03.0704 5276 \Device\Harddisk0\DR0:
11:03:03.0704 5276 MBR partitions:
11:03:03.0704 5276 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38541000
11:03:03.0704 5276 \Device\Harddisk1\DR16:
11:03:03.0710 5276 MBR partitions:
11:03:03.0710 5276 ============================================================
11:03:03.0735 5276 C: <-> \Device\Harddisk0\DR0\Partition0
11:03:03.0735 5276 ============================================================
11:03:03.0735 5276 Initialize success
11:03:03.0735 5276 ============================================================
11:03:09.0678 6376 ============================================================
11:03:09.0678 6376 Scan started
11:03:09.0678 6376 Mode: Manual;
11:03:09.0678 6376 ============================================================
11:03:16.0640 6376 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
11:03:16.0654 6376 1394ohci - ok
11:03:16.0709 6376 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
11:03:16.0715 6376 ACPI - ok
11:03:16.0738 6376 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
11:03:16.0752 6376 AcpiPmi - ok
11:03:16.0827 6376 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:03:16.0847 6376 AdobeARMservice - ok
11:03:16.0985 6376 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:03:16.0990 6376 AdobeFlashPlayerUpdateSvc - ok
11:03:17.0073 6376 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
11:03:17.0083 6376 adp94xx - ok
11:03:17.0162 6376 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
11:03:17.0169 6376 adpahci - ok
11:03:17.0209 6376 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
11:03:17.0214 6376 adpu320 - ok
11:03:17.0250 6376 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
11:03:17.0253 6376 AeLookupSvc - ok
11:03:17.0298 6376 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
11:03:17.0304 6376 AFD - ok
11:03:17.0347 6376 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
11:03:17.0349 6376 agp440 - ok
11:03:17.0380 6376 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
11:03:17.0383 6376 ALG - ok
11:03:17.0406 6376 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
11:03:17.0407 6376 aliide - ok
11:03:17.0413 6376 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
11:03:17.0415 6376 amdide - ok
11:03:17.0454 6376 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
11:03:17.0456 6376 AmdK8 - ok
11:03:17.0473 6376 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
11:03:17.0475 6376 AmdPPM - ok
11:03:17.0498 6376 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
11:03:17.0500 6376 amdsata - ok
11:03:17.0525 6376 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
11:03:17.0535 6376 amdsbs - ok
11:03:17.0551 6376 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
11:03:17.0562 6376 amdxata - ok
11:03:17.0575 6376 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
11:03:17.0577 6376 AppID - ok
11:03:17.0607 6376 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
11:03:17.0609 6376 AppIDSvc - ok
11:03:17.0614 6376 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
11:03:17.0615 6376 Appinfo - ok
11:03:17.0631 6376 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
11:03:17.0633 6376 arc - ok
11:03:17.0656 6376 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
11:03:17.0658 6376 arcsas - ok
11:03:17.0686 6376 ASPI32 - ok
11:03:17.0721 6376 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\windows\system32\drivers\aswFsBlk.sys
11:03:17.0724 6376 aswFsBlk - ok
11:03:17.0762 6376 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\windows\system32\drivers\aswMonFlt.sys
11:03:17.0765 6376 aswMonFlt - ok
11:03:17.0781 6376 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\windows\System32\Drivers\aswrdr2.sys
11:03:17.0783 6376 aswRdr - ok
11:03:17.0829 6376 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\windows\system32\drivers\aswSnx.sys
11:03:17.0839 6376 aswSnx - ok
11:03:17.0889 6376 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\windows\system32\drivers\aswSP.sys
11:03:17.0894 6376 aswSP - ok
11:03:17.0908 6376 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\windows\system32\drivers\aswTdi.sys
11:03:17.0910 6376 aswTdi - ok
11:03:17.0936 6376 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
11:03:17.0937 6376 AsyncMac - ok
11:03:17.0963 6376 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
11:03:17.0964 6376 atapi - ok
11:03:18.0036 6376 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
11:03:18.0045 6376 AudioEndpointBuilder - ok
11:03:18.0053 6376 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
11:03:18.0060 6376 AudioSrv - ok
11:03:18.0133 6376 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:03:18.0135 6376 avast! Antivirus - ok
11:03:18.0178 6376 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
11:03:18.0182 6376 AxInstSV - ok
11:03:18.0242 6376 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
11:03:18.0252 6376 b06bdrv - ok
11:03:18.0293 6376 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
11:03:18.0297 6376 b57nd60a - ok
11:03:18.0349 6376 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
11:03:18.0351 6376 BDESVC - ok
11:03:18.0369 6376 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
11:03:18.0370 6376 Beep - ok
11:03:18.0427 6376 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
11:03:18.0435 6376 BFE - ok
11:03:18.0481 6376 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
11:03:18.0548 6376 BITS - ok
11:03:18.0599 6376 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
11:03:18.0601 6376 blbdrive - ok
11:03:18.0621 6376 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
11:03:18.0624 6376 bowser - ok
11:03:18.0647 6376 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
11:03:18.0649 6376 BrFiltLo - ok
11:03:18.0652 6376 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
11:03:18.0654 6376 BrFiltUp - ok
11:03:18.0700 6376 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
11:03:18.0703 6376 Browser - ok
11:03:18.0751 6376 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
11:03:18.0759 6376 Brserid - ok
11:03:18.0767 6376 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
11:03:18.0770 6376 BrSerWdm - ok
11:03:18.0775 6376 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
11:03:18.0777 6376 BrUsbMdm - ok
11:03:18.0781 6376 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
11:03:18.0782 6376 BrUsbSer - ok
11:03:18.0788 6376 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
11:03:18.0790 6376 BTHMODEM - ok
11:03:18.0818 6376 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
11:03:18.0820 6376 bthserv - ok
11:03:18.0847 6376 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
11:03:18.0850 6376 cdfs - ok
11:03:18.0873 6376 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
11:03:18.0876 6376 cdrom - ok
11:03:18.0918 6376 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
11:03:18.0920 6376 CertPropSvc - ok
11:03:18.0948 6376 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
11:03:18.0950 6376 circlass - ok
11:03:18.0983 6376 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
11:03:18.0987 6376 CLFS - ok
11:03:19.0057 6376 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:03:19.0062 6376 clr_optimization_v2.0.50727_32 - ok
11:03:19.0099 6376 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:03:19.0117 6376 clr_optimization_v2.0.50727_64 - ok
11:03:19.0181 6376 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:03:19.0194 6376 clr_optimization_v4.0.30319_32 - ok
11:03:19.0230 6376 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:03:19.0233 6376 clr_optimization_v4.0.30319_64 - ok
11:03:19.0274 6376 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
11:03:19.0276 6376 CmBatt - ok
11:03:19.0295 6376 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
11:03:19.0297 6376 cmdide - ok
11:03:19.0361 6376 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
11:03:19.0368 6376 CNG - ok
11:03:19.0470 6376 CnxtHdAudService (a260be645dd096d90318c8cf98536720) C:\windows\system32\drivers\CHDRT64.sys
11:03:19.0486 6376 CnxtHdAudService - ok
11:03:19.0607 6376 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
11:03:19.0609 6376 Compbatt - ok
11:03:19.0622 6376 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
11:03:19.0626 6376 CompositeBus - ok
11:03:19.0639 6376 COMSysApp - ok
11:03:19.0654 6376 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
11:03:19.0655 6376 crcdisk - ok
11:03:19.0696 6376 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
11:03:19.0699 6376 CryptSvc - ok
11:03:19.0818 6376 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
11:03:19.0828 6376 cvhsvc - ok
11:03:19.0894 6376 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
11:03:19.0907 6376 DcomLaunch - ok
11:03:19.0962 6376 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
11:03:19.0972 6376 defragsvc - ok
11:03:20.0022 6376 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
11:03:20.0024 6376 DfsC - ok
11:03:20.0073 6376 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
11:03:20.0078 6376 Dhcp - ok
11:03:20.0095 6376 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
11:03:20.0096 6376 discache - ok
11:03:20.0118 6376 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
11:03:20.0120 6376 Disk - ok
11:03:20.0137 6376 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
11:03:20.0141 6376 Dnscache - ok
11:03:20.0154 6376 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
11:03:20.0159 6376 dot3svc - ok
11:03:20.0168 6376 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
11:03:20.0172 6376 DPS - ok
11:03:20.0208 6376 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
11:03:20.0209 6376 drmkaud - ok
11:03:20.0252 6376 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
11:03:20.0263 6376 DXGKrnl - ok
11:03:20.0297 6376 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
11:03:20.0300 6376 EapHost - ok
11:03:20.0417 6376 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
11:03:20.0449 6376 ebdrv - ok
11:03:20.0549 6376 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
11:03:20.0556 6376 EFS - ok
11:03:20.0662 6376 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
11:03:20.0674 6376 ehRecvr - ok
11:03:20.0700 6376 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
11:03:20.0704 6376 ehSched - ok
11:03:20.0756 6376 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
11:03:20.0765 6376 elxstor - ok
11:03:20.0771 6376 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
11:03:20.0773 6376 ErrDev - ok
11:03:20.0820 6376 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
11:03:20.0825 6376 EventSystem - ok
11:03:20.0857 6376 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
11:03:20.0860 6376 exfat - ok
11:03:20.0896 6376 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
11:03:20.0900 6376 fastfat - ok
11:03:20.0988 6376 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
11:03:20.0999 6376 Fax - ok
11:03:21.0014 6376 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
11:03:21.0016 6376 fdc - ok
11:03:21.0049 6376 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
11:03:21.0052 6376 fdPHost - ok
11:03:21.0057 6376 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
11:03:21.0060 6376 FDResPub - ok
11:03:21.0093 6376 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
11:03:21.0095 6376 FileInfo - ok
11:03:21.0112 6376 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
11:03:21.0113 6376 Filetrace - ok
11:03:21.0204 6376 FirebirdGuardianDefaultInstance (3c8f3685a0ca5aa6ecd5f6da978a2635) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
11:03:21.0209 6376 FirebirdGuardianDefaultInstance - ok
11:03:21.0423 6376 FirebirdServerDefaultInstance (4e78fe2e0afb59399ad99fe96ef40645) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
11:03:21.0505 6376 FirebirdServerDefaultInstance - ok
11:03:21.0607 6376 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
11:03:21.0608 6376 flpydisk - ok
11:03:21.0630 6376 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
11:03:21.0634 6376 FltMgr - ok
11:03:21.0698 6376 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
11:03:21.0712 6376 FontCache - ok
11:03:21.0773 6376 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:03:21.0775 6376 FontCache3.0.0.0 - ok
11:03:21.0827 6376 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
11:03:21.0828 6376 FsDepends - ok
11:03:21.0860 6376 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
11:03:21.0861 6376 Fs_Rec - ok
11:03:21.0879 6376 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
11:03:21.0881 6376 fvevol - ok
11:03:21.0915 6376 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
11:03:21.0917 6376 FwLnk - ok
11:03:21.0939 6376 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
11:03:21.0941 6376 gagp30kx - ok
11:03:22.0011 6376 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
11:03:22.0019 6376 GamesAppService - ok
11:03:22.0092 6376 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
11:03:22.0104 6376 gpsvc - ok
11:03:22.0163 6376 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:03:22.0165 6376 gupdate - ok
11:03:22.0172 6376 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:03:22.0174 6376 gupdatem - ok
11:03:22.0224 6376 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:03:22.0228 6376 gusvc - ok
11:03:22.0261 6376 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
11:03:22.0262 6376 hcw85cir - ok
11:03:22.0301 6376 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
11:03:22.0305 6376 HdAudAddService - ok
11:03:22.0339 6376 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
11:03:22.0342 6376 HDAudBus - ok
11:03:22.0349 6376 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
11:03:22.0353 6376 HidBatt - ok
11:03:22.0367 6376 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
11:03:22.0371 6376 HidBth - ok
11:03:22.0391 6376 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
11:03:22.0392 6376 HidIr - ok
11:03:22.0411 6376 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
11:03:22.0413 6376 hidserv - ok
11:03:22.0449 6376 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
11:03:22.0450 6376 HidUsb - ok
11:03:22.0470 6376 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
11:03:22.0473 6376 hkmsvc - ok
11:03:22.0483 6376 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
11:03:22.0488 6376 HomeGroupListener - ok
11:03:22.0530 6376 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
11:03:22.0541 6376 HomeGroupProvider - ok
11:03:22.0568 6376 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
11:03:22.0570 6376 HpSAMD - ok
11:03:22.0646 6376 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
11:03:22.0671 6376 HTTP - ok
11:03:22.0685 6376 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
11:03:22.0686 6376 hwpolicy - ok
11:03:22.0707 6376 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
11:03:22.0711 6376 i8042prt - ok
11:03:22.0802 6376 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\windows\system32\DRIVERS\iaStor.sys
11:03:22.0810 6376 iaStor - ok
11:03:22.0858 6376 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
11:03:22.0864 6376 iaStorV - ok
11:03:22.0964 6376 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:03:22.0980 6376 idsvc - ok
11:03:23.0433 6376 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys
11:03:23.0698 6376 igfx - ok
11:03:23.0809 6376 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
11:03:23.0812 6376 iirsp - ok
11:03:23.0871 6376 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
11:03:23.0884 6376 IKEEXT - ok
11:03:23.0895 6376 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
11:03:23.0897 6376 intelide - ok
11:03:23.0922 6376 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
11:03:23.0923 6376 intelppm - ok
11:03:23.0959 6376 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
11:03:23.0964 6376 IPBusEnum - ok
11:03:24.0001 6376 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
11:03:24.0003 6376 IpFilterDriver - ok
11:03:24.0055 6376 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
11:03:24.0071 6376 iphlpsvc - ok
11:03:24.0089 6376 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
11:03:24.0090 6376 IPMIDRV - ok
11:03:24.0115 6376 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
11:03:24.0117 6376 IPNAT - ok
11:03:24.0138 6376 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
11:03:24.0139 6376 IRENUM - ok
11:03:24.0161 6376 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
11:03:24.0162 6376 isapnp - ok
11:03:24.0187 6376 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
11:03:24.0190 6376 iScsiPrt - ok
11:03:24.0196 6376 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
11:03:24.0198 6376 kbdclass - ok
11:03:24.0215 6376 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
11:03:24.0217 6376 kbdhid - ok
11:03:24.0249 6376 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:03:24.0251 6376 KeyIso - ok
11:03:24.0256 6376 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
11:03:24.0260 6376 KSecDD - ok
11:03:24.0290 6376 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
11:03:24.0293 6376 KSecPkg - ok
11:03:24.0319 6376 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
11:03:24.0321 6376 ksthunk - ok
11:03:24.0349 6376 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
11:03:24.0355 6376 KtmRm - ok
11:03:24.0407 6376 L1C (045fb70bc993b691517ce309045ff02d) C:\windows\system32\DRIVERS\L1C62x64.sys
11:03:24.0408 6376 L1C - ok
11:03:24.0453 6376 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
11:03:24.0468 6376 LanmanServer - ok
11:03:24.0502 6376 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
11:03:24.0508 6376 LanmanWorkstation - ok
11:03:24.0543 6376 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
11:03:24.0545 6376 lltdio - ok
11:03:24.0583 6376 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
11:03:24.0589 6376 lltdsvc - ok
11:03:24.0624 6376 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
11:03:24.0626 6376 lmhosts - ok
11:03:24.0709 6376 LMS (98b16e756243bea9410e32025b19c06f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
11:03:24.0716 6376 LMS - ok
11:03:24.0783 6376 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
11:03:24.0786 6376 LSI_FC - ok
11:03:24.0801 6376 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
11:03:24.0804 6376 LSI_SAS - ok
11:03:24.0811 6376 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
11:03:24.0813 6376 LSI_SAS2 - ok
11:03:24.0834 6376 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
11:03:24.0837 6376 LSI_SCSI - ok
11:03:24.0856 6376 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
11:03:24.0858 6376 luafv - ok
11:03:24.0915 6376 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
11:03:24.0918 6376 Mcx2Svc - ok
11:03:24.0949 6376 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
11:03:24.0951 6376 megasas - ok
11:03:24.0967 6376 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
11:03:24.0970 6376 MegaSR - ok
11:03:25.0013 6376 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
11:03:25.0014 6376 MEIx64 - ok
11:03:25.0054 6376 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
11:03:25.0057 6376 MMCSS - ok
11:03:25.0063 6376 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
11:03:25.0064 6376 Modem - ok
11:03:25.0099 6376 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
11:03:25.0100 6376 monitor - ok
11:03:25.0112 6376 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
11:03:25.0114 6376 mouclass - ok
11:03:25.0138 6376 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
11:03:25.0140 6376 mouhid - ok
11:03:25.0156 6376 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
11:03:25.0157 6376 mountmgr - ok
11:03:25.0178 6376 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
11:03:25.0181 6376 mpio - ok
11:03:25.0185 6376 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
11:03:25.0187 6376 mpsdrv - ok
11:03:25.0236 6376 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
11:03:25.0248 6376 MpsSvc - ok
11:03:25.0256 6376 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
11:03:25.0259 6376 MRxDAV - ok
11:03:25.0296 6376 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
11:03:25.0299 6376 mrxsmb - ok
11:03:25.0312 6376 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
11:03:25.0316 6376 mrxsmb10 - ok
11:03:25.0324 6376 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
11:03:25.0326 6376 mrxsmb20 - ok
11:03:25.0332 6376 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
11:03:25.0334 6376 msahci - ok
11:03:25.0352 6376 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
11:03:25.0354 6376 msdsm - ok
11:03:25.0385 6376 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
11:03:25.0389 6376 MSDTC - ok
11:03:25.0397 6376 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
11:03:25.0398 6376 Msfs - ok
11:03:25.0410 6376 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
11:03:25.0411 6376 mshidkmdf - ok
11:03:25.0421 6376 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
11:03:25.0422 6376 msisadrv - ok
11:03:25.0467 6376 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
11:03:25.0475 6376 MSiSCSI - ok
11:03:25.0481 6376 msiserver - ok
11:03:25.0514 6376 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
11:03:25.0516 6376 MSKSSRV - ok
11:03:25.0530 6376 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
11:03:25.0531 6376 MSPCLOCK - ok
11:03:25.0543 6376 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
11:03:25.0544 6376 MSPQM - ok
11:03:25.0576 6376 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
11:03:25.0581 6376 MsRPC - ok
11:03:25.0588 6376 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
11:03:25.0589 6376 mssmbios - ok
11:03:25.0603 6376 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
11:03:25.0604 6376 MSTEE - ok
11:03:25.0607 6376 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
11:03:25.0609 6376 MTConfig - ok
11:03:25.0615 6376 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
11:03:25.0617 6376 Mup - ok
11:03:25.0654 6376 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
11:03:25.0662 6376 napagent - ok
11:03:25.0718 6376 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
11:03:25.0722 6376 NativeWifiP - ok
11:03:25.0781 6376 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
11:03:25.0792 6376 NDIS - ok
11:03:25.0819 6376 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
11:03:25.0821 6376 NdisCap - ok
11:03:25.0844 6376 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
11:03:25.0846 6376 NdisTapi - ok
11:03:25.0866 6376 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
11:03:25.0868 6376 Ndisuio - ok
11:03:25.0877 6376 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
11:03:25.0880 6376 NdisWan - ok
11:03:25.0897 6376 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
11:03:25.0900 6376 NDProxy - ok
11:03:25.0904 6376 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
11:03:25.0906 6376 NetBIOS - ok
11:03:25.0928 6376 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
11:03:25.0936 6376 NetBT - ok
11:03:25.0960 6376 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:03:25.0963 6376 Netlogon - ok
11:03:26.0004 6376 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
11:03:26.0011 6376 Netman - ok
11:03:26.0029 6376 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
11:03:26.0036 6376 netprofm - ok
11:03:26.0102 6376 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:03:26.0105 6376 NetTcpPortSharing - ok
11:03:26.0136 6376 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
11:03:26.0139 6376 nfrd960 - ok
11:03:26.0221 6376 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
11:03:26.0233 6376 NlaSvc - ok
11:03:26.0285 6376 Norton PC Checkup Application Launcher - ok
11:03:26.0298 6376 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
11:03:26.0300 6376 Npfs - ok
11:03:26.0326 6376 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
11:03:26.0331 6376 nsi - ok
11:03:26.0344 6376 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
11:03:26.0346 6376 nsiproxy - ok
11:03:26.0425 6376 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
11:03:26.0463 6376 Ntfs - ok
11:03:26.0564 6376 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
11:03:26.0565 6376 Null - ok
11:03:26.0583 6376 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
11:03:26.0586 6376 nvraid - ok
11:03:26.0611 6376 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
11:03:26.0614 6376 nvstor - ok
11:03:26.0634 6376 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
11:03:26.0644 6376 nv_agp - ok
11:03:26.0670 6376 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
11:03:26.0672 6376 ohci1394 - ok
11:03:26.0776 6376 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:03:26.0781 6376 ose - ok
11:03:26.0981 6376 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:03:27.0084 6376 osppsvc - ok
11:03:27.0188 6376 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
11:03:27.0195 6376 p2pimsvc - ok
11:03:27.0225 6376 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
11:03:27.0234 6376 p2psvc - ok
11:03:27.0284 6376 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
11:03:27.0286 6376 Parport - ok
11:03:27.0317 6376 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
11:03:27.0319 6376 partmgr - ok
11:03:27.0358 6376 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
11:03:27.0363 6376 PcaSvc - ok
11:03:27.0437 6376 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
11:03:27.0441 6376 PCCUJobMgr - ok
11:03:27.0478 6376 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
11:03:27.0481 6376 pci - ok
11:03:27.0488 6376 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
11:03:27.0490 6376 pciide - ok
11:03:27.0511 6376 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
11:03:27.0516 6376 pcmcia - ok
11:03:27.0523 6376 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
11:03:27.0526 6376 pcw - ok
11:03:27.0566 6376 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
11:03:27.0573 6376 PEAUTH - ok
11:03:27.0642 6376 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
11:03:27.0656 6376 PerfHost - ok
11:03:27.0701 6376 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
11:03:27.0703 6376 PGEffect - ok
11:03:27.0820 6376 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
11:03:27.0854 6376 pla - ok
11:03:27.0901 6376 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
11:03:27.0909 6376 PlugPlay - ok
11:03:27.0941 6376 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
11:03:27.0945 6376 PNRPAutoReg - ok
11:03:27.0959 6376 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
11:03:27.0964 6376 PNRPsvc - ok
11:03:28.0015 6376 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
11:03:28.0021 6376 PolicyAgent - ok
11:03:28.0032 6376 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
11:03:28.0037 6376 Power - ok
11:03:28.0093 6376 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
11:03:28.0095 6376 PptpMiniport - ok
11:03:28.0114 6376 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
11:03:28.0116 6376 Processor - ok
11:03:28.0144 6376 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
11:03:28.0149 6376 ProfSvc - ok
11:03:28.0171 6376 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:03:28.0174 6376 ProtectedStorage - ok
11:03:28.0205 6376 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
11:03:28.0207 6376 Psched - ok
11:03:28.0281 6376 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
11:03:28.0298 6376 ql2300 - ok
11:03:28.0415 6376 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
11:03:28.0420 6376 ql40xx - ok
11:03:28.0467 6376 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
11:03:28.0474 6376 QWAVE - ok
11:03:28.0488 6376 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
11:03:28.0490 6376 QWAVEdrv - ok
11:03:28.0494 6376 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
11:03:28.0495 6376 RasAcd - ok
11:03:28.0531 6376 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
11:03:28.0533 6376 RasAgileVpn - ok
11:03:28.0547 6376 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
11:03:28.0553 6376 RasAuto - ok
11:03:28.0561 6376 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
11:03:28.0564 6376 Rasl2tp - ok
11:03:28.0597 6376 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
11:03:28.0605 6376 RasMan - ok
11:03:28.0625 6376 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
11:03:28.0628 6376 RasPppoe - ok
11:03:28.0658 6376 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
11:03:28.0660 6376 RasSstp - ok
11:03:28.0674 6376 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
11:03:28.0677 6376 rdbss - ok
11:03:28.0719 6376 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
11:03:28.0721 6376 rdpbus - ok
11:03:28.0749 6376 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
11:03:28.0751 6376 RDPCDD - ok
11:03:28.0767 6376 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
11:03:28.0768 6376 RDPENCDD - ok
11:03:28.0781 6376 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
11:03:28.0782 6376 RDPREFMP - ok
11:03:28.0809 6376 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
11:03:28.0812 6376 RDPWD - ok
11:03:28.0848 6376 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
11:03:28.0851 6376 rdyboost - ok
11:03:28.0879 6376 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
11:03:28.0883 6376 RemoteAccess - ok
11:03:28.0918 6376 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
11:03:28.0923 6376 RemoteRegistry - ok
11:03:28.0929 6376 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
11:03:28.0933 6376 RpcEptMapper - ok
11:03:28.0964 6376 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
11:03:28.0967 6376 RpcLocator - ok
11:03:28.0994 6376 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
11:03:29.0000 6376 RpcSs - ok
11:03:29.0034 6376 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
11:03:29.0037 6376 rspndr - ok
11:03:29.0091 6376 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys
11:03:29.0094 6376 RSUSBSTOR - ok
11:03:29.0138 6376 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
11:03:29.0149 6376 RTL8192Ce - ok
11:03:29.0171 6376 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:03:29.0174 6376 SamSs - ok
11:03:29.0201 6376 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
11:03:29.0204 6376 sbp2port - ok
11:03:29.0233 6376 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
11:03:29.0240 6376 SCardSvr - ok
11:03:29.0256 6376 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
11:03:29.0258 6376 scfilter - ok
11:03:29.0305 6376 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
11:03:29.0326 6376 Schedule - ok
11:03:29.0353 6376 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
11:03:29.0355 6376 SCPolicySvc - ok
11:03:29.0385 6376 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
11:03:29.0390 6376 SDRSVC - ok
11:03:29.0446 6376 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
11:03:29.0449 6376 secdrv - ok
11:03:29.0473 6376 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
11:03:29.0478 6376 seclogon - ok
11:03:29.0495 6376 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
11:03:29.0499 6376 SENS - ok
11:03:29.0517 6376 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
11:03:29.0521 6376 SensrSvc - ok
11:03:29.0540 6376 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
11:03:29.0542 6376 Serenum - ok
11:03:29.0580 6376 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
11:03:29.0583 6376 Serial - ok
11:03:29.0593 6376 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
11:03:29.0594 6376 sermouse - ok
11:03:29.0618 6376 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
11:03:29.0622 6376 SessionEnv - ok
11:03:29.0626 6376 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
11:03:29.0627 6376 sffdisk - ok
11:03:29.0630 6376 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
11:03:29.0631 6376 sffp_mmc - ok
11:03:29.0634 6376 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
11:03:29.0636 6376 sffp_sd - ok
11:03:29.0640 6376 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
11:03:29.0641 6376 sfloppy - ok
11:03:29.0722 6376 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
11:03:29.0738 6376 Sftfs - ok
11:03:29.0831 6376 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
11:03:29.0842 6376 sftlist - ok
11:03:29.0873 6376 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
11:03:29.0878 6376 Sftplay - ok
11:03:29.0893 6376 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
11:03:29.0895 6376 Sftredir - ok
11:03:29.0917 6376 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
11:03:29.0918 6376 Sftvol - ok
11:03:29.0947 6376 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
11:03:29.0950 6376 sftvsa - ok
11:03:29.0982 6376 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
11:03:29.0988 6376 SharedAccess - ok
11:03:30.0025 6376 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
11:03:30.0033 6376 ShellHWDetection - ok
11:03:30.0057 6376 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
11:03:30.0059 6376 SiSRaid2 - ok
11:03:30.0082 6376 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
11:03:30.0084 6376 SiSRaid4 - ok
11:03:30.0097 6376 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
11:03:30.0099 6376 Smb - ok
11:03:30.0135 6376 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
11:03:30.0139 6376 SNMPTRAP - ok
11:03:30.0157 6376 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
11:03:30.0159 6376 spldr - ok
11:03:30.0189 6376 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
11:03:30.0197 6376 Spooler - ok
11:03:30.0325 6376 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
11:03:30.0372 6376 sppsvc - ok
11:03:30.0461 6376 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
11:03:30.0475 6376 sppuinotify - ok
11:03:30.0542 6376 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
11:03:30.0549 6376 srv - ok
11:03:30.0569 6376 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
11:03:30.0574 6376 srv2 - ok
11:03:30.0584 6376 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
11:03:30.0587 6376 srvnet - ok
11:03:30.0633 6376 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
11:03:30.0638 6376 SSDPSRV - ok
11:03:30.0646 6376 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
11:03:30.0651 6376 SstpSvc - ok
11:03:30.0667 6376 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
11:03:30.0668 6376 stexstor - ok
11:03:30.0735 6376 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
11:03:30.0752 6376 stisvc - ok
11:03:30.0786 6376 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
11:03:30.0787 6376 swenum - ok
11:03:30.0821 6376 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
11:03:30.0829 6376 swprv - ok
11:03:30.0875 6376 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
11:03:30.0880 6376 SynTP - ok
11:03:30.0943 6376 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
11:03:30.0964 6376 SysMain - ok
11:03:31.0038 6376 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
11:03:31.0055 6376 TabletInputService - ok
11:03:31.0094 6376 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
11:03:31.0101 6376 TapiSrv - ok
11:03:31.0112 6376 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
11:03:31.0117 6376 TBS - ok
11:03:31.0227 6376 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
11:03:31.0255 6376 Tcpip - ok
11:03:31.0444 6376 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
11:03:31.0463 6376 TCPIP6 - ok
11:03:31.0576 6376 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
11:03:31.0578 6376 tcpipreg - ok
11:03:31.0620 6376 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
11:03:31.0622 6376 tdcmdpst - ok
11:03:31.0642 6376 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
11:03:31.0644 6376 TDPIPE - ok
11:03:31.0675 6376 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
11:03:31.0677 6376 TDTCP - ok
11:03:31.0715 6376 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
11:03:31.0717 6376 tdx - ok
11:03:31.0721 6376 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
11:03:31.0723 6376 TermDD - ok
11:03:31.0769 6376 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
11:03:31.0780 6376 TermService - ok
11:03:31.0784 6376 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
11:03:31.0789 6376 Themes - ok
11:03:31.0810 6376 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
11:03:31.0813 6376 THREADORDER - ok
11:03:31.0903 6376 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
11:03:31.0922 6376 TMachInfo - ok
11:03:31.0959 6376 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
11:03:31.0966 6376 TODDSrv - ok
11:03:32.0072 6376 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
11:03:32.0081 6376 TosCoSrv - ok
11:03:32.0131 6376 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
11:03:32.0148 6376 TOSHIBA HDD SSD Alert Service - ok
11:03:32.0215 6376 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
11:03:32.0223 6376 tos_sps64 - ok
11:03:32.0264 6376 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
11:03:32.0272 6376 TrkWks - ok
11:03:32.0323 6376 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
11:03:32.0327 6376 TrustedInstaller - ok
11:03:32.0359 6376 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
11:03:32.0362 6376 tssecsrv - ok
11:03:32.0393 6376 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
11:03:32.0396 6376 TsUsbFlt - ok
11:03:32.0402 6376 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
11:03:32.0404 6376 TsUsbGD - ok
11:03:32.0441 6376 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
11:03:32.0445 6376 tunnel - ok
11:03:32.0487 6376 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
11:03:32.0490 6376 TVALZ - ok
11:03:32.0504 6376 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
11:03:32.0507 6376 uagp35 - ok
11:03:32.0546 6376 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
11:03:32.0551 6376 udfs - ok
11:03:32.0576 6376 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
11:03:32.0581 6376 UI0Detect - ok
11:03:32.0608 6376 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
11:03:32.0610 6376 uliagpkx - ok
11:03:32.0628 6376 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
11:03:32.0647 6376 umbus - ok
11:03:32.0650 6376 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
11:03:32.0651 6376 UmPass - ok
11:03:32.0906 6376 UNS (7a78ed1088890114dfde2c4ab038d6b6) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
11:03:32.0950 6376 UNS - ok
11:03:33.0053 6376 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
11:03:33.0060 6376 upnphost - ok
11:03:33.0108 6376 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
11:03:33.0111 6376 usbccgp - ok
11:03:33.0151 6376 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
11:03:33.0155 6376 usbcir - ok
11:03:33.0165 6376 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
11:03:33.0168 6376 usbehci - ok
11:03:33.0182 6376 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
11:03:33.0187 6376 usbhub - ok
11:03:33.0198 6376 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
11:03:33.0199 6376 usbohci - ok
11:03:33.0208 6376 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
11:03:33.0209 6376 usbprint - ok
11:03:33.0242 6376 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
11:03:33.0244 6376 usbscan - ok
11:03:33.0274 6376 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
11:03:33.0276 6376 USBSTOR - ok
11:03:33.0281 6376 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
11:03:33.0283 6376 usbuhci - ok
11:03:33.0293 6376 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
11:03:33.0296 6376 usbvideo - ok
11:03:33.0328 6376 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
11:03:33.0332 6376 UxSms - ok
11:03:33.0361 6376 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:03:33.0363 6376 VaultSvc - ok
11:03:33.0377 6376 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
11:03:33.0378 6376 vdrvroot - ok
11:03:33.0406 6376 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
11:03:33.0429 6376 vds - ok
11:03:33.0452 6376 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
11:03:33.0454 6376 vga - ok
11:03:33.0476 6376 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
11:03:33.0477 6376 VgaSave - ok
11:03:33.0489 6376 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
11:03:33.0492 6376 vhdmp - ok
11:03:33.0496 6376 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
11:03:33.0498 6376 viaide - ok
11:03:33.0504 6376 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
11:03:33.0506 6376 volmgr - ok
11:03:33.0523 6376 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
11:03:33.0527 6376 volmgrx - ok
11:03:33.0548 6376 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
11:03:33.0552 6376 volsnap - ok
11:03:33.0575 6376 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
11:03:33.0577 6376 vsmraid - ok
11:03:33.0649 6376 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
11:03:33.0667 6376 VSS - ok
11:03:33.0779 6376 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
11:03:33.0781 6376 vwifibus - ok
11:03:33.0788 6376 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
11:03:33.0790 6376 vwififlt - ok
11:03:33.0844 6376 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
11:03:33.0853 6376 W32Time - ok
11:03:33.0874 6376 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
11:03:33.0875 6376 WacomPen - ok
11:03:33.0916 6376 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
11:03:33.0919 6376 WANARP - ok
11:03:33.0921 6376 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
11:03:33.0922 6376 Wanarpv6 - ok
11:03:33.0997 6376 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
11:03:34.0011 6376 WatAdminSvc - ok
11:03:34.0079 6376 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
11:03:34.0096 6376 wbengine - ok
11:03:34.0178 6376 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
11:03:34.0189 6376 WbioSrvc - ok
11:03:34.0217 6376 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
11:03:34.0238 6376 wcncsvc - ok
11:03:34.0242 6376 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
11:03:34.0246 6376 WcsPlugInService - ok
11:03:34.0282 6376 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
11:03:34.0283 6376 Wd - ok
11:03:34.0307 6376 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
11:03:34.0314 6376 Wdf01000 - ok
11:03:34.0337 6376 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
11:03:34.0342 6376 WdiServiceHost - ok
11:03:34.0345 6376 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
11:03:34.0349 6376 WdiSystemHost - ok
11:03:34.0365 6376 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
11:03:34.0371 6376 WebClient - ok
11:03:34.0393 6376 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
11:03:34.0399 6376 Wecsvc - ok
11:03:34.0415 6376 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
11:03:34.0420 6376 wercplsupport - ok
11:03:34.0453 6376 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
11:03:34.0457 6376 WerSvc - ok
11:03:34.0502 6376 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
11:03:34.0505 6376 WfpLwf - ok
11:03:34.0521 6376 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
11:03:34.0523 6376 WIMMount - ok
11:03:34.0554 6376 WinDefend - ok
11:03:34.0606 6376 WinDriver6 (4de7d61cf51f4c8261d119cfbdb70243) C:\windows\system32\drivers\windrvr6.sys
11:03:34.0611 6376 WinDriver6 - ok
11:03:34.0614 6376 WinHttpAutoProxySvc - ok
11:03:34.0682 6376 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
11:03:34.0686 6376 Winmgmt - ok
11:03:34.0827 6376 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
11:03:34.0856 6376 WinRM - ok
11:03:34.0988 6376 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
11:03:35.0003 6376 Wlansvc - ok
11:03:35.0097 6376 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:03:35.0101 6376 wlcrasvc - ok
11:03:35.0221 6376 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:03:35.0247 6376 wlidsvc - ok
11:03:35.0355 6376 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
11:03:35.0358 6376 WmiAcpi - ok
11:03:35.0423 6376 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
11:03:35.0427 6376 wmiApSrv - ok
11:03:35.0488 6376 WMPNetworkSvc - ok
11:03:35.0515 6376 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
11:03:35.0522 6376 WPCSvc - ok
11:03:35.0543 6376 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
11:03:35.0548 6376 WPDBusEnum - ok
11:03:35.0570 6376 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
11:03:35.0571 6376 ws2ifsl - ok
11:03:35.0585 6376 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
11:03:35.0590 6376 wscsvc - ok
11:03:35.0593 6376 WSearch - ok
11:03:35.0680 6376 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
11:03:35.0716 6376 wuauserv - ok
11:03:35.0829 6376 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
11:03:35.0834 6376 WudfPf - ok
11:03:35.0877 6376 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
11:03:35.0882 6376 WUDFRd - ok
11:03:35.0910 6376 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
11:03:35.0915 6376 wudfsvc - ok
11:03:35.0939 6376 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
11:03:35.0946 6376 WwanSvc - ok
11:03:35.0973 6376 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
11:03:36.0028 6376 \Device\Harddisk0\DR0 - ok
11:03:36.0061 6376 MBR (0x1B8) (2837f044dafc97d585dddd1255741ce1) \Device\Harddisk1\DR16
11:04:35.0728 6376 \Device\Harddisk1\DR16 - ok
11:04:35.0774 6376 Boot (0x1200) (c850957124eb4978656b07254d63cb2a) \Device\Harddisk0\DR0\Partition0
11:04:35.0776 6376 \Device\Harddisk0\DR0\Partition0 - ok
11:04:35.0781 6376 ============================================================
11:04:35.0781 6376 Scan finished
11:04:35.0781 6376 ============================================================
11:04:35.0800 1892 Detected object count: 0
11:04:35.0800 1892 Actual detected object count: 0
11:05:28.0394 7872 Deinitialize success

#5 History Fox

History Fox
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 19 May 2012 - 11:03 PM

ComboFix 12-05-15.04 - Stephen 05/15/2012 22:26:45.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2600 [GMT -5:00]
Running from: c:\users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P38MED3I\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Stephen\AppData\Local\Google\Adobe\qwwqms.dll
c:\users\Stephen\AppData\Local\Temp\{5B4DAE97-AA99-4918-8C20-35C23E349CC8}\fpb.tmp
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-04-16 to 2012-05-16 )))))))))))))))))))))))))))))))
.
.
2012-05-16 02:47 . 2012-05-16 02:47 -------- d-----w- c:\users\Stephen\AppData\Roaming\Malwarebytes
2012-05-16 02:47 . 2012-05-16 02:47 -------- d-----w- c:\programdata\Malwarebytes
2012-05-16 02:47 . 2012-05-16 02:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-16 02:47 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-15 16:37 . 2012-05-15 16:38 -------- d-----w- c:\users\Stephen\AppData\Roaming\Apple Computer
2012-05-15 16:37 . 2012-05-15 16:37 -------- d-----w- c:\users\Stephen\AppData\Local\Apple Computer
2012-05-15 16:36 . 2009-05-18 18:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-15 16:36 . 2008-04-17 17:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-05-15 16:34 . 2012-05-15 16:35 -------- d-----w- c:\programdata\Apple
2012-05-08 18:58 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-08 18:58 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-08 18:58 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-08 18:58 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-08 18:58 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-08 18:58 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-08 18:57 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-08 18:57 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-08 18:57 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-08 18:57 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 18:57 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 18:57 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-08 18:57 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-04-30 02:44 . 2012-04-30 02:44 -------- d-----w- c:\program files (x86)\FamilySearch
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 03:09 . 2012-04-09 13:14 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 03:09 . 2011-10-31 02:34 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 03:09 . 2012-04-09 16:37 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 03:14 . 2012-04-04 03:14 254464 ----a-w- c:\windows\system32\drivers\windrvr6.sys
2012-03-31 13:26 . 2012-03-31 13:26 0 ----a-w- c:\windows\SysWow64\shoED35.tmp
2012-03-30 03:47 . 2011-03-29 01:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-06 23:15 . 2012-03-30 04:02 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2012-03-30 04:02 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2012-03-30 04:03 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2012-03-30 04:03 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2012-03-30 04:03 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-03-30 04:03 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2012-03-30 04:03 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2012-03-30 04:03 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2012-03-30 04:03 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-01 06:46 . 2012-04-13 13:10 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-13 13:10 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-13 13:10 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-13 13:09 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-13 13:10 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-13 13:10 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-13 13:09 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-13 13:12 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-13 13:12 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-13 13:12 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-13 13:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-13 13:12 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-13 13:12 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-13 13:12 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-13 13:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-17 06:38 . 2012-03-30 03:49 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-30 03:49 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-30 03:49 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-30 03:49 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microtek Scanner Finder.lnk - c:\program files (x86)\Microtek\ScanWizard 5\ScannerFinder.exe [2012-4-15 339968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-06 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-06 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbguard.exe [2011-10-03 155136]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbserver.exe [2011-10-03 5683712]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 03:09]
.
2012-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-06 02:55]
.
2012-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-06 02:55]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Adobe - c:\users\Stephen\AppData\Local\Google\Adobe\qwwqms.dll
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-05-15 22:36:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-16 03:36
.
Pre-Run: 444,534,468,608 bytes free
Post-Run: 444,396,429,312 bytes free
.
- - End Of File - - AA4E7F2B6B5565DC4B3BA9F5CA0B8729

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:36 AM

Posted 20 May 2012 - 10:46 AM

Hi!

Thanks for posting those logs.

I'm going to have this thread moved over to the Malware forum.

-------
My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

Lets run this scan with OTL and see what it shows me:

Re-Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • In the Posted Image box Copy & Paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL.txt & Extras.txt log files.
3. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 History Fox

History Fox
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 20 May 2012 - 11:07 PM

1. It is my hope you might give me information as we proceed, rather than telling to run programs and asking for results. I am a computer programmer though OS virus detection/removal is not my forte.
2A. The OTL log:
OTL logfile created on: 5/20/2012 10:12:45 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Stephen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 43.63% Memory free
7.90 Gb Paging File | 4.86 Gb Available in Paging File | 61.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.63 Gb Total Space | 412.72 Gb Free Space | 91.59% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-LAPTOP | User Name: Stephen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/20 22:11:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Stephen\Desktop\OTL.exe
PRC - [2012/03/06 18:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/19 10:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
PRC - [2011/07/19 10:48:25 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
PRC - [2011/02/01 16:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 16:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2007/01/12 13:40:36 | 000,339,968 | ---- | M] () -- C:\Program Files (x86)\Microtek\ScanWizard 5\ScannerFinder.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
MOD - [2007/01/12 13:40:36 | 000,339,968 | ---- | M] () -- C:\Program Files (x86)\Microtek\ScanWizard 5\ScannerFinder.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/10/03 09:13:30 | 000,155,136 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV:64bit: - [2011/10/03 09:13:20 | 005,683,712 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV:64bit: - [2011/06/09 23:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/05/17 17:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/10/20 17:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/04 22:09:09 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/07/19 10:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/19 10:48:25 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/07/11 20:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/01 16:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/02/01 16:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/03 22:14:16 | 000,254,464 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\windrvr6.sys -- (WinDriver6)
DRV:64bit: - [2012/03/06 18:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/06 18:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/06 18:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/06 18:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/06 18:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/06 18:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/04/04 23:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 20:01:40 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/02/09 14:29:08 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/02/08 22:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/01/05 04:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/06 02:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/08 14:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 12:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/24 18:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1506568692-2943476899-4171867825-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1506568692-2943476899-4171867825-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1506568692-2943476899-4171867825-1001\..\SearchScopes,DefaultScope = {EC2456F9-49B2-4360-A76D-E6B34F33788F}
IE - HKU\S-1-5-21-1506568692-2943476899-4171867825-1001\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
IE - HKU\S-1-5-21-1506568692-2943476899-4171867825-1001\..\SearchScopes\{EC2456F9-49B2-4360-A76D-E6B34F33788F}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7TSNO_enUS477
IE - HKU\S-1-5-21-1506568692-2943476899-4171867825-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1506568692-2943476899-4171867825-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2012/04/01 22:24:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephen\AppData\Roaming\Mozilla\Extensions
[2012/04/01 22:24:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephen\AppData\Roaming\Mozilla\SeaMonkey\Profiles\aiqcg0zl.default\extensions
[2012/04/01 22:24:26 | 000,416,643 | ---- | M] () (No name found) -- C:\USERS\STEPHEN\APPDATA\ROAMING\MOZILLA\SEAMONKEY\PROFILES\AIQCG0ZL.DEFAULT\EXTENSIONS\{59C81DF5-4B7A-477B-912D-4E0FDF64E5F2}.XPI
[2012/04/01 22:24:26 | 000,258,373 | ---- | M] () (No name found) -- C:\USERS\STEPHEN\APPDATA\ROAMING\MOZILLA\SEAMONKEY\PROFILES\AIQCG0ZL.DEFAULT\EXTENSIONS\{F13B157F-B174-47E7-A34D-4815DDFDFEB8}.XPI
[2012/04/01 22:24:26 | 000,338,292 | ---- | M] () (No name found) -- C:\USERS\STEPHEN\APPDATA\ROAMING\MOZILLA\SEAMONKEY\PROFILES\AIQCG0ZL.DEFAULT\EXTENSIONS\INSPECTOR@MOZILLA.ORG.XPI

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: avast! WebRep = C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\

O1 HOSTS File: ([2012/05/15 22:32:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1506568692-2943476899-4171867825-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1506568692-2943476899-4171867825-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1506568692-2943476899-4171867825-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCC0339A-3B08-4C98-9C37-D7C292B2E9CE}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig:64bit - State: "bootini" - Reg Error: Key error.

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{DDC88C71-D52A-4CBE-9387-CC2A96B5C129} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)


========== Files/Folders - Created Within 30 Days ==========

[2012/05/20 22:10:38 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Stephen\Desktop\OTL.exe
[2012/05/16 08:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/16 08:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/16 08:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/16 08:11:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/16 08:07:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2012/05/15 22:42:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/15 22:31:08 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/05/15 22:27:57 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Local\Microsoft Games
[2012/05/15 22:26:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/05/15 22:26:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/05/15 22:26:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/05/15 22:25:57 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/05/15 22:25:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/15 21:47:55 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Roaming\Malwarebytes
[2012/05/15 21:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/15 21:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/15 21:47:48 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/05/15 21:47:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/15 19:05:51 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/05/15 11:37:04 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Roaming\Apple Computer
[2012/05/15 11:37:04 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Local\Apple Computer
[2012/05/15 11:36:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/05/15 11:36:44 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\GEARAspi64.dll
[2012/05/15 11:36:44 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysWow64\GEARAspi.dll
[2012/05/15 11:36:44 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2012/05/15 11:36:42 | 000,000,000 | ---D | C] -- C:\windows\SysNative\DRVSTORE
[2012/05/15 11:36:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/15 11:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/05/15 11:36:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/05/15 11:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/05/15 11:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/05/15 11:35:25 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Local\Apple
[2012/05/15 11:35:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/05/15 11:35:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/05/15 11:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/05/15 11:34:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/05/15 11:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/05/15 11:34:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/05/08 13:58:14 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2012/05/08 13:58:12 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/05/08 13:58:11 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/05/08 13:58:11 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/04/29 21:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FamilySearch
[2012/04/29 21:44:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FamilySearch
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/20 22:11:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Stephen\Desktop\OTL.exe
[2012/05/20 22:09:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/05/20 22:04:51 | 000,727,182 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/05/20 22:04:51 | 000,624,622 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/05/20 22:04:51 | 000,106,708 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/05/20 22:03:20 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/20 22:03:18 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/19 22:54:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/18 09:03:08 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/18 09:03:08 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/15 22:42:07 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/15 22:32:41 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/05/15 21:47:50 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/15 20:49:59 | 000,000,512 | ---- | M] () -- C:\MBR.dat
[2012/05/15 11:36:53 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/09 10:46:28 | 000,275,056 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/05/04 22:09:09 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/05/04 22:09:09 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/04 22:09:05 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/15 22:26:01 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/05/15 22:26:01 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/05/15 22:26:01 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/05/15 22:26:01 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/05/15 22:26:01 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/05/15 21:47:50 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/15 20:49:59 | 000,000,512 | ---- | C] () -- C:\MBR.dat
[2012/05/15 11:36:53 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/15 11:35:23 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/04/15 14:54:29 | 000,007,680 | ---- | C] () -- C:\windows\SysWow64\drivers\Onsreged.sys
[2012/04/15 14:54:28 | 000,285,216 | ---- | C] () -- C:\windows\SysWow64\drivers\Onsio.sys
[2012/03/29 23:48:30 | 000,731,106 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/02/05 21:34:42 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2011/04/04 23:07:00 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/04/04 23:06:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/04/04 23:06:58 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

< %SYSTEMDRIVE%\*.exe >

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: TDX.SYS >
[2010/11/20 22:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\ERDNT\cache64\tdx.sys
[2010/11/20 22:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\windows\SysNative\drivers\tdx.sys
[2010/11/20 22:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2010/11/20 22:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 22:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2011/02/25 01:28:30 | 000,296,320 | ---- | M] (Microsoft Corporation) MD5=879CE6AEA3FE874AD4C500B6B6198EB0 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.21668_none_74344b472bf715e9\volsnap.sys
[2011/02/25 01:25:38 | 000,296,320 | ---- | M] (Microsoft Corporation) MD5=DF8126BD41180351A093A3AD2FC8903B -- C:\windows\SysNative\drivers\volsnap.sys
[2011/02/25 01:25:38 | 000,296,320 | ---- | M] (Microsoft Corporation) MD5=DF8126BD41180351A093A3AD2FC8903B -- C:\windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_e7c4cd5b40e03494\volsnap.sys
[2011/02/25 01:25:38 | 000,296,320 | ---- | M] (Microsoft Corporation) MD5=DF8126BD41180351A093A3AD2FC8903B -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17567_none_73a9ae3212da5cc8\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/08 22:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/08 22:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/08 22:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/05/08 22:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/10/30 21:13:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/10/30 21:13:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/10/30 21:13:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/10/30 21:13:57 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/10/30 21:13:57 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/05/08 22:04:54 | 001,240,048 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/05/08 22:04:54 | 001,240,048 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/05/08 22:04:54 | 001,240,048 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/05/08 22:04:54 | 001,240,048 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/10/30 21:13:57 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/10/30 21:13:57 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/10/30 21:13:57 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/10/30 21:13:57 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2011/10/30 21:13:57 | 000,748,336 | ---- | M] (Microsoft Corporation)

< End of report >

2B. The Extras log:
OTL Extras logfile created on: 5/20/2012 10:12:45 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Stephen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 43.63% Memory free
7.90 Gb Paging File | 4.86 Gb Available in Paging File | 61.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.63 Gb Total Space | 412.72 Gb Free Space | 91.59% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-LAPTOP | User Name: Stephen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{054E7229-5199-44F5-9F4F-7A0726360B55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{099152E5-2829-422C-8D96-C3E5A4DBB4A8}" = lport=139 | protocol=6 | dir=in | app=system |
"{09B218BA-3A64-48FA-A99A-187E5352F39C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0BE37D06-DB1F-4AB3-A79F-F12C5B550352}" = rport=139 | protocol=6 | dir=out | app=system |
"{0DE36297-A165-4A8D-B19C-D249EA9012C7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{13A28283-9C63-4FED-8941-01D531CBACC3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1453E2CE-F2A0-4004-B4CA-90D33AA773F3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1D25D7F2-E20C-43ED-B909-DCDE91FB1661}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1FEEFA4A-AC84-446A-913F-8C65F140D0E2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2C68A4D1-C161-4C63-B2D7-562536F326BB}" = rport=445 | protocol=6 | dir=out | app=system |
"{312EE507-04C8-4E38-A9B8-114F7AB2CAD1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{43A3B3DC-3EEA-4FD5-988D-98F666D1C73F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4FDEED79-AECB-4DD2-9428-A7CE08C5504A}" = lport=137 | protocol=17 | dir=in | app=system |
"{523FB7E4-A075-4A8D-B8A9-F059604894ED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{62D8BC75-7177-4836-BEFC-EDFF9644CE10}" = lport=445 | protocol=6 | dir=in | app=system |
"{70DCA9DA-8058-417F-87CB-4074F590CCF6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{772FD506-7BC9-4482-8F59-B87D98A4B293}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7783BE57-3BC9-4696-9D50-01B7BC92D0DA}" = rport=137 | protocol=17 | dir=out | app=system |
"{9BC47B09-3112-4520-967F-D77B5DC288AE}" = lport=138 | protocol=17 | dir=in | app=system |
"{A3C37A32-B5F3-4620-8986-AC6391E6A4BE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AE405B66-6C18-47FB-A4B9-8099B529A976}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AEA10DE2-08BA-4CC9-9985-3CCD3FB7C0E7}" = rport=138 | protocol=17 | dir=out | app=system |
"{E18CDE28-F89F-4E15-8384-4270FCB4C56D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04D53D1B-EBD7-42DF-AAFA-5A60A421BDCA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1178495D-C796-41C3-97C0-B4C6C7FB3A8C}" = protocol=6 | dir=out | app=system |
"{14D198C4-6E7B-49F5-8EFA-A989978929ED}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1AFBC06E-1B02-4AC7-9BC1-0DDDEEF543C8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{41E29BFC-B326-48C1-9E0D-EA4A839FDA3B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{498C2B35-75E0-4A40-BA9B-926005CBC158}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4B486B61-9779-4370-8DAF-B67CDD07E517}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{638A325C-3894-4D72-B033-4575B0260679}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{65A07077-DF2B-4109-A5BC-EF9B073ACD8C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{65E01026-C660-4D95-B769-9B242D6F3CD9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{68F21E87-929C-441E-85BC-FDD5BDE2DD05}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{6AC74B7B-70A2-4A97-8992-FAF732711A36}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{84941543-0F2E-406F-AF58-1D1B42A8CA6B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{8BC358BF-0720-4558-A8EA-9A4C419FF263}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8F39F45C-5970-47D0-9867-039710DD39F5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{944DAC09-9B8E-48CB-89F8-10E4ECC34803}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A7B84D82-81B7-414C-A426-A6A8418999CA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{AEF02960-F9B8-4147-B28B-1F82B8DBA5E2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B79B76BD-7B8E-484C-BBB8-903E3D605334}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C23DE4E2-3E3E-45C0-9EA6-34C4C42F6CF2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D0335EAA-85B0-4ED3-8EAA-409B19E3A703}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D1D5ECA9-52B7-4C2B-A997-D4B757F79D76}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DA9A394C-AFCE-4C77-B400-1B93ED07C170}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E21CD6EA-96AA-417B-8B62-85D53B83485E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E253675D-9940-44B7-9DE7-C5BB5D25F9FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E42F7B2A-88E5-49AB-91FF-EB0B0412BFA2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FBC9A678-7D49-4D93-B1C9-CA6E515507E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FE48E0CA-9AE2-4F63-A86A-CC5012A50533}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CNXT_AUDIO_HDA" = Conexant HD Audio
"FBDBServer_2_5_x64_is1" = Firebird 2.5.1.26351 (x64)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0AF17224-CF88-40B8-BB1A-D179369847B4}" = TOSHIBA Supervisor Password
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3339A31C-8C35-4303-ABD2-966B4D12724C}" = AnyName 2.1
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}" = TOSHIBA Hardware Setup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBFC96E5-4409-426E-88B7-650ADB342E78}" = MSI to redistribute MS VS2005 CRT libraries
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"avast" = avast! Free Antivirus
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WTA-22014f32-85f6-4e1e-aed3-cd297d51aa6d" = Plants vs. Zombies - Game of the Year
"WTA-244324b2-fb60-4af4-95e7-f14fd59fcd6f" = Bejeweled 3
"WTA-3668cf97-89ce-478d-95f7-89d934cf1c1d" = Letters from Nowhere 2
"WTA-37666ae9-4fd4-459c-ac56-aa0cd4897ee3" = Tales of Lagoona
"WTA-5e7ee009-4dc7-4f52-8266-71e82f877758" = FATE - The Traitor Soul
"WTA-670ceade-34e3-47af-86c8-ac18e8dcc51d" = Zuma's Revenge
"WTA-69a50131-f41c-4e29-ac11-067dd8683af8" = Penguins!
"WTA-959676df-fb4b-4342-ada2-8054fcb28972" = RollerCoaster Tycoon 3: Platinum
"WTA-dce2d023-2f4a-4be0-9218-84811fedb10b" = Polar Bowler

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/28/2012 11:05:08 PM | Computer Name = Toshiba-Laptop | Source = Toshiba App Place | ID = 0
Description =

Error - 4/29/2012 7:50:28 AM | Computer Name = Toshiba-Laptop | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


Error - 4/29/2012 11:05:09 PM | Computer Name = Toshiba-Laptop | Source = Toshiba App Place | ID = 0
Description =

Error - 4/30/2012 9:59:54 PM | Computer Name = Toshiba-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: WINWORDC.EXE, version: 14.0.6024.1000,
time stamp: 0x4d83e4eb Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x006c0344 Faulting process id:
0x438 Faulting application start time: 0x01cd273e016f61d2 Faulting application path:
Q:\140066.enu\Office14\WINWORDC.EXE Faulting module path: unknown Report Id: 57ed256e-9331-11e1-befa-00266c05416c

Error - 4/30/2012 11:05:14 PM | Computer Name = Toshiba-Laptop | Source = Toshiba App Place | ID = 0
Description =

Error - 5/1/2012 10:25:56 AM | Computer Name = Toshiba-Laptop | Source = Toshiba App Place | ID = 0
Description =

Error - 5/1/2012 10:27:03 AM | Computer Name = Toshiba-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 5/1/2012 10:38:45 AM | Computer Name = Toshiba-Laptop | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: HTTP status 503: The service is temporarily overloaded.

Error - 5/1/2012 1:36:58 PM | Computer Name = Toshiba-Laptop | Source = Toshiba App Place | ID = 0
Description =

Error - 5/1/2012 1:38:15 PM | Computer Name = Toshiba-Laptop | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 5/2/2012 7:42:30 AM | Computer Name = Toshiba-Laptop | Source = DCOM | ID = 10010
Description =

Error - 5/3/2012 9:36:08 AM | Computer Name = Toshiba-Laptop | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description = A new BITS job could not be created. The current job count for the
user Toshiba-Laptop\Stephen (60) is equal to or greater than the job limit (60)
specified through group policy. To correct the problem, complete or cancel the
BITS jobs that haven't made progress by looking at the error, and restart the BITS
service. If this error recurs, contact your system administrator and increate the
per-user and per-computer Group Policy job limits.

Error - 5/3/2012 11:07:45 PM | Computer Name = Toshiba-Laptop | Source = Service Control Manager | ID = 7000
Description = The ASPI32 service failed to start due to the following error: %%2

Error - 5/4/2012 9:10:19 AM | Computer Name = Toshiba-Laptop | Source = DCOM | ID = 10010
Description =

Error - 5/5/2012 12:13:05 AM | Computer Name = Toshiba-Laptop | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 5/5/2012 8:43:26 AM | Computer Name = Toshiba-Laptop | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR4.

Error - 5/8/2012 2:44:48 PM | Computer Name = Toshiba-Laptop | Source = DCOM | ID = 10005
Description =

Error - 5/9/2012 11:46:40 AM | Computer Name = Toshiba-Laptop | Source = Service Control Manager | ID = 7000
Description = The ASPI32 service failed to start due to the following error: %%2

Error - 5/10/2012 5:03:55 PM | Computer Name = Toshiba-Laptop | Source = Service Control Manager | ID = 7031
Description = The Google Software Updater service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 900000 milliseconds:
Restart the service.

Error - 5/10/2012 5:04:25 PM | Computer Name = Toshiba-Laptop | Source = DCOM | ID = 10010
Description =


< End of report >

3. My computer runs well. It is generally 97/99% idle. IE sometimes crashes when logging on/off Facebook, which might not be virus related. IE often crashes when downloading software. Chrome searches have been redirected when I click on search results. (This re-occurred early tonight but I cannot duplicate it right now.)

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:36 AM

Posted 21 May 2012 - 07:49 AM

Hi History Fox!

I can definitely try to do my best to give you as much insight into what we are doing as I can. :)

What we're doing with OTL is trying to give me a better idea of what exactly is going on with your computer.

Chrome searches have been redirected when I click on search results. (This re-occurred early tonight but I cannot duplicate it right now.)

Has this occurred since your last post?

Below we are going to upload a file to VirusTotal to see if it's malicious followed by running an OTL script.

VirusTotal File Scan
Please go to: VirusTotal
  • Posted Image
  • Click the Choose File button and search for the following file: C:\USERS\STEPHEN\APPDATA\ROAMING\MOZILLA\SEAMONKEY\PROFILES\AIQCG0ZL.DEFAULT\EXTENSIONS\{F13B157F-B174-47E7-A34D-4815DDFDFEB8}.XPI
  • Click Open
  • Then click Send File
If it says already scanned -- click "reanalyze now"

  • Please be patient while the file is scanned.
  • Once the scan results appear, please click on the Compact button.
  • A new window should appear with a bunch of tabs at the top. Please click on the BBCode tab.
  • Copy and Paste the contents of the text in the BBCode into your next reply for me to review.

Please repeat the above process for the following file below:

C:\USERS\STEPHEN\APPDATA\ROAMING\MOZILLA\SEAMONKEY\PROFILES\AIQCG0ZL.DEFAULT\EXTENSIONS\{59C81DF5-4B7A-477B-912D-4E0FDF64E5F2}.XPI

Please post the results in your next reply


NEXT:



OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    
    :Reg
    
    :Files
    dir /s /a "c:\users\Stephen\AppData\Local\Google\Adobe" /c
    netsh advfirewall reset /c
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    c:\users\Stephen\AppData\Local\Google\Adobe
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. Results of VirusTotal scans. (the links to the scan results is fine as well)
3. OTL Fix log.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 History Fox

History Fox
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 21 May 2012 - 10:35 PM

Sweet Tech,

1. I am able to reproduce the Chrome search redirection issue.

2. VirusTotal may have changed their website. I did not find a Compact button.

https://www.virustotal.com/file/b38d6e6c493fd10da210480f2bb4a903c60844bbbff846ed44962fc2316cba48/analysis/
https://www.virustotal.com/file/bb426487ab2d0ad01e011b2ae6fa6162eaa4b8c1d9e6658204b9fb2aa21503e8/analysis/

3. OTL Log follows:

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== REGISTRY ==========
========== FILES ==========
< dir /s /a "c:\users\Stephen\AppData\Local\Google\Adobe" /c >
Volume in drive C is TI106321W0B
Volume Serial Number is C881-A29C
Directory of c:\users\Stephen\AppData\Local\Google\Adobe
05/15/2012 10:30 PM <DIR> .
05/15/2012 10:30 PM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 442,856,722,432 bytes free
C:\Users\Stephen\Desktop\cmd.bat deleted successfully.
C:\Users\Stephen\Desktop\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Stephen\Desktop\cmd.bat deleted successfully.
C:\Users\Stephen\Desktop\cmd.txt deleted successfully.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\windows\system32\drivers\etc\hosts
C:\Users\Stephen\Desktop\cmd.bat deleted successfully.
C:\Users\Stephen\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Stephen\Desktop\cmd.bat deleted successfully.
C:\Users\Stephen\Desktop\cmd.txt deleted successfully.
c:\users\Stephen\AppData\Local\Google\Adobe folder moved successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Stephen
->Temp folder emptied: 11757500 bytes
->Temporary Internet Files folder emptied: 586918332 bytes
->Java cache emptied: 190913 bytes
->Google Chrome cache emptied: 95287076 bytes
->Flash cache emptied: 81186 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2843402 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50467 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 665.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Stephen
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Stephen
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.43.1 log created on 05212012_221351

Files\Folders moved on Reboot...
C:\Users\Stephen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z3649KS3\if[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z3649KS3\xd_arbiter[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VL3R508M\analysis[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VL3R508M\dg_specificclick_net[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VL3R508M\index[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VL3R508M\like[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UTM22FAM\fastbuttonCA8SNL25.htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UTM22FAM\fastbuttonCAQ5NXPZ.htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UTM22FAM\fastbutton[10].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UTM22FAM\fastbutton[11].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UTM22FAM\fastbutton[8].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UTM22FAM\fastbutton[9].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UTM22FAM\like[3].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNF0RE6P\freq[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNF0RE6P\like[6].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNF0RE6P\like[7].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNF0RE6P\sh088[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPJROIDV\B6169428[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPJROIDV\index.83dbd00c856daa90d03cb2dbb8b81715[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QSWPWEBQ\ab[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QSWPWEBQ\afr[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QSWPWEBQ\cypress[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O3BHTQ1K\fastbuttonCAHY0TZ6.htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O3BHTQ1K\fastbuttonCAS3DSQW.htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O3BHTQ1K\getSegment[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O3BHTQ1K\like[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O3BHTQ1K\like[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M90QCYLD\ab[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M90QCYLD\like[10].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M90QCYLD\like[9].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M90QCYLD\points[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DMH35JMI\iframe!t=1209![1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9DXVUO19\epx[1].gif moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9DXVUO19\PlanManager[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9DXVUO19\xd_arbiter[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YVM2OMU\ddc[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YVM2OMU\dppix[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YVM2OMU\Pug[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YVM2OMU\Pug[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YVM2OMU\Pug[3].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YVM2OMU\syncuppixels[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8YVM2OMU\usersync[1].gif moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62THCQXH\20066-150936-30501-0[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62THCQXH\aT0xMTEscz0xNjB4NjAwLG49aWZyYW1lLGI9MA==[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62THCQXH\index[3].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62THCQXH\index[4].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\06O8VL8S\AdDisplayTrackerServlet[1].htm moved successfully.
File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

4. Chrome search redirections are still occurring.

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:36 AM

Posted 22 May 2012 - 02:06 AM

Hi History Fox!

Yes, it does look like VirusTotal has updated their site, I need to update my instructions for it.

1. I am able to reproduce the Chrome search redirection issue.

Okay.

We'll be running a Custom Scan with OTL right now to try and locate where exactly these redirects maybe coming from.

OTL Custom Scan

We need to create a new OTL Report
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Click on the NONE button at the top.
  • In the Posted Image box Copy & Paste the following:
    netsvcs
    "%WinDir%\$NtUninstallKB*$." /45
    C:\Program Files\Common Files\ComObjects\*.* /s
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    %LOCALAPPDATA%\{*}. /s
    %AppData%\{*}. /s
    %USERPROFILE%\AppData\LocalLow\{*}. /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • One report will open, copy and paste it in a reply here:
  • OTL.txt <-- Will be opened

Please post the above log file in your next reply.

Edited by SweetTech, 22 May 2012 - 02:09 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 History Fox

History Fox
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 22 May 2012 - 10:12 PM

Hi, Sweet Tech!

Here is the result:

OTL logfile created on: 5/22/2012 10:05:36 PM - Run 2
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Stephen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 47.22% Memory free
7.90 Gb Paging File | 5.48 Gb Available in Paging File | 69.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.63 Gb Total Space | 412.55 Gb Free Space | 91.55% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-LAPTOP | User Name: Stephen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days


========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /45 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2012/05/21 21:47:12 | 000,187,328 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists
[2012/05/22 19:11:52 | 000,000,004 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
[2012/04/01 23:23:28 | 000,441,089 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\en-US-2-1.bdic
[2012/03/31 22:23:19 | 000,000,000 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\First Run
[2012/05/22 19:11:52 | 000,011,952 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Local State
[2012/05/22 19:01:11 | 007,284,552 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom
[2012/05/22 19:01:12 | 002,144,943 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Filter 2
[2012/05/19 22:29:07 | 000,006,144 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies
[2012/05/19 22:29:07 | 000,001,544 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal
[2012/05/22 19:01:12 | 000,134,356 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Safe Browsing Csd Whitelist
[2012/05/22 19:01:09 | 001,610,780 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Safe Browsing Download
[2012/05/22 19:01:12 | 000,014,696 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Safe Browsing Download Whitelist
[2012/05/09 22:11:42 | 000,000,055 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Service State
[2012/03/31 22:23:20 | 000,053,248 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Archived History
[2012/03/31 22:23:20 | 000,008,431 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
[2012/03/31 22:23:20 | 000,008,431 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
[2012/05/22 19:11:47 | 000,129,024 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies
[2012/05/22 19:11:47 | 000,016,384 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
[2012/05/22 19:11:52 | 001,109,778 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Current Session
[2012/05/22 19:11:52 | 000,546,829 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
[2012/05/22 19:11:51 | 000,247,808 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Favicons
[2012/05/22 19:11:51 | 000,016,384 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
[2012/05/22 19:11:51 | 000,479,232 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\History
[2012/04/01 23:24:09 | 000,036,864 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-04
[2012/05/22 19:11:51 | 003,174,400 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-05
[2012/05/22 19:11:51 | 000,016,384 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-05-journal
[2012/05/22 19:11:52 | 000,173,444 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
[2012/05/22 19:11:51 | 000,016,384 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\History-journal
[2012/05/21 22:21:20 | 000,000,486 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Last Session
[2012/05/21 22:20:28 | 000,000,008 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
[2012/05/09 22:11:42 | 000,012,288 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Login Data
[2012/05/22 19:02:26 | 000,137,216 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
[2012/05/22 19:02:26 | 000,016,384 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal
[2012/05/22 19:11:52 | 000,047,592 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Preferences
[2012/05/19 22:29:57 | 000,000,180 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\README
[2012/05/22 19:02:26 | 000,020,480 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
[2012/05/22 19:02:26 | 000,012,824 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal
[2012/05/22 19:02:28 | 000,229,376 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Top Sites
[2012/05/22 19:02:28 | 000,016,384 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
[2012/05/21 22:56:02 | 000,000,279 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
[2012/05/22 19:11:52 | 000,131,072 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Visited Links
[2012/05/21 22:31:36 | 000,081,920 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Web Data
[2012/05/21 22:31:36 | 000,012,848 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
[2012/05/22 19:11:52 | 000,155,648 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
[2012/05/22 19:11:52 | 003,153,920 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
[2012/05/22 19:11:52 | 003,153,920 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
[2012/05/22 19:11:52 | 016,785,408 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
[2012/05/21 22:31:39 | 000,143,842 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000002
[2012/05/21 22:31:39 | 000,028,693 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000003
[2012/05/21 22:31:44 | 000,023,191 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000004
[2012/05/21 22:31:45 | 000,046,863 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000005
[2012/05/21 22:31:49 | 000,019,741 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000006
[2012/05/21 22:32:49 | 000,039,957 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000007
[2012/05/21 22:32:49 | 000,038,006 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000008
[2012/05/21 22:32:57 | 000,093,868 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000009
[2012/05/21 22:33:05 | 000,018,060 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000b
[2012/05/21 22:33:05 | 000,031,626 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
[2012/05/21 22:33:05 | 000,028,051 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
[2012/05/21 22:33:06 | 000,024,299 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
[2012/05/21 22:40:59 | 000,043,133 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
[2012/05/21 22:41:00 | 000,016,519 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
[2012/05/21 22:41:00 | 000,028,330 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011
[2012/05/21 22:41:00 | 000,056,662 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012
[2012/05/21 22:41:27 | 000,024,605 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000013
[2012/05/21 22:41:28 | 000,039,451 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000014
[2012/05/21 22:41:33 | 000,056,462 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000015
[2012/05/21 22:41:42 | 000,056,269 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000016
[2012/05/21 22:41:43 | 000,163,800 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000017
[2012/05/21 22:42:14 | 000,098,103 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000018
[2012/05/21 22:43:04 | 000,031,471 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001a
[2012/05/21 22:43:10 | 000,022,497 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001b
[2012/05/21 22:43:10 | 000,045,718 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001c
[2012/05/21 22:43:10 | 000,016,864 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001d
[2012/05/21 22:43:10 | 000,019,670 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001e
[2012/05/21 22:43:10 | 000,018,502 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001f
[2012/05/21 22:43:33 | 000,016,969 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000020
[2012/05/21 22:43:33 | 000,017,664 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000021
[2012/05/21 22:43:33 | 000,017,116 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000022
[2012/05/21 22:44:46 | 000,016,584 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000023
[2012/05/21 22:55:52 | 000,019,157 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000024
[2012/05/21 22:55:52 | 000,031,988 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000025
[2012/05/21 22:55:52 | 000,018,241 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000026
[2012/05/21 22:55:52 | 000,041,338 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000027
[2012/05/21 22:55:52 | 000,024,660 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000028
[2012/05/21 22:55:52 | 000,028,300 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000029
[2012/05/21 22:55:52 | 000,032,843 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002a
[2012/05/21 22:55:52 | 000,053,712 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002b
[2012/05/21 22:55:52 | 000,017,578 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002c
[2012/05/21 22:55:53 | 000,031,988 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002d
[2012/05/21 22:55:53 | 000,059,286 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002e
[2012/05/21 22:55:53 | 000,016,584 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00002f
[2012/05/21 22:55:53 | 000,018,644 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000030
[2012/05/21 22:55:53 | 000,046,691 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000031
[2012/05/21 22:55:53 | 000,026,416 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000032
[2012/05/21 22:55:53 | 000,017,075 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000033
[2012/05/21 22:55:53 | 000,021,341 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000034
[2012/05/21 22:55:53 | 000,029,620 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000035
[2012/05/21 22:55:53 | 000,027,226 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000036
[2012/05/21 22:55:53 | 000,129,073 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000037
[2012/05/21 22:55:53 | 000,022,808 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000038
[2012/05/21 22:55:53 | 000,028,535 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000039
[2012/05/21 22:55:53 | 000,031,483 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003a
[2012/05/21 22:55:53 | 000,138,529 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003b
[2012/05/21 22:55:53 | 000,018,776 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003c
[2012/05/21 22:55:53 | 000,151,861 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003d
[2012/05/21 22:55:53 | 000,133,279 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003e
[2012/05/21 22:55:53 | 000,191,827 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003f
[2012/05/21 22:55:54 | 000,075,050 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000040
[2012/05/21 22:55:54 | 000,174,923 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000041
[2012/05/21 22:55:54 | 000,032,043 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000042
[2012/05/21 22:55:54 | 000,138,839 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000043
[2012/05/21 22:55:54 | 000,085,468 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000044
[2012/05/21 22:55:54 | 000,130,152 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000045
[2012/05/21 22:55:54 | 000,052,045 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000046
[2012/05/21 22:55:54 | 000,077,280 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000047
[2012/05/21 22:55:54 | 000,051,775 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000048
[2012/05/21 22:55:54 | 000,095,354 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000049
[2012/05/21 22:55:54 | 000,073,735 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004a
[2012/05/21 22:55:54 | 000,083,480 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004b
[2012/05/21 22:55:54 | 000,103,847 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004c
[2012/05/21 22:55:54 | 000,093,418 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004d
[2012/05/21 22:55:54 | 000,021,459 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004e
[2012/05/21 22:55:54 | 000,112,129 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00004f
[2012/05/21 22:55:54 | 000,073,754 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000050
[2012/05/21 22:55:54 | 000,092,305 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000051
[2012/05/21 22:55:54 | 000,037,141 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000052
[2012/05/21 22:55:54 | 000,142,574 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000053
[2012/05/21 22:55:54 | 000,021,522 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000054
[2012/05/21 22:55:54 | 000,083,392 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000055
[2012/05/21 22:55:54 | 000,075,062 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000056
[2012/05/21 22:55:54 | 000,084,449 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000057
[2012/05/21 22:55:54 | 000,036,672 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000058
[2012/05/21 22:55:55 | 000,119,543 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000059
[2012/05/21 22:55:55 | 000,260,036 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005a
[2012/05/21 22:55:55 | 000,063,751 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005b
[2012/05/21 22:55:55 | 000,149,033 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005c
[2012/05/21 22:55:55 | 000,145,401 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005d
[2012/05/21 22:55:56 | 000,038,089 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005e
[2012/05/21 22:57:30 | 000,032,541 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00005f
[2012/05/21 22:57:30 | 000,018,878 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000060
[2012/05/21 22:57:30 | 000,017,485 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000061
[2012/05/21 22:57:30 | 000,020,053 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000062
[2012/05/21 22:57:30 | 000,022,925 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000063
[2012/05/21 22:57:36 | 000,019,527 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000065
[2012/05/21 22:57:36 | 000,017,423 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000066
[2012/05/21 22:57:36 | 000,018,360 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000067
[2012/05/21 22:57:45 | 000,145,540 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000068
[2012/05/21 22:57:45 | 000,047,785 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000069
[2012/05/21 22:57:47 | 000,017,027 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00006a
[2012/05/21 22:58:10 | 000,016,925 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00006b
[2012/05/21 22:58:10 | 000,018,412 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00006c
[2012/05/21 22:58:23 | 000,118,377 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00006d
[2012/05/21 22:58:28 | 000,153,143 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00006e
[2012/05/21 22:58:30 | 000,110,080 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00006f
[2012/05/21 22:58:31 | 000,066,734 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000070
[2012/05/21 22:58:32 | 000,133,003 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000071
[2012/05/21 22:58:42 | 000,018,216 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000072
[2012/05/21 22:58:42 | 000,017,455 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000073
[2012/05/21 22:59:13 | 000,040,550 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000074
[2012/05/21 22:59:33 | 000,032,772 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000075
[2012/05/21 23:00:28 | 000,042,448 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000076
[2012/05/21 23:01:03 | 000,037,861 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000077
[2012/05/21 23:01:20 | 000,043,971 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000078
[2012/05/21 23:02:52 | 000,044,923 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000079
[2012/05/21 23:03:01 | 000,081,683 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00007a
[2012/05/21 23:03:42 | 000,034,659 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00007c
[2012/05/21 23:03:45 | 000,034,273 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00007d
[2012/05/21 23:04:35 | 000,039,162 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00007e
[2012/05/21 23:06:16 | 000,044,231 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00007f
[2012/05/21 23:07:32 | 000,038,376 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000080
[2012/05/21 23:08:55 | 000,043,074 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000081
[2012/05/21 23:09:55 | 000,045,497 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000082
[2012/05/21 23:10:30 | 000,043,948 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000083
[2012/05/21 23:11:20 | 000,054,153 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000084
[2012/05/21 23:12:37 | 000,060,880 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000085
[2012/05/21 23:14:03 | 000,043,246 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000086
[2012/05/21 23:14:24 | 000,045,242 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000087
[2012/05/21 23:17:10 | 000,023,605 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000088
[2012/05/21 23:17:14 | 000,034,654 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000089
[2012/05/21 23:17:16 | 000,034,266 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00008a
[2012/05/21 23:17:22 | 000,018,226 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00008b
[2012/05/21 23:17:30 | 000,024,139 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00008c
[2012/05/21 23:17:31 | 000,030,309 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00008d
[2012/05/21 23:17:31 | 000,046,064 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00008e
[2012/05/21 23:17:31 | 000,026,531 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00008f
[2012/05/21 23:17:32 | 000,023,131 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000090
[2012/05/21 23:17:32 | 000,030,406 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000091
[2012/05/21 23:17:32 | 000,036,056 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000092
[2012/05/21 23:17:32 | 000,036,430 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000093
[2012/05/21 23:17:32 | 000,035,836 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000094
[2012/05/21 23:17:32 | 000,038,786 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000095
[2012/05/21 23:17:32 | 000,018,913 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000096
[2012/05/21 23:17:32 | 000,125,335 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000097
[2012/05/21 23:17:35 | 000,059,837 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000098
[2012/05/21 23:17:36 | 000,059,835 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000099
[2012/05/21 23:31:00 | 000,056,269 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00009a
[2012/05/21 23:31:01 | 000,165,780 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00009b
[2012/05/21 23:34:12 | 000,056,269 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00009c
[2012/05/21 23:34:13 | 000,158,486 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00009d
[2012/05/21 23:34:20 | 000,056,269 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00009e
[2012/05/21 23:34:21 | 000,144,178 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00009f
[2012/05/21 23:34:25 | 000,056,269 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000a0
[2012/05/21 23:34:25 | 000,076,300 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000a1
[2012/05/21 23:34:40 | 000,056,269 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000a2
[2012/05/21 23:34:41 | 000,130,691 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000a3
[2012/05/21 23:34:51 | 000,056,269 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000a4
[2012/05/21 23:34:52 | 000,139,684 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000a5
[2012/05/21 23:34:58 | 000,056,269 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000a6
[2012/05/21 23:34:58 | 000,155,059 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000a7
[2012/05/21 23:35:03 | 000,056,269 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000a8
[2012/05/21 23:35:04 | 000,134,052 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000a9
[2012/05/22 19:02:32 | 000,032,541 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000aa
[2012/05/22 19:02:32 | 000,018,878 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ab
[2012/05/22 19:02:32 | 000,020,053 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ac
[2012/05/22 19:02:32 | 000,022,925 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ad
[2012/05/22 19:02:32 | 000,056,688 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ae
[2012/05/22 19:02:34 | 000,066,614 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000af
[2012/05/22 19:02:41 | 000,016,787 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b0
[2012/05/22 19:02:41 | 000,019,329 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b1
[2012/05/22 19:02:41 | 000,016,544 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b2
[2012/05/22 19:02:41 | 000,017,226 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b3
[2012/05/22 19:02:41 | 000,017,958 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b4
[2012/05/22 19:02:41 | 000,017,824 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b5
[2012/05/22 19:02:46 | 000,018,378 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b6
[2012/05/22 19:02:51 | 000,070,338 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b7
[2012/05/22 19:02:52 | 000,047,410 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b8
[2012/05/22 19:02:57 | 000,098,868 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b9
[2012/05/22 19:05:00 | 000,070,646 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ba
[2012/05/22 19:05:20 | 000,024,095 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000bb
[2012/05/22 19:05:24 | 000,058,387 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000bc
[2012/05/22 19:06:16 | 000,057,866 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000bd
[2012/05/22 19:06:23 | 000,016,661 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000be
[2012/05/22 19:06:30 | 000,030,526 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000bf
[2012/05/22 19:06:36 | 000,056,518 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c0
[2012/05/22 19:06:45 | 000,016,754 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c1
[2012/05/22 19:06:45 | 000,017,175 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c2
[2012/05/22 19:06:46 | 000,019,436 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c3
[2012/05/22 19:06:49 | 000,025,429 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c4
[2012/05/22 19:08:11 | 000,031,746 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c5
[2012/05/22 19:08:26 | 000,039,385 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c6
[2012/05/22 19:08:40 | 000,033,125 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c7
[2012/05/22 19:09:10 | 000,032,297 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c8
[2012/05/22 19:09:20 | 000,021,875 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c9
[2012/05/22 19:09:39 | 000,021,811 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ca
[2012/05/22 19:10:42 | 000,023,760 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000cb
[2012/05/22 19:10:43 | 000,022,450 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000cc
[2012/05/22 19:11:42 | 000,032,973 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000cd
[2012/05/21 22:20:26 | 000,524,656 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Cache\index
[2012/05/14 06:19:03 | 000,023,126 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Default\aadigegfdegdddgeddgfdjdcdegbdddf\background.html
[2012/05/14 06:19:03 | 000,000,998 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Default\aadigegfdegdddgeddgfdjdcdegbdddf\ContentScript.js
[2012/05/14 06:19:03 | 000,000,406 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Default\aadigegfdegdddgeddgfdjdcdegbdddf\manifest.json
[2012/03/31 22:23:20 | 000,000,640 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\background.html
[2012/03/31 22:23:21 | 000,000,966 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\manifest.json
[2012/03/31 22:23:20 | 000,005,775 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\popup.html
[2012/03/31 22:23:21 | 000,007,463 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\ar\messages.json
[2012/03/31 22:23:21 | 000,003,985 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\be\messages.json
[2012/03/31 22:23:21 | 000,007,381 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\bg\messages.json
[2012/03/31 22:23:21 | 000,003,505 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\ca\messages.json
[2012/03/31 22:23:21 | 000,003,978 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\cs\messages.json
[2012/03/31 22:23:21 | 000,003,338 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\da\messages.json
[2012/03/31 22:23:21 | 000,003,541 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\de\messages.json
[2012/03/31 22:23:21 | 000,008,003 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\el\messages.json
[2012/03/31 22:23:21 | 000,003,224 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\en\messages.json
[2012/03/31 22:23:21 | 000,003,224 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\en_GB\messages.json
[2012/03/31 22:23:21 | 000,003,550 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\es\messages.json
[2012/03/31 22:23:21 | 000,003,478 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\et\messages.json
[2012/03/31 22:23:21 | 000,007,541 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\fa\messages.json
[2012/03/31 22:23:21 | 000,003,651 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\fi\messages.json
[2012/03/31 22:23:21 | 000,003,606 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\fr\messages.json
[2012/03/31 22:23:21 | 000,006,440 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\he\messages.json
[2012/03/31 22:23:21 | 000,003,224 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\hr\messages.json
[2012/03/31 22:23:21 | 000,003,951 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\hu\messages.json
[2012/03/31 22:23:21 | 000,003,385 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\id\messages.json
[2012/03/31 22:23:21 | 000,003,383 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\it\messages.json
[2012/03/31 22:23:21 | 000,005,662 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\ja\messages.json
[2012/03/31 22:23:21 | 000,004,591 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\ko\messages.json
[2012/03/31 22:23:22 | 000,003,480 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\nb\messages.json
[2012/03/31 22:23:22 | 000,003,406 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\nl\messages.json
[2012/03/31 22:23:22 | 000,003,695 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\pl\messages.json
[2012/03/31 22:23:22 | 000,003,533 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\pt_BR\messages.json
[2012/03/31 22:23:22 | 000,003,456 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\pt_PT\messages.json
[2012/03/31 22:23:22 | 000,003,668 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\ro\messages.json
[2012/03/31 22:23:22 | 000,008,170 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\ru\messages.json
[2012/03/31 22:23:22 | 000,003,843 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\sk\messages.json
[2012/03/31 22:23:22 | 000,003,423 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\sl\messages.json
[2012/03/31 22:23:22 | 000,003,387 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\sr\messages.json
[2012/03/31 22:23:22 | 000,003,614 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\sv\messages.json
[2012/03/31 22:23:22 | 000,007,336 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\th\messages.json
[2012/03/31 22:23:22 | 000,003,642 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\tr\messages.json
[2012/03/31 22:23:22 | 000,008,248 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\uk\messages.json
[2012/03/31 22:23:21 | 000,003,161 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\ur\messages.json
[2012/03/31 22:23:22 | 000,004,585 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\vi\messages.json
[2012/03/31 22:23:22 | 000,004,018 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\zh_CN\messages.json
[2012/03/31 22:23:22 | 000,004,340 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\_locales\zh_TW\messages.json
[2012/03/31 22:23:21 | 000,016,451 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\scripts\anchor.js
[2012/03/31 22:23:21 | 000,014,487 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\scripts\background.js
[2012/03/31 22:23:21 | 000,003,751 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\scripts\dateFormat.js
[2012/03/31 22:23:21 | 000,190,963 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\scripts\jquery.js
[2012/03/31 22:23:21 | 000,001,519 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\scripts\mouse.js
[2012/03/31 22:23:21 | 000,008,166 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\scripts\pbj.js
[2012/03/31 22:23:21 | 000,012,390 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\scripts\popup.js
[2012/03/31 22:23:21 | 000,059,851 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\scripts\protobuf.js
[2012/03/31 22:23:21 | 000,023,943 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\scripts\query.js
[2012/03/31 22:23:21 | 000,020,046 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\scripts\ratings.js
[2012/03/31 22:23:21 | 000,014,583 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\scripts\warnDlg.js
[2012/03/31 22:23:21 | 000,002,126 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\scripts\wrc_gpb.js
[2012/03/31 22:23:21 | 000,000,139 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\css\anchor.css
[2012/03/31 22:23:21 | 000,010,250 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\css\popup.css
[2012/03/31 22:23:21 | 000,000,523 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\background-body.jpg
[2012/03/31 22:23:21 | 000,000,637 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\background-right-bottom.jpg
[2012/03/31 22:23:21 | 000,000,634 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\background-right-top.jpg
[2012/03/31 22:23:21 | 000,001,156 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\close.png
[2012/03/31 22:23:21 | 000,000,626 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\disabled.png
[2012/03/31 22:23:21 | 000,001,763 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\grey.png
[2012/03/31 22:23:21 | 000,000,743 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\horizontal-line-white.jpg
[2012/03/31 22:23:21 | 000,001,032 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\horizontal-line.jpg
[2012/03/31 22:23:21 | 000,004,733 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icon_incorrect.png
[2012/03/31 22:23:21 | 000,004,975 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\logo.jpg
[2012/03/31 22:23:21 | 000,000,504 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\vertical-line.jpg
[2012/03/31 22:23:21 | 000,002,087 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\corporate-small-disable.png
[2012/03/31 22:23:21 | 000,001,939 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\corporate-small-selected.png
[2012/03/31 22:23:21 | 000,003,215 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\corporate.png
[2012/03/31 22:23:21 | 000,002,265 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\drugs-small-disable.png
[2012/03/31 22:23:21 | 000,002,263 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\drugs-small-selected.png
[2012/03/31 22:23:21 | 000,005,828 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\drugs.png
[2012/03/31 22:23:21 | 000,002,303 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\gambling-small-disable.png
[2012/03/31 22:23:21 | 000,002,155 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\gambling-small-selected.png
[2012/03/31 22:23:21 | 000,004,773 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\gambling.png
[2012/03/31 22:23:21 | 000,003,829 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\green-1.png
[2012/03/31 22:23:21 | 000,003,549 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\green-2.png
[2012/03/31 22:23:21 | 000,003,075 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\green-3.png
[2012/03/31 22:23:21 | 000,001,593 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\green-hover.png
[2012/03/31 22:23:21 | 000,002,977 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\green-selected.png
[2012/03/31 22:23:21 | 000,001,590 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\green.png
[2012/03/31 22:23:21 | 000,001,416 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\green1-16.png
[2012/03/31 22:23:21 | 000,001,408 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\green1-small.png
[2012/03/31 22:23:21 | 000,001,430 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\green2-16.png
[2012/03/31 22:23:21 | 000,001,426 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\green2-small.png
[2012/03/31 22:23:21 | 000,001,406 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\green3-16.png
[2012/03/31 22:23:21 | 000,000,722 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\green3-24.png
[2012/03/31 22:23:21 | 000,001,396 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\green3-small.png
[2012/03/31 22:23:21 | 000,003,955 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\grey-0.png
[2012/03/31 22:23:21 | 000,003,110 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\grey-3.png
[2012/03/31 22:23:21 | 000,001,433 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\grey-small.png
[2012/03/31 22:23:21 | 000,001,441 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\grey0-16.png
[2012/03/31 22:23:21 | 000,001,451 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\grey3-16.png
[2012/03/31 22:23:21 | 000,002,318 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\illegal-small-disable.png
[2012/03/31 22:23:21 | 000,002,320 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\illegal-small-selected.png
[2012/03/31 22:23:21 | 000,006,501 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\illegal.png
[2012/03/31 22:23:21 | 000,002,139 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\it-small-disable.png
[2012/03/31 22:23:21 | 000,001,957 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\it-small-selected.png
[2012/03/31 22:23:21 | 000,003,884 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\it.png
[2012/03/31 22:23:21 | 000,001,300 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\limet-hover.png
[2012/03/31 22:23:21 | 000,002,791 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\limet-selected.png
[2012/03/31 22:23:21 | 000,001,298 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\limet.png
[2012/03/31 22:23:21 | 000,001,810 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\line-dark-horizontal.png
[2012/03/31 22:23:21 | 000,001,787 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\line-light-horizontal.png
[2012/03/31 22:23:21 | 000,003,601 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\logo128.jpg
[2012/03/31 22:23:21 | 000,008,456 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\logo256.jpg
[2012/03/31 22:23:21 | 000,001,391 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\logo48.jpg
[2012/03/31 22:23:21 | 000,001,769 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\logo64.jpg
[2012/03/31 22:23:21 | 000,002,057 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\news-small-disable.png
[2012/03/31 22:23:21 | 000,001,961 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\news-small-selected.png
[2012/03/31 22:23:21 | 000,003,762 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\news.png
[2012/03/31 22:23:21 | 000,001,303 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\orange-hover.png
[2012/03/31 22:23:21 | 000,002,788 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\orange-selected.png
[2012/03/31 22:23:21 | 000,001,304 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\orange.png
[2012/03/31 22:23:21 | 000,001,389 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\orange1-16.png
[2012/03/31 22:23:21 | 000,001,406 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\orange2-16.png
[2012/03/31 22:23:21 | 000,001,363 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\orange3-16.png
[2012/03/31 22:23:21 | 000,002,124 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\pornography-small-disable.png
[2012/03/31 22:23:21 | 000,001,984 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\pornography-small-selected.png
[2012/03/31 22:23:21 | 000,004,104 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\pornography.png
[2012/03/31 22:23:21 | 000,003,741 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\red-1.png
[2012/03/31 22:23:21 | 000,003,479 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\red-2.png
[2012/03/31 22:23:21 | 000,002,716 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\red-3.png
[2012/03/31 22:23:21 | 000,001,549 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\red-hover.png
[2012/03/31 22:23:21 | 000,002,939 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\red-selected.png
[2012/03/31 22:23:21 | 000,001,552 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\red.png
[2012/03/31 22:23:21 | 000,001,376 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\red1-16.png
[2012/03/31 22:23:21 | 000,001,367 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\red1-small.png
[2012/03/31 22:23:21 | 000,001,386 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\red2-16.png
[2012/03/31 22:23:21 | 000,001,377 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\red2-small.png
[2012/03/31 22:23:21 | 000,001,361 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\red3-16.png
[2012/03/31 22:23:21 | 000,001,352 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\red3-small.png
[2012/03/31 22:23:21 | 000,002,122 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\shopping-small-disable.png
[2012/03/31 22:23:21 | 000,002,075 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\shopping-small-selected.png
[2012/03/31 22:23:21 | 000,005,208 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\shopping.png
[2012/03/31 22:23:21 | 000,002,235 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\social-small-disable.png
[2012/03/31 22:23:21 | 000,002,147 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\social-small-selected.png
[2012/03/31 22:23:21 | 000,005,147 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\social.png
[2012/03/31 22:23:21 | 000,002,245 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\violence-small-disable.png
[2012/03/31 22:23:21 | 000,002,109 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\violence-small-selected.png
[2012/03/31 22:23:21 | 000,004,866 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\violence.png
[2012/03/31 22:23:21 | 000,002,245 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\weapons-small-disable.png
[2012/03/31 22:23:21 | 000,002,109 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\weapons-small-selected.png
[2012/03/31 22:23:21 | 000,006,701 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\weapons.png
[2012/03/31 22:23:21 | 000,003,818 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\yellow-1.png
[2012/03/31 22:23:21 | 000,003,525 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\yellow-2.png
[2012/03/31 22:23:21 | 000,002,697 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\yellow-3.png
[2012/03/31 22:23:21 | 000,001,304 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\yellow-hover.png
[2012/03/31 22:23:21 | 000,002,782 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\yellow-selected.png
[2012/03/31 22:23:21 | 000,001,304 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\yellow.png
[2012/03/31 22:23:21 | 000,001,337 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\yellow1-16.png
[2012/03/31 22:23:21 | 000,001,379 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\yellow1-small.png
[2012/03/31 22:23:21 | 000,001,345 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\yellow2-16.png
[2012/03/31 22:23:21 | 000,001,395 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\yellow2-small.png
[2012/03/31 22:23:21 | 000,001,302 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\yellow3-16.png
[2012/03/31 22:23:21 | 000,001,363 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\skin\images\icons\yellow3-small.png
[8 C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp files -> C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp -> ]
[8 C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp files -> C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp -> ]
[2012/05/20 22:17:03 | 000,003,072 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-devtools_devtools_0.localstorage
[2012/05/22 19:11:45 | 000,229,376 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_icmlaeflemplmjndnaapfdbbnpncnbda_0.localstorage
[2012/05/21 21:42:36 | 000,003,072 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_bh.contextweb.com_0.localstorage
[2012/05/21 23:17:31 | 000,003,072 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_clients.bluecava.com_0.localstorage
[2012/05/21 00:05:27 | 000,003,072 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_foryou.bliss.com_0.localstorage
[2012/05/20 23:02:40 | 000,003,072 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_notalwaysright.com_0.localstorage
[2012/05/14 21:45:20 | 000,003,072 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_xfinity.comcast.net_0.localstorage
[2012/03/31 22:23:20 | 000,000,000 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css
[2012/05/19 22:35:04 | 000,001,811 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\manifest.json
[2012/05/19 22:35:05 | 008,110,592 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

< %LOCALAPPDATA%\{*}. /s >
[2012/04/04 00:36:26 | 000,000,000 | ---D | M] -- C:\Users\Stephen\AppData\Local\Microsoft\Device Metadata\dmrccache\en-us\48dbb680-0668-45c4-8ef4-255217849798\DeviceStage\Task\{0CFF7170-B7C4-4836-AD38-96D7E9D84E07}
[2012/04/04 00:36:26 | 000,000,000 | ---D | M] -- C:\Users\Stephen\AppData\Local\Microsoft\Device Metadata\dmrccache\en-us\48dbb680-0668-45c4-8ef4-255217849798\DeviceStage\Task\{29588117-de7a-48cb-b18a-a18ae8df3994}
[2012/04/04 00:36:26 | 000,000,000 | ---D | M] -- C:\Users\Stephen\AppData\Local\Microsoft\Device Metadata\dmrccache\en-us\48dbb680-0668-45c4-8ef4-255217849798\DeviceStage\Task\{3C29BE2D-CFA3-4230-8B9E-EA0D1EBFF03B}
[2012/04/04 00:36:26 | 000,000,000 | ---D | M] -- C:\Users\Stephen\AppData\Local\Microsoft\Device Metadata\dmrccache\en-us\48dbb680-0668-45c4-8ef4-255217849798\DeviceStage\Task\{4951aede-c769-4eb0-92eb-b320793dd932}
[2012/04/04 00:36:26 | 000,000,000 | ---D | M] -- C:\Users\Stephen\AppData\Local\Microsoft\Device Metadata\dmrccache\en-us\48dbb680-0668-45c4-8ef4-255217849798\DeviceStage\Task\{6EB640CE-58CB-4cf8-9574-72FC6475B346}
[2012/04/04 00:36:26 | 000,000,000 | ---D | M] -- C:\Users\Stephen\AppData\Local\Microsoft\Device Metadata\dmrccache\en-us\48dbb680-0668-45c4-8ef4-255217849798\DeviceStage\Task\{6f27a6a1-f7aa-411e-bd20-16f18cb3e701}

< %AppData%\{*}. /s >
[2012/03/29 22:49:16 | 000,000,000 | ---D | M] -- C:\Users\Stephen\AppData\Roaming\Identities\{B9818C73-880A-47D7-8D75-E411E4C7F23B}

< %USERPROFILE%\AppData\LocalLow\{*}. /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/08 22:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/08 22:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/08 22:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/05/08 22:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/10/30 21:13:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/10/30 21:13:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/10/30 21:13:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/10/30 21:13:57 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/10/30 21:13:57 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/05/08 22:04:54 | 001,240,048 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/05/08 22:04:54 | 001,240,048 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/05/08 22:04:54 | 001,240,048 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/05/08 22:04:54 | 001,240,048 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/10/30 21:13:57 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/10/30 21:13:57 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/10/30 21:13:57 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/10/30 21:13:57 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2011/10/30 21:13:57 | 000,748,336 | ---- | M] (Microsoft Corporation)

< End of report >

#12 History Fox

History Fox
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 22 May 2012 - 10:57 PM

Sweet Tech,

The lines

[2012/05/14 06:19:03 | 000,023,126 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Default\aadigegfdegdddgeddgfdjdcdegbdddf\background.html
[2012/05/14 06:19:03 | 000,000,998 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Default\aadigegfdegdddgeddgfdjdcdegbdddf\ContentScript.js
[2012/05/14 06:19:03 | 000,000,406 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Default\aadigegfdegdddgeddgfdjdcdegbdddf\manifest.json

appear to refer to a virus. VirusTotal had a hit on the HTML file:

https://www.virustotal.com/file/34584fc6e1a3a93782bd7ea69f2fb89c0d601e627a71d0a95c39be3ca0dc1daf/analysis/1337744217/

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:36 AM

Posted 23 May 2012 - 12:59 AM

Hi History Fox!

Yep, those 3 files are exactly what I was looking for.

Before I go ahead and remove those, would you mind it if I got a sample of them? I'd like to be able to submit it to a developer, so that it can be analyzed further.

If you'd be willing to provide me with a copy of it, please do the following:


You will need to browse to the following folder:

C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Default\

Note: You may need to change a setting in your Folder Options to display Hidden Files and Folders.

Show hidden files in Windows 7
Please enable the Show Hidden Files and Folders option:
  • Close all programs so that you are at your desktop.
  • Press the Windows Key + R
  • Type in the following followed by pressing OK: control folders
  • Click on the View tab in the Folder Options window.
  • Select the option that says: Show hidden files and folders under the "Hidden files and folders" section.
  • Remove check mark from check box... Hide extensions for known file types.
  • Remove check mark from check box... Hide protected operating system files.
  • Press the Apply button...then the OK button.


Now that we've configured your computer to show hidden files and folders, lets locate the following folder: aadigegfdegdddgeddgfdjdcdegbdddf

Right click on it and go to Send to > Compressed (zipped) Folder

This should create a zipped file named: aadigegfdegdddgeddgfdjdcdegbdddf.zip in the same folder.

Now we'll need to submit it.

Uploading File
Please visit this site & follow the instructions for uploading the file mentioned below.
Copy/paste the contents of the Code Box below into the Link to topic where this file was requested: box:
http://www.bleepingcomputer.com/forums/topic453790.html/page__view__findpost__p__2707957
Click Browse & navigate to C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Default\aadigegfdegdddgeddgfdjdcdegbdddf.zip.

Please be sure to let me know once you've submitted it to me. :)

----

Now we are going to go ahead and remove it. That should hopefully fix the issues with the redirects. We'll be running through some additional scans to look for any leftovers that may still be hiding.


OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    [2012/05/14 06:19:03 | 000,023,126 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Default\aadigegfdegdddgeddgfdjdcdegbdddf\background.html
    [2012/05/14 06:19:03 | 000,000,998 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Default\aadigegfdegdddgeddgfdjdcdegbdddf\ContentScript.js
    [2012/05/14 06:19:03 | 000,000,406 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Default\aadigegfdegdddgeddgfdjdcdegbdddf\manifest.json
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:




Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:


Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. Confirmation that the file got submitted to me successfully (if you decided to submit it to me).
3. OTL fix log.
4. MalwareBytes' Anti-Malware log.
5. ESET Online Virus Scanner log.
6. Security Check log.
7. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 History Fox

History Fox
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 24 May 2012 - 01:01 AM

Sweet Tech, Hi!

1. No questions
2. I submitted the zip file successfully.
3. The OTL log is as follows:

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Default\aadigegfdegdddgeddgfdjdcdegbdddf\background.html moved successfully.
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Default\aadigegfdegdddgeddgfdjdcdegbdddf\ContentScript.js moved successfully.
C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Default\aadigegfdegdddgeddgfdjdcdegbdddf\manifest.json moved successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Stephen\Desktop\cmd.bat deleted successfully.
C:\Users\Stephen\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Stephen
->Temp folder emptied: 1294388 bytes
->Temporary Internet Files folder emptied: 182845533 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 54186333 bytes
->Flash cache emptied: 2025 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2562 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 227.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Stephen
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Stephen
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.43.1 log created on 05232012_230336

Files\Folders moved on Reboot...
File\Folder C:\Users\Stephen\AppData\Local\Temp\fla6F40.tmp not found!
C:\Users\Stephen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBQ7XQV9\0[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBQ7XQV9\0[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBQ7XQV9\ab[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBQ7XQV9\blankHistory[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBQ7XQV9\csc-render[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBQ7XQV9\ext-render-secure[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBQ7XQV9\fastbutton[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBQ7XQV9\fastbutton[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBQ7XQV9\fastbutton[3].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBQ7XQV9\fastbutton[4].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBQ7XQV9\fastbutton[5].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBQ7XQV9\fastbutton[6].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBQ7XQV9\follow_button.1337330192[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBQ7XQV9\getSegment[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBQ7XQV9\getSegment[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBQ7XQV9\index.83dbd00c856daa90d03cb2dbb8b81715[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBQ7XQV9\notalwaysright_com[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBQ7XQV9\pixel[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBQ7XQV9\xd_arbiter[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UL1VENQW\ads[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UL1VENQW\fastbutton[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UL1VENQW\fastbutton[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UL1VENQW\fc[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UL1VENQW\healthy-options-at-chilis[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UL1VENQW\iframe3[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UL1VENQW\pinit[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UL1VENQW\search[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UL1VENQW\search[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UL1VENQW\signonScreen[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UL1VENQW\st[1] moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCXC56Z4\1337828879[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCXC56Z4\1337828879[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCXC56Z4\4138856192[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCXC56Z4\;ord=2656963817786099626[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCXC56Z4\ddc[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCXC56Z4\i[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCXC56Z4\like[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCXC56Z4\like[3].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCXC56Z4\like[4].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCXC56Z4\like[5].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCXC56Z4\reply[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCXC56Z4\st[1] moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCXC56Z4\submit-malware[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA5LJWYN\ddc[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA5LJWYN\fastbutton[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA5LJWYN\fastbutton[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA5LJWYN\if[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA5LJWYN\imghp[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA5LJWYN\likeCA1YNQW7.htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA5LJWYN\likeCA2876L8.htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA5LJWYN\likeCA4FZBBX.htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA5LJWYN\likeCACUMEQQ.htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA5LJWYN\likeCAJDPHU7.htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA5LJWYN\like[11].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA5LJWYN\like[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA5LJWYN\like[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA5LJWYN\like[6].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA5LJWYN\PIE[1].htc moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA5LJWYN\xframe-proxy_20110929[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA5LJWYN\xframe-proxy_20110929[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGCXTAEI\0[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGCXTAEI\0[3].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGCXTAEI\1[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGCXTAEI\ddc[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGCXTAEI\fastbutton[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGCXTAEI\fastbutton[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGCXTAEI\fastbutton[3].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGCXTAEI\img[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGCXTAEI\like[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGCXTAEI\like[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGCXTAEI\like[3].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGCXTAEI\like[4].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGCXTAEI\like[5].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGCXTAEI\like[6].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGCXTAEI\ping[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGCXTAEI\tweet_button.1337330192[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGCXTAEI\xd_arbiter[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PBVPCK5O\ff2[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PBVPCK5O\iframe3[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PBVPCK5O\like[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PBVPCK5O\like[3].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PBVPCK5O\like[4].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PBVPCK5O\like[5].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PBVPCK5O\nf[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PBVPCK5O\oauth[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PBVPCK5O\pinit[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PBVPCK5O\prefs[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PBVPCK5O\voice[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P593YZ87\0,,20597931,00[1].htm moved successfully.
File\Folder C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P593YZ87\8597E8BE-B1C3-11DD-8E46-2F8F1A66B302[1].htm not found!
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P593YZ87\emily[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P593YZ87\fastbutton[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P593YZ87\fastbutton[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P593YZ87\fastbutton[3].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P593YZ87\fastbutton[4].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P593YZ87\fastbutton[5].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P593YZ87\fastbutton[6].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P593YZ87\fastbutton[7].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P593YZ87\global_footer[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P593YZ87\iframe3[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P593YZ87\iframe3[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P593YZ87\img[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P593YZ87\like[6].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P593YZ87\like[7].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P593YZ87\send[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P593YZ87\tout[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EROEAEJ2\ab[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EROEAEJ2\ab[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EROEAEJ2\ab[3].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EROEAEJ2\emily[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EROEAEJ2\fastbutton[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EROEAEJ2\fastbutton[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EROEAEJ2\getSegment[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EROEAEJ2\img[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EROEAEJ2\img[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EROEAEJ2\like[7].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EROEAEJ2\overviewAds[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EROEAEJ2\sharer[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7KMQNCY8\;ord=3130066076106725856[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7KMQNCY8\article[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7KMQNCY8\ddc[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7KMQNCY8\ddc[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7KMQNCY8\def[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7KMQNCY8\dg_specificclick_net[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7KMQNCY8\iframe3[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7KMQNCY8\like[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7KMQNCY8\like[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7KMQNCY8\like[3].htm moved successfully.
File move failed. C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7KMQNCY8\on=false;;dcopt=ist;tile=1;um=0;us=13;eb_trk=175506;pr=20;xp=20;np=20;uz=Unknown;fbi=;sbi=;fbo=;sbo=;fse=;sse=;fvi=;svi=;cg=53df7e4f1370a0a9eef14b41fdfc9c42[1].htm scheduled to be moved on reboot.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7KMQNCY8\st[1] moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7KMQNCY8\st[2] moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7KMQNCY8\toutb[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IJMW4A2\ads[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IJMW4A2\bclick[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IJMW4A2\index.46f5bc5fc0e85c1367fbe18fbd1b1792[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IJMW4A2\index[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IJMW4A2\msglistAds[1] moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IJMW4A2\search[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IJMW4A2\search[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IJMW4A2\slf[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IJMW4A2\topic453790[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KU6KFFH\0[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KU6KFFH\afr[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KU6KFFH\beacon[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KU6KFFH\blank[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KU6KFFH\dg_specificclick_net[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KU6KFFH\dg_specificclick_net[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KU6KFFH\fastbutton[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KU6KFFH\fastbutton[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KU6KFFH\fastbutton[3].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KU6KFFH\fastbutton[4].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KU6KFFH\fastbutton[5].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KU6KFFH\fastbutton[6].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KU6KFFH\iframe[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KU6KFFH\img[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KU6KFFH\img[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KU6KFFH\like[6].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HW7R3R6\1063267434[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HW7R3R6\1204275751[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HW7R3R6\;ord=1645614486[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HW7R3R6\ads[3].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HW7R3R6\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HW7R3R6\clk[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HW7R3R6\clk[6].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HW7R3R6\detail[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HW7R3R6\getSegment[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HW7R3R6\google_com[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HW7R3R6\iframe3[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HW7R3R6\like[4].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HW7R3R6\like[5].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HW7R3R6\like[6].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HW7R3R6\like[7].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HW7R3R6\search[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HW7R3R6\search[3].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HW7R3R6\st[1] moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HW7R3R6\st[2] moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HW7R3R6\um[1].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HW7R3R6\xc[2].htm moved successfully.
C:\Users\Stephen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HW7R3R6\xd_arbiter[1].htm moved successfully.
File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

4. The malware bytes log is as follows:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.24.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Stephen :: TOSHIBA-LAPTOP [administrator]

5/23/2012 11:20:11 PM
mbam-log-2012-05-23 (23-20-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202434
Time elapsed: 2 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

5. I am still waiting for the ESET scan to complete. It has detected the kryptik trojan but it seems to have stopped at the end of step 3.

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:36 AM

Posted 24 May 2012 - 01:07 AM

Hi!

Thanks for submitting that file! I received it successfully. :)

How long has ESET been running for?

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users