WiredWX Hobby Weather ToolsLog in

 


Trojan horse BackDoor.Generic12.BIXF and all the fixins

2 posters

descriptionTrojan horse BackDoor.Generic12.BIXF and all the fixins EmptyTrojan horse BackDoor.Generic12.BIXF and all the fixins

more_horiz
So I turned on my laptop today when I got home to find AVG screaming at me every 5 min "multiple threat detection", a full virus vault ever being further filled, and constant messages that an individual threat had been detected. After trying to figure out what was up, all the while moving newly discovered threats to the virus vault and not figuring out whether more than one wuauclt.exe files were legit, I decided it was time to come back to you dudes once again. To give you a head start, here are some of the threats identified and the OTL log; oh, but let me say "thanks" in advance... Thanks:

c:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000032.@ Found Luhe.Sirefef.A
c:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000000.@ Trojan horse Generic_r.BAT
c:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\000000cb.@ Trojan horse BackDoor.Generic15.BIXF
c:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000008.@ Trojan horse Generic28.BZDH
c:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000004.@ Trojan horse BackDoor.Generic15.BIVV
c:\Windows\System32\services.exe Trojan horse Patched_c.LYT




Last edited by timecantkill on 17th August 2012, 1:43 am; edited 2 times in total (Reason for editing : Typos and wrong OTL Log)

descriptionTrojan horse BackDoor.Generic12.BIXF and all the fixins EmptyActual OTL Log Pt 1

more_horiz
Oops, disregard that first OTL log. Forgot to use the script >_< I'll post the new one. Also, I noticed that the individual threats being found by AVG increase in recurrence when any browser is open and navigated.

Now, here's a word from our sponsors:

OTL logfile created on: 8/16/2012 8:49:13 PM - Run 5
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Age\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 56.57% Memory free
5.94 Gb Paging File | 4.57 Gb Available in Paging File | 76.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.68 Gb Total Space | 16.97 Gb Free Space | 7.55% Space Free | Partition Type: NTFS

Computer Name: MELVIN | User Name: Age | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/16 20:48:35 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Age\Downloads\OTL(1).com
PRC - [2012/06/11 17:59:44 | 000,335,888 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2012/01/17 21:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/27 20:57:02 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe
PRC - [2008/05/15 20:20:06 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008/05/15 20:20:06 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/04/30 22:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\intel\WiFi\bin\EvtEng.exe
PRC - [2008/04/30 22:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/29 00:48:08 | 000,098,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
PRC - [2008/04/02 14:07:56 | 000,147,456 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2008/04/02 14:07:54 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008/04/02 14:07:38 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008/03/03 17:45:48 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2008/02/22 20:38:50 | 000,122,880 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2008/02/22 20:38:50 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2009/04/11 02:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/30 22:22:34 | 000,057,344 | ---- | M] () -- C:\Program Files\Common Files\Intel\WirelessCommon\CustomUIResource.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2012/08/16 19:31:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/22 11:25:27 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/11 17:59:44 | 000,335,888 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm)
SRV - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/05/27 20:57:02 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/05/15 20:20:06 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/04/30 22:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/04/30 22:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/04/29 00:48:08 | 000,098,304 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkHDMIService)
SRV - [2008/04/02 14:07:58 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/04/02 14:07:56 | 000,147,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2008/04/02 14:07:54 | 000,184,320 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/04/02 14:07:38 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/03/04 23:58:30 | 000,063,328 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/03/04 23:56:42 | 000,350,048 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/03/04 23:54:50 | 000,104,288 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/03/03 17:45:48 | 000,333,088 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008/03/03 16:27:14 | 000,087,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2007/11/28 05:08:02 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2007/11/28 05:02:20 | 000,053,248 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2007/11/28 04:43:44 | 000,053,248 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2007/11/09 20:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/06/05 16:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Symioenr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Age\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011/05/27 19:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/08/26 15:48:16 | 000,011,264 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpGmb001.sys -- (HpGmb001)
DRV - [2008/06/12 04:23:08 | 000,113,152 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/05/12 20:05:19 | 003,537,408 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/28 09:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/04/27 21:19:55 | 000,142,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008/04/22 18:43:36 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/04/15 20:04:24 | 000,046,592 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/04/15 20:04:12 | 000,068,096 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/02/22 20:38:50 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/30 20:33:28 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/01/24 22:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/12/16 21:57:23 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/05/26 04:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/04/10 01:02:18 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT25USBAP.SYS -- (RT25USBAP)
DRV - [2005/05/27 05:46:20 | 000,913,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302AV.SYS -- (PID_08A0)
DRV - [2005/05/27 05:37:58 | 000,007,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 05:31:26 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2003/09/26 05:53:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {CF739809-1C6C-47C0-85B9-569DBB141420}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q={searchTerms}&crm=1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = BF 3E 66 01 84 34 F3 43 A7 2C 7A 21 79 E4 2F 37 [binary data]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2B68F2F3-3342-4A2A-81CA-8072852D359E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\..\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=SOLTDF&pc=SOLTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q={searchTerms}&crm=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0.12514
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Age\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Age\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Age\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Age\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/02 20:00:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox [2012/02/05 18:35:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/22 11:25:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/14 19:05:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009/04/27 02:14:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{78D0CB9C-B2B9-48FC-ACF8-BEC50DBA6E70}: C:\Users\Age\AppData\Local\{78D0CB9C-B2B9-48FC-ACF8-BEC50DBA6E70}
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/22 11:25:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/14 19:05:22 | 000,000,000 | ---D | M]

[2008/12/22 17:21:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Age\AppData\Roaming\Mozilla\Extensions
[2012/07/11 19:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Age\AppData\Roaming\Mozilla\Firefox\Profiles\ukp2bmba.default\extensions
[2011/07/04 16:32:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Age\AppData\Roaming\Mozilla\Firefox\Profiles\ukp2bmba.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/04 16:32:07 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Age\AppData\Roaming\Mozilla\Firefox\Profiles\ukp2bmba.default\extensions\searchrecs@veoh.com
[2011/11/27 19:37:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/16 19:31:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/04/14 19:01:51 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
[2012/02/05 18:35:42 | 000,000,000 | ---D | M] ("RewardsArcade") -- C:\USERS\AGE\APPDATA\LOCAL\REWARDSARCADE\498\FIREFOX
[2012/07/11 19:31:13 | 000,163,080 | ---- | M] () (No name found) -- C:\USERS\AGE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UKP2BMBA.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
[2012/07/22 11:25:28 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/11 19:14:08 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/16 22:28:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/16 22:28:31 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Age\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Age\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Age\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Age\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Age\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: VeohTV Plugin (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
CHR - plugin: Veoh Web Player Beta (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RewardsArcade = C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\
CHR - Extension: AVG Safe Search = C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Skype Click to Call = C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Skype Click to Call = C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

O1 HOSTS File: ([2011/08/26 19:04:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (RewardsArcade) - {597A9974-8CB0-4f41-B61F-ED065738A397} - C:\Program Files\RewardsArcade\RewardsArcade.dll (215 Apps)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\Windows\System32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [VMpTtray.exe] C:\Program Files\Sony\VAIO Media plus\VMpTtray.exe (Sony Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\system32\wshbth.dll File not found
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27AEC3A7-2ED6-4AFA-846E-65C3FDF6E729}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B63D4277-F1AC-4553-BD51-22515EA3DCA6}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Age\Documents\The KMPlayer\Capture\[Nutbladder]_Arakawa_Under_the_Bridge_×2_-_01_[5ef65288][00-22-46].JPG
O24 - Desktop BackupWallPaper: C:\Users\Age\Documents\The KMPlayer\Capture\[Nutbladder]_Arakawa_Under_the_Bridge_×2_-_01_[5ef65288][00-22-46].JPG
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk - - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^Age^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Aim - hkey= - key= - C:\Program Files\AIM\aim.exe (AOL Inc.)
MsConfig - StartUpReg: AML - hkey= - key= - C:\Program Files\Sony\VAIO Launcher\AML.exe (Sony)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: ISBMgr.exe - hkey= - key= - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: OpwareSE4 - hkey= - key= - C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SmartWiHelper - hkey= - key= - C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: VAIO Help and Support Demo - hkey= - key= - C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe ()
MsConfig - StartUpReg: VAIOMyMemCenter - hkey= - key= - C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe ()
MsConfig - StartUpReg: VAIORegistration - hkey= - key= - C:\Program Files\Sony\First Experience\WelcomeLauncher.exe (Sony Electronics, Inc.)
MsConfig - StartUpReg: VAIOSurvey - hkey= - key= - C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe ()
MsConfig - StartUpReg: VeohPlugin - hkey= - key= - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
MsConfig - StartUpReg: VWLASU - hkey= - key= - C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - StartUpReg: WrtMon.exe - hkey= - key= - File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8DB6C24B-0719-4D0E-983E-2B790EAA908B} - Browser Customizations
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/16 20:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/16 20:26:30 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 20:26:30 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 20:03:02 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/16 19:56:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-11734941-2268584939-366143686-1000UA.job
[2012/08/16 19:31:15 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/16 19:31:15 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/16 18:32:58 | 000,002,068 | ---- | M] () -- C:\Users\Age\Desktop\Google Chrome.lnk
[2012/08/16 18:32:58 | 000,002,030 | ---- | M] () -- C:\Users\Age\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/16 18:30:41 | 104,052,063 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/16 18:28:22 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/16 18:26:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/16 18:26:12 | 3082,850,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/12 23:56:08 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/08/12 23:56:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-11734941-2268584939-366143686-1000Core.job
[2012/08/11 17:42:55 | 000,381,460 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/08/08 18:41:45 | 000,411,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/06 19:39:18 | 000,174,133 | ---- | M] () -- C:\Users\Age\Desktop\Florida Discount Drug Card.jpg
[2012/08/04 22:58:37 | 000,034,816 | ---- | M] () -- C:\Users\Age\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/25 22:59:27 | 000,607,616 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/25 22:59:27 | 000,105,224 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/21 13:32:05 | 000,000,680 | ---- | M] () -- C:\Users\Age\AppData\Local\d3d9caps.dat
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/16 20:50:10 | 000,092,672 | ---- | C] () -- C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000032.@
[2012/08/16 19:46:09 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000000.@
[2012/08/16 19:45:54 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\000000cb.@
[2012/08/16 19:45:53 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000004.@
[2012/08/16 19:42:34 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000008.@
[2012/08/06 19:39:18 | 000,174,133 | ---- | C] () -- C:\Users\Age\Desktop\Florida Discount Drug Card.jpg
[2012/07/11 18:22:54 | 000,000,680 | ---- | C] () -- C:\Users\Age\AppData\Local\d3d9caps.dat
[2012/06/17 17:27:13 | 000,034,816 | ---- | C] () -- C:\Users\Age\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/11 21:08:18 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/01/10 19:21:07 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\@
[2011/10/21 00:45:06 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2011/03/31 23:00:32 | 000,000,048 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/03/31 22:05:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/31 22:05:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/31 22:05:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/31 22:05:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/31 22:05:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/14 23:34:18 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/02/14 23:31:19 | 000,053,248 | ---- | C] () -- C:\Windows\System32\InstMed.exe
[2010/12/26 22:51:55 | 000,014,484 | ---- | C] () -- C:\Users\Age\.recently-used.xbel
[2008/11/14 23:00:32 | 000,000,494 | -H-- | C] () -- C:\Users\Age\AppData\Roaming\wklnhst.dat

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >

descriptionTrojan horse BackDoor.Generic12.BIXF and all the fixins EmptyActual OTL Log Pt 2

more_horiz
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/22 11:25:25 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/22 11:25:25 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/22 11:25:25 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/22 11:25:28 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/22 11:25:28 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/22 11:25:28 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Age\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Age\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Age\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Age\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/28 18:29:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/28 18:29:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/28 18:29:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/22 11:25:25 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/22 11:25:25 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/22 11:25:25 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/22 11:25:28 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/22 11:25:28 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/22 11:25:28 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Age\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Age\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Age\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Age\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/14 00:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/28 18:29:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/28 18:29:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/28 18:29:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/06/04 11:26:04 | 000,440,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecdd.sys

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2012/04/29 11:12:27 | 000,083,074 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists
[2012/06/06 19:53:34 | 000,000,004 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
[2012/06/06 19:53:33 | 000,029,296 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Local State
[2012/04/29 11:10:25 | 007,132,592 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom
[2012/04/29 11:10:25 | 002,038,053 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Filter 2
[2012/06/06 19:52:12 | 000,006,144 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies
[2012/06/06 19:52:12 | 000,001,544 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal
[2012/04/29 11:10:25 | 000,134,356 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Safe Browsing Csd Whitelist
[2012/04/29 11:10:24 | 001,423,768 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Safe Browsing Download
[2012/04/29 11:10:25 | 000,014,108 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Safe Browsing Download Whitelist
[2012/06/06 19:53:33 | 000,061,440 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Archived History
[2012/06/06 19:53:33 | 000,016,384 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Archived History-journal
[2011/06/23 19:18:28 | 000,000,505 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
[2011/06/23 19:18:28 | 000,000,505 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
[2012/06/06 19:53:33 | 000,050,176 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cookies
[2012/06/06 19:53:33 | 000,014,960 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
[2012/06/06 19:53:33 | 000,010,807 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Current Session
[2012/06/06 19:53:33 | 000,009,743 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
[2012/02/06 23:46:34 | 000,007,168 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
[2012/06/06 19:53:33 | 000,047,104 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Favicons
[2012/06/06 19:53:33 | 000,016,384 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
[2012/04/28 14:55:16 | 000,150,798 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
[2012/06/06 19:53:33 | 000,122,880 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History
[2012/06/06 19:53:33 | 001,626,112 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-02
[2012/06/06 19:53:33 | 000,016,384 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-02-journal
[2012/04/28 14:58:49 | 000,331,776 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-03
[2012/06/06 19:52:21 | 000,110,592 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-04
[2012/06/06 19:52:21 | 000,016,384 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-04-journal
[2012/06/06 19:52:21 | 000,053,248 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-06
[2012/06/06 19:52:21 | 000,016,384 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History Index 2012-06-journal
[2012/06/06 19:53:33 | 000,003,039 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
[2012/06/06 19:53:33 | 000,016,384 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\History-journal
[2012/04/29 11:30:02 | 000,341,305 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Last Session
[2012/04/29 11:30:02 | 000,013,052 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
[2012/04/29 11:30:00 | 000,012,288 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Login Data
[2012/06/06 19:52:04 | 000,017,408 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
[2012/06/06 19:52:04 | 000,006,704 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal
[2012/06/06 19:53:33 | 000,047,014 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Preferences
[2012/06/06 19:52:40 | 000,013,312 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
[2012/06/06 19:52:40 | 000,003,608 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal
[2012/06/06 19:53:02 | 000,000,180 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\README
[2012/04/29 11:06:26 | 000,012,288 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Shortcuts
[2012/06/06 19:52:21 | 000,065,536 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Top Sites
[2012/06/06 19:52:21 | 000,016,384 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
[2011/09/09 20:24:01 | 000,131,072 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Visited Links
[2012/06/06 19:52:03 | 000,081,920 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Web Data
[2012/06/06 19:52:03 | 000,004,624 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
[2012/06/06 19:53:33 | 000,155,648 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
[2012/06/06 19:53:33 | 003,153,920 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
[2012/06/06 19:53:33 | 003,153,920 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
[2012/06/06 19:53:33 | 008,396,800 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
[2012/03/03 13:48:02 | 000,024,502 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000409
[2012/03/03 13:48:02 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00040a
[2012/03/03 13:48:09 | 001,781,747 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00040b
[2012/03/03 13:48:13 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00040c
[2012/03/03 13:48:40 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00040d
[2012/03/03 13:49:21 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00040e
[2012/03/03 13:50:11 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00040f
[2012/03/03 13:50:48 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000410
[2012/03/03 13:51:26 | 000,578,700 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000411
[2012/03/03 13:52:34 | 000,022,175 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000412
[2012/03/03 13:52:35 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000413
[2012/03/03 13:52:57 | 014,132,004 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000414
[2012/03/03 13:57:56 | 000,023,438 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000415
[2012/03/03 13:57:56 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000416
[2012/03/03 14:01:39 | 013,283,313 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000417
[2012/03/03 14:03:14 | 000,021,589 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000419
[2012/03/03 14:03:14 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00041a
[2012/03/03 14:03:17 | 001,781,747 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00041b
[2012/03/03 14:03:18 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00041c
[2012/03/03 14:03:45 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00041d
[2012/03/03 14:04:19 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00041e
[2012/03/03 14:04:51 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00041f
[2012/03/03 14:05:29 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000420
[2012/03/03 14:06:04 | 000,479,628 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000421
[2012/03/03 14:07:04 | 000,021,555 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000422
[2012/03/03 14:07:05 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000423
[2012/03/03 14:10:20 | 021,538,611 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000424
[2012/03/03 14:11:35 | 000,021,703 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000425
[2012/03/03 14:11:36 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000426
[2012/03/03 14:11:54 | 015,364,183 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000427
[2012/03/03 14:14:24 | 000,024,933 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000428
[2012/03/03 14:14:54 | 000,022,171 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000429
[2012/03/03 14:14:55 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00042a
[2012/03/03 14:17:58 | 010,928,723 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00042b
[2012/03/03 14:19:32 | 000,020,171 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00042c
[2012/03/03 14:19:33 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00042d
[2012/03/03 14:22:09 | 009,728,254 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00042e
[2012/03/03 14:23:29 | 000,020,069 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00042f
[2012/03/03 14:23:30 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000430
[2012/03/03 14:23:46 | 001,781,747 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000431
[2012/03/03 14:24:05 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000432
[2012/03/03 14:24:47 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000433
[2012/03/03 14:25:51 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000434
[2012/03/03 14:26:03 | 000,928,898 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000435
[2012/03/03 14:29:01 | 001,039,254 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000436
[2012/03/03 14:30:17 | 000,020,593 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000437
[2012/03/03 14:30:18 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000438
[2012/03/03 14:33:36 | 008,647,795 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000439
[2012/03/03 14:34:25 | 000,022,482 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00043a
[2012/03/03 14:35:22 | 000,019,524 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00043b
[2012/03/03 14:35:23 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00043c
[2012/03/03 14:38:00 | 005,171,717 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00043d
[2012/03/03 14:39:28 | 000,020,191 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00043e
[2012/03/03 14:39:29 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00043f
[2012/03/03 14:42:12 | 005,991,631 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000440
[2012/03/03 14:43:52 | 000,020,919 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000441
[2012/03/03 14:43:53 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000442
[2012/03/03 14:46:51 | 006,482,329 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000443
[2012/03/03 14:48:23 | 000,022,003 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000444
[2012/03/03 14:48:24 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000445
[2012/03/03 14:48:29 | 001,781,747 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000446
[2012/03/03 14:48:32 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000447
[2012/03/03 14:48:35 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000448
[2012/03/03 14:48:38 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000449
[2012/03/03 14:49:03 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00044a
[2012/03/03 14:49:18 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00044b
[2012/03/03 14:49:34 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00044c
[2012/03/03 14:50:08 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00044d
[2012/03/03 14:50:31 | 000,019,832 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00044e
[2012/03/03 14:50:32 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00044f
[2012/03/03 14:50:36 | 001,781,747 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000450
[2012/03/03 14:50:46 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000451
[2012/03/03 14:50:49 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000452
[2012/03/03 14:50:58 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000453
[2012/03/03 14:51:05 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000454
[2012/03/03 14:51:09 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000455
[2012/03/03 14:51:17 | 000,208,654 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000456
[2012/03/03 14:52:09 | 000,020,079 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000457
[2012/03/03 14:52:09 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000458
[2012/03/03 14:55:01 | 007,015,776 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000459
[2012/03/03 14:56:22 | 000,022,617 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00045b
[2012/03/03 14:56:22 | 000,021,379 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00045c
[2012/03/03 14:56:22 | 000,084,673 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00045d
[2012/03/03 14:56:26 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00045e
[2012/03/03 15:00:26 | 000,020,075 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00045f
[2012/03/03 15:00:27 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000460
[2012/03/03 15:00:28 | 000,016,860 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000461
[2012/03/03 15:00:30 | 001,034,100 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000462
[2012/03/03 15:00:44 | 000,020,216 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000463
[2012/03/03 15:00:44 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000464
[2012/03/03 15:00:50 | 001,781,747 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000465
[2012/03/03 15:00:52 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000466
[2012/03/03 15:01:02 | 000,652,334 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000467
[2012/03/03 15:02:04 | 000,022,996 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000468
[2012/03/03 15:02:05 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000469
[2012/03/03 15:02:17 | 001,781,747 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00046a
[2012/03/03 15:02:23 | 001,781,760 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00046b
[2012/03/03 15:42:19 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00046d
[2012/03/03 15:42:22 | 000,022,818 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00046e
[2012/03/03 15:42:22 | 000,016,390 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00046f
[2012/03/03 15:42:26 | 002,330,057 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000470
[2012/03/03 15:43:20 | 002,667,369 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000471
[2012/03/03 15:43:55 | 000,019,664 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000472
[2012/03/03 15:43:56 | 001,535,558 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000473
[2012/03/03 15:44:36 | 001,870,727 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000475
[2012/03/03 15:44:50 | 000,021,898 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000476
[2012/03/03 15:44:54 | 000,177,609 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000477
[2012/04/28 14:58:44 | 000,143,233 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000479
[2012/04/28 14:58:45 | 000,028,693 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00047a
[2012/04/28 15:03:25 | 000,020,716 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00047c
[2012/04/28 15:04:40 | 000,024,223 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00047d
[2012/04/29 11:01:27 | 000,031,368 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000480
[2012/04/29 11:15:45 | 000,033,229 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000482
[2012/04/29 11:22:29 | 000,037,413 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000483
[2012/04/29 11:28:35 | 000,037,562 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000484
[2012/04/29 11:28:41 | 000,017,511 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000485
[2012/06/06 19:52:08 | 000,028,181 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000486
[2012/06/06 19:52:11 | 000,023,155 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000487
[2012/06/06 19:52:12 | 000,144,541 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000488
[2012/06/06 19:52:14 | 000,022,241 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000489
[2012/06/06 19:52:14 | 000,030,286 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00048a
[2012/06/06 19:52:15 | 000,050,444 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00048b
[2012/06/06 19:52:15 | 000,059,407 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00048c
[2012/06/06 19:52:15 | 000,086,324 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00048d
[2012/06/06 19:52:15 | 000,045,080 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00048e
[2012/06/06 19:52:15 | 000,039,077 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00048f
[2012/06/06 19:52:15 | 000,028,024 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000490
[2012/06/06 19:52:15 | 000,027,073 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000491
[2012/06/06 19:52:15 | 000,222,912 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000492
[2012/06/06 19:52:16 | 000,054,994 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000493
[2012/06/06 19:52:18 | 000,047,623 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000494
[2011/06/23 19:18:33 | 000,262,512 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Cache\index
[2012/04/28 15:04:40 | 000,007,168 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db
[2012/06/06 19:52:17 | 000,009,216 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dcmagccbogebndpoodhhhafmofelpffh_0\1
[2012/06/06 19:53:11 | 000,129,024 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dcmagccbogebndpoodhhhafmofelpffh_0\2
[2012/03/03 04:24:48 | 000,006,144 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_dcmagccbogebndpoodhhhafmofelpffh_0\3
[2011/07/17 21:02:15 | 000,000,244 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Default\ehhaablgillbcmknndffkpcfafecplmb\manifest.json
[2012/04/28 15:04:38 | 000,002,197 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\background.html
[2012/04/28 15:04:38 | 000,013,028 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\background.js
[2012/04/28 15:04:38 | 000,006,274 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\extension.js
[2012/04/28 15:04:39 | 000,001,307 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\manifest.json
[2012/04/28 15:04:38 | 000,000,000 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\popup.html
[2012/04/28 15:04:39 | 000,016,538 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\icons\icon128.png
[2012/04/28 15:04:39 | 000,000,782 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\icons\icon16.png
[2012/04/28 15:04:39 | 000,003,552 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\icons\icon48.png
[2012/04/28 15:04:38 | 000,001,859 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\icons\actions\icon1.png
[2012/04/28 15:04:38 | 000,005,069 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\icons\notifications\icon1.png
[2012/04/28 15:04:38 | 000,004,063 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\icons\notifications\icon48.png
[2012/04/28 15:04:38 | 000,031,160 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\background.js
[2012/04/28 15:04:38 | 000,002,921 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\api\chrome.js
[2012/04/28 15:04:38 | 000,003,921 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\api\cookie.js
[2012/04/28 15:04:38 | 000,001,047 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\api\message.js
[2012/04/28 15:04:38 | 000,001,073 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\api\push.js
[2012/04/28 15:04:38 | 000,004,196 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\lib\app_api.js
[2012/04/28 15:04:38 | 000,002,558 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\lib\async_api.js
[2012/04/28 15:04:38 | 000,001,812 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\lib\bg_app_api.js
[2012/04/28 15:04:38 | 000,003,718 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\lib\cookie_store.js
[2012/04/28 15:04:38 | 000,005,585 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\lib\data_store.js
[2012/04/28 15:04:38 | 000,023,402 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\lib\faye-browser-min.js
[2012/04/28 15:04:38 | 000,001,864 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcmagccbogebndpoodhhhafmofelpffh\1.17.82_0\js\lib\util.js
[2012/02/06 23:46:36 | 000,001,766 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\background.html
[2012/02/06 23:46:45 | 000,000,984 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\manifest.json
[2012/02/06 23:46:36 | 000,006,273 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\avgls-inline.js
[2012/02/06 23:46:36 | 000,013,424 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\flyover.js
[2012/02/06 23:46:36 | 000,001,302 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\interstitial-block.html
[2012/02/06 23:46:36 | 000,078,768 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\jquery-1.4.4.min.js
[2012/02/06 23:46:36 | 000,094,224 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\searchengine.js
[2012/02/06 23:46:36 | 000,013,513 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\searchshield.js
[2012/02/06 23:46:45 | 000,016,328 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\128x128.png
[2012/02/06 23:46:45 | 000,000,790 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\16x16.png
[2012/02/06 23:46:45 | 000,004,310 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\48x48.png
[2012/02/06 23:46:36 | 000,006,455 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\64x64.png
[2012/02/06 23:46:36 | 000,000,303 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_middle_gray.gif
[2012/02/06 23:46:36 | 000,000,610 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_middle_green.gif
[2012/02/06 23:46:36 | 000,000,773 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_middle_orange.gif
[2012/02/06 23:46:36 | 000,001,332 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_middle_red.gif
[2012/02/06 23:46:36 | 000,000,974 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_middle_yellow.gif
[2012/02/06 23:46:36 | 000,000,303 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_top_gray.gif
[2012/02/06 23:46:36 | 000,000,159 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_top_green.gif
[2012/02/06 23:46:36 | 000,000,204 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_top_orange.gif
[2012/02/06 23:46:36 | 000,000,959 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_top_red.gif
[2012/02/06 23:46:36 | 000,000,217 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\background_top_yellow.gif
[2012/02/06 23:46:36 | 000,001,932 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\block-doc.gif
[2012/02/06 23:46:36 | 000,000,394 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\blocked.gif
[2012/02/06 23:46:36 | 000,001,060 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\blocked12.png
[2012/02/06 23:46:36 | 000,000,333 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_bottom_gray.gif
[2012/02/06 23:46:36 | 000,000,454 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_bottom_green.gif
[2012/02/06 23:46:36 | 000,000,617 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_bottom_orange.gif
[2012/02/06 23:46:36 | 000,000,099 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_bottom_red.gif
[2012/02/06 23:46:36 | 000,000,626 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_bottom_yellow.gif
[2012/02/06 23:46:36 | 000,000,471 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_top_gray.gif
[2012/02/06 23:46:36 | 000,000,820 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_top_green.gif
[2012/02/06 23:46:36 | 000,000,446 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_top_orange.gif
[2012/02/06 23:46:36 | 000,000,484 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_top_red.gif
[2012/02/06 23:46:36 | 000,000,336 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\border_top_yellow.gif
[2012/02/06 23:46:36 | 000,000,339 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\box_bottom_red.gif
[2012/02/06 23:46:36 | 000,000,520 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\box_top_red.gif
[2012/02/06 23:46:36 | 000,000,364 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\caution.gif
[2012/02/06 23:46:36 | 000,000,523 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\caution12.png
[2012/02/06 23:46:36 | 000,000,586 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\click_here_gray.gif
[2012/02/06 23:46:36 | 000,001,418 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\click_here_green.gif
[2012/02/06 23:46:36 | 000,001,268 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\click_here_orange.gif
[2012/02/06 23:46:36 | 000,001,333 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\click_here_red.gif
[2012/02/06 23:46:36 | 000,001,368 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\click_here_yellow.gif
[2012/02/06 23:46:36 | 000,002,455 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\clock.gif
[2012/02/06 23:46:36 | 000,000,429 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\clock12.png
[2012/02/06 23:46:37 | 000,002,229 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\icons_blocked.gif
[2012/02/06 23:46:37 | 000,002,364 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\icons_caution.gif
[2012/02/06 23:46:37 | 000,000,613 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\icons_close.gif
[2012/02/06 23:46:37 | 000,002,314 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\icons_safe.gif
[2012/02/06 23:46:37 | 000,001,662 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\icons_unknown.gif
[2012/02/06 23:46:37 | 000,002,344 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\icons_warning.gif
[2012/02/06 23:46:37 | 000,001,683 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\LS_Logo_Results.gif
[2012/02/06 23:46:37 | 000,000,362 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\safe.gif
[2012/02/06 23:46:37 | 000,000,564 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\safe12.png
[2012/02/06 23:46:37 | 000,000,389 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\unknown.gif
[2012/02/06 23:46:37 | 000,004,322 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\vrsn-secured-lsfo.gif
[2012/02/06 23:46:37 | 000,000,374 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\warning.gif
[2012/02/06 23:46:37 | 000,000,555 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\content\Icons\warning12.png
[2012/02/06 23:46:36 | 001,752,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins\avgnpss.dll
[2012/02/06 23:46:36 | 001,859,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins\avgxpl.dll
[2012/02/06 23:46:36 | 000,004,580 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\background.html
[2012/02/06 23:46:36 | 000,006,629 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\change_sink.js
[2012/02/06 23:46:36 | 000,012,288 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\contentscript.js
[2012/02/06 23:46:36 | 000,013,660 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\document_iterator.js
[2012/02/06 23:46:36 | 000,005,122 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\dropdown_menu_icon_set.png
[2012/02/06 23:46:36 | 000,010,968 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\find_proxy.js
[2012/02/06 23:46:36 | 000,033,313 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\flags.gif
[2012/02/06 23:46:36 | 000,004,223 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\get_html_text.js
[2012/02/06 23:46:36 | 000,002,865 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\global_constants.js
[2012/02/06 23:46:45 | 000,000,834 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\manifest.json
[2012/02/06 23:46:36 | 000,001,984 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\name_injection_builder.js
[2012/02/06 23:46:36 | 003,975,840 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
[2012/02/06 23:46:36 | 000,001,024 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\numbers_common_active_icon_set.gif
[2012/02/06 23:46:36 | 000,000,977 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\numbers_common_inactive_icon_set.gif
[2012/02/06 23:46:36 | 000,001,134 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\numbers_free_icon_set.gif
[2012/02/06 23:46:36 | 000,010,099 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\number_injection_builder.js
[2012/02/06 23:46:36 | 000,000,831 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\skype.png
[2012/02/06 23:46:36 | 000,001,876 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\skype_name_icon_set.gif
[2012/02/06 23:46:37 | 000,000,134 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\space.gif
[2012/02/06 23:46:37 | 000,009,935 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\string_finder.js
[2012/06/06 19:52:04 | 000,004,580 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\background.html
[2012/06/06 19:52:04 | 000,006,682 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\change_sink.js
[2012/06/06 19:52:04 | 000,012,288 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\contentscript.js
[2012/06/06 19:52:04 | 000,013,752 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\document_iterator.js
[2012/06/06 19:52:04 | 000,005,122 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\dropdown_menu_icon_set.png
[2012/06/06 19:52:04 | 000,011,057 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\find_proxy.js
[2012/06/06 19:52:04 | 000,033,313 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\flags.gif
[2012/06/06 19:52:04 | 000,004,251 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\get_html_text.js
[2012/06/06 19:52:04 | 000,002,880 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\global_constants.js
[2012/06/06 19:52:05 | 000,000,834 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\manifest.json
[2012/06/06 19:52:05 | 000,002,002 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\name_injection_builder.js
[2012/06/06 19:52:05 | 004,002,976 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
[2012/06/06 19:52:05 | 000,001,024 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\numbers_common_active_icon_set.gif
[2012/06/06 19:52:05 | 000,000,977 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\numbers_common_inactive_icon_set.gif
[2012/06/06 19:52:05 | 000,001,134 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\numbers_free_icon_set.gif
[2012/06/06 19:52:05 | 000,010,147 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\number_injection_builder.js
[2012/06/06 19:52:05 | 000,000,831 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\skype.png
[2012/06/06 19:52:05 | 000,001,876 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\skype_name_icon_set.gif
[2012/06/06 19:52:05 | 000,000,134 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\space.gif
[2012/06/06 19:52:05 | 000,010,000 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\string_finder.js
[2012/06/06 19:53:12 | 000,003,072 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dcmagccbogebndpoodhhhafmofelpffh_0.localstorage
[2012/02/06 23:46:34 | 000,005,120 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lifbcibllhkdhoafpjfnlhfpfgnpldfl_0.localstorage
[2011/09/09 20:22:05 | 000,005,120 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.facebook.com_0.localstorage
[2011/09/09 20:21:10 | 000,005,120 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps4u2.conduitapps.com_0.localstorage
[2012/02/06 23:47:46 | 000,003,072 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d3lvr7yuk4uaui.cloudfront.net_0.localstorage
[2011/09/09 20:21:10 | 000,005,120 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_dl.gameplaylabs.com_0.localstorage
[2012/02/06 23:46:58 | 000,009,216 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.facebook.com_0.localstorage
[2012/02/06 23:47:43 | 000,009,216 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.google.com_0.localstorage
[2012/03/03 15:42:27 | 000,003,072 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.youtube.com_0.localstorage
[2012/03/03 15:44:54 | 000,045,056 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_0
[2012/03/03 15:44:54 | 000,270,336 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_1
[2012/03/03 14:56:23 | 000,008,192 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_2
[2012/03/03 14:56:23 | 000,008,192 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_3
[2012/03/03 14:56:27 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000001
[2012/03/03 14:56:28 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000002
[2012/03/03 14:56:39 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000003
[2012/03/03 14:56:57 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000004
[2012/03/03 14:57:12 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000005
[2012/03/03 14:57:30 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000006
[2012/03/03 14:57:41 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000007
[2012/03/03 14:57:45 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000008
[2012/03/03 14:58:02 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000009
[2012/03/03 14:58:18 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000a
[2012/03/03 14:58:30 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000b
[2012/03/03 14:58:46 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000c
[2012/03/03 14:58:56 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000d
[2012/03/03 14:59:08 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000e
[2012/03/03 14:59:17 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_00000f
[2012/03/03 14:59:26 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000010
[2012/03/03 14:59:26 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000011
[2012/03/03 14:59:42 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000012
[2012/03/03 14:59:59 | 001,048,576 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000013
[2012/03/03 14:59:59 | 000,049,564 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\f_000014
[2012/03/03 14:56:23 | 000,262,512 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\Media Cache\index
[2011/06/23 19:18:30 | 000,000,000 | -H-- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css
[2012/04/28 15:01:22 | 000,100,864 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.1\libEGL.dll
[2012/04/28 15:01:22 | 004,052,480 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.1\libGLESv2.dll
[2012/04/28 15:01:22 | 000,000,202 | ---- | M] () -- C:\Users\Age\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.1\manifest.json

descriptionTrojan horse BackDoor.Generic12.BIXF and all the fixins EmptyActual OTL Log Pt 3

more_horiz
< %USERPROFILE%\AppData\Local\ /s >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %PROGRAMFILES%\*. >
[2010/08/30 21:25:52 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/07/04 16:31:14 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2011/07/04 16:31:21 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2011/07/04 16:31:21 | 000,000,000 | ---D | M] -- C:\Program Files\Apoint
[2011/07/04 16:31:21 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2008/07/08 04:36:10 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2011/12/12 21:24:12 | 000,000,000 | ---D | M] -- C:\Program Files\Auslogics
[2010/12/04 19:14:38 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2011/07/04 16:39:00 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/05/30 22:06:20 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2008/07/08 04:38:27 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2012/06/17 15:20:40 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/06/18 13:51:50 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2008/07/08 04:16:33 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2011/07/04 16:31:35 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2008/06/18 13:48:07 | 000,000,000 | ---D | M] -- C:\Program Files\Dolby
[2011/08/02 21:21:01 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Flick
[2011/04/06 00:28:44 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2011/07/04 16:31:35 | 000,000,000 | ---D | M] -- C:\Program Files\Firestarter Game
[2009/04/19 21:12:59 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2011/07/04 16:31:37 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/06/09 15:41:09 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2012/01/30 21:58:36 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2011/07/04 16:31:43 | 000,000,000 | ---D | M] -- C:\Program Files\HP_Vista_SF_Ph1
[2012/02/26 21:10:19 | 000,000,000 | ---D | M] -- C:\Program Files\ICCup
[2011/08/04 00:28:33 | 000,000,000 | ---D | M] -- C:\Program Files\ImgBurn
[2011/08/03 23:38:58 | 000,000,000 | ---D | M] -- C:\Program Files\InfraRecorder
[2012/01/30 22:01:52 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/07/08 04:38:23 | 000,000,000 | ---D | M] -- C:\Program Files\intel
[2012/07/12 03:25:52 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/07/08 04:37:56 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2008/07/08 04:06:46 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2011/07/04 16:31:45 | 000,000,000 | ---D | M] -- C:\Program Files\iPhone Configuration Utility
[2011/03/17 19:36:27 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/07/04 16:31:45 | 000,000,000 | ---D | M] -- C:\Program Files\IPv6Patch
[2011/07/04 16:31:45 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/09/11 19:14:05 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/07/04 16:31:46 | 000,000,000 | ---D | M] -- C:\Program Files\Last.fm
[2012/06/20 20:33:44 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2011/07/04 16:31:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/09/04 04:00:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/12/10 16:01:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/07/04 16:31:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Suite Activation Assistant
[2012/05/12 10:42:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/11/17 16:55:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/02/24 21:58:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/02/24 21:52:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2011/07/04 16:31:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/25 04:01:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/13 19:52:18 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2012/07/22 11:25:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2012/07/24 22:21:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service
[2009/02/24 21:59:11 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/03/10 17:24:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2011/02/10 23:10:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/07/08 04:17:59 | 000,000,000 | ---D | M] -- C:\Program Files\OCA Marker
[2008/07/08 04:01:05 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2012/07/04 17:20:50 | 000,000,000 | ---D | M] -- C:\Program Files\PeerBlock
[2011/01/08 16:17:24 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2008/06/18 13:45:56 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2012/02/05 18:35:41 | 000,000,000 | ---D | M] -- C:\Program Files\RewardsArcade
[2009/09/01 18:00:47 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
[2012/02/29 22:58:26 | 000,000,000 | ---D | M] -- C:\Program Files\SCtheabyss
[2012/05/16 19:31:21 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2008/07/08 04:39:34 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2008/07/08 03:59:51 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Corporation
[2012/02/26 21:40:00 | 000,000,000 | ---D | M] -- C:\Program Files\Starcraft
[2009/04/24 16:11:14 | 000,000,000 | ---D | M] -- C:\Program Files\Tencent
[2011/12/17 14:49:32 | 000,000,000 | ---D | M] -- C:\Program Files\The KMPlayer
[2006/11/02 09:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/04/27 02:14:40 | 000,000,000 | ---D | M] -- C:\Program Files\Veoh Networks
[2012/04/28 15:44:48 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon
[2012/04/28 15:42:23 | 000,000,000 | ---D | M] -- C:\Program Files\VERIZONDM
[2012/02/05 18:35:22 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze
[2008/06/18 13:49:17 | 000,000,000 | ---D | M] -- C:\Program Files\WIDCOMM
[2010/04/14 18:24:41 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2010/04/14 18:24:36 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2010/04/14 18:24:27 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2012/05/12 12:06:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011/03/31 00:32:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2012/04/13 03:04:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2011/02/23 20:54:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/04/14 18:24:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2010/04/18 18:01:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2010/04/14 18:24:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/06/17 21:21:01 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2011/09/25 15:57:34 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2009/07/15 15:31:01 | 000,000,494 | -H-- | M] () -- C:\Users\Age\AppData\Roaming\wklnhst.dat

< MD5 for: AFD.SYS >
[2011/04/21 09:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys
[2011/04/21 09:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011/04/21 09:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2011/04/21 09:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2008/01/20 22:24:17 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2009/04/11 00:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2011/04/21 09:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2008/01/20 22:24:35 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
[2012/04/23 12:00:53 | 000,133,120 | ---- | M] (Microsoft Corporation) MD5=75C6A297E364014840B48ECCD7525E30 -- C:\Windows\System32\cryptsvc.dll
[2012/04/23 12:00:53 | 000,133,120 | ---- | M] (Microsoft Corporation) MD5=75C6A297E364014840B48ECCD7525E30 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18618_none_77e34ec697f67015\cryptsvc.dll
[2012/04/23 10:48:06 | 000,135,168 | ---- | M] (Microsoft Corporation) MD5=C979AEA8C4D8F875CD25507D08980006 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.22840_none_78447b63b1339621\cryptsvc.dll
[2009/04/11 02:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\ERDNT\cache\cryptsvc.dll
[2009/04/11 02:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2011/03/02 10:25:54 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=1FF4F12AF03AA5DAFE05F6937E497193 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.22866_none_e23149269ba22ef6\dnsrslvr.dll
[2009/04/11 02:28:18 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=30A08728740E71947AE1E073B5CE69B4 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6002.18005_none_e3cdf5e97f7b2eb7\dnsrslvr.dll
[2011/03/02 10:49:43 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=4805D9A6D281C7A7DEFD9094DEC6AF7D -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18611_none_e1d8b89f8260879d\dnsrslvr.dll
[2011/03/02 11:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=57D762F6F5974AF0DA2BE88A3349BAAA -- C:\Windows\System32\dnsrslvr.dll
[2011/03/02 11:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=57D762F6F5974AF0DA2BE88A3349BAAA -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6002.18416_none_e3c42ddf7f82589b\dnsrslvr.dll
[2011/03/02 14:19:46 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=9BC2EB15BB0E08579536AC47D7C6F92A -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6002.22600_none_e4529ac0989d4191\dnsrslvr.dll
[2008/01/20 22:24:26 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=F5A0F1DA1ED8B429597E71D27D976E31 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b\dnsrslvr.dll

< MD5 for: ES.DLL >
[2008/04/19 04:27:37 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=131B7E46A7ACD49CB56BB03917A76DE3 -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.20818_none_0b8e318c6db592d2\es.dll
[2008/04/18 01:48:39 | 000,269,312 | ---- | M] (Microsoft Corporation) MD5=3CB3343D720168B575133A0A20DC2465 -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18057_none_0cbe918751dfdd3f\es.dll
[2009/04/11 02:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=67058C46504BC12D821F38CF99B7B28F -- C:\Windows\ERDNT\cache\es.dll
[2009/04/11 02:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=67058C46504BC12D821F38CF99B7B28F -- C:\Windows\System32\es.dll
[2009/04/11 02:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=67058C46504BC12D821F38CF99B7B28F -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6002.18005_none_0ed918294edf6b75\es.dll
[2008/04/18 01:30:29 | 000,269,312 | ---- | M] (Microsoft Corporation) MD5=776D75AF432C598068CC933C7421171B -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.22162_none_0d385cf46b0a1a47\es.dll
[2012/08/14 00:29:58 | 000,008,728 | ---- | M] () MD5=7AD37261A349BE597C2E4C58B093B63D -- C:\Users\Age\AppData\Local\Google\Chrome\Application\21.0.1180.79\Locales\es.dll
[2008/04/19 04:13:07 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=7B4971C3D43525175A4EA0D143E0412E -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.16677_none_0ac2b30954c98430\es.dll
[2012/08/07 02:42:39 | 000,008,728 | ---- | M] () MD5=DA1DB7B22439EEFAF1AF12F32164772C -- C:\Users\Age\AppData\Local\Google\Chrome\Application\21.0.1180.75\Locales\es.dll
[2008/01/20 22:24:11 | 000,262,144 | ---- | M] (Microsoft Corporation) MD5=F4BF4FA769DB51B106D2B4B35256988B -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18000_none_0ced9f1d51bda029\es.dll

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 22:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2008/01/20 22:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) MD5=E1499BD0FF76B1B2FBBF1AF339D91165 -- C:\Windows\System32\ipnathlp.dll
[2008/01/20 22:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) MD5=E1499BD0FF76B1B2FBBF1AF339D91165 -- C:\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.0.6001.18000_none_04cd5ea6494c4867\ipnathlp.dll

< MD5 for: NETBT.SYS >
[2008/01/20 22:24:59 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
[2009/04/11 00:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\System32\drivers\netbt.sys
[2009/04/11 00:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys

< MD5 for: NETMAN.DLL >
[2008/01/20 22:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) MD5=C8052711DAECC48B982434C5116CA401 -- C:\Windows\ERDNT\cache\netman.dll
[2008/01/20 22:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) MD5=C8052711DAECC48B982434C5116CA401 -- C:\Windows\System32\netman.dll
[2008/01/20 22:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) MD5=C8052711DAECC48B982434C5116CA401 -- C:\Windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.0.6001.18000_none_0fbd1b9651cfd333\netman.dll

< MD5 for: QMGR.DLL >
[2008/01/20 22:25:00 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2009/04/11 02:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\ERDNT\cache\qmgr.dll
[2009/04/11 02:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\System32\qmgr.dll
[2009/04/11 02:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll

< MD5 for: RPCSS.DLL >
[2009/03/03 00:39:32 | 000,551,424 | ---- | M] (Microsoft Corporation) MD5=301AE00E12408650BADDC04DBC832830 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll
[2008/01/20 22:24:06 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=33FB1F0193EE2051067441492D56113C -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll
[2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=3B5B4D53FEC14F7476CA29A20CC31AC9 -- C:\Windows\ERDNT\cache\rpcss.dll
[2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=3B5B4D53FEC14F7476CA29A20CC31AC9 -- C:\Windows\System32\rpcss.dll
[2009/04/11 02:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=3B5B4D53FEC14F7476CA29A20CC31AC9 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll
[2009/03/03 00:32:23 | 000,551,424 | ---- | M] (Microsoft Corporation) MD5=4DFCBDEF3CCAA98F99038DED78945253 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll
[2009/03/03 00:19:41 | 000,549,888 | ---- | M] (Microsoft Corporation) MD5=7B981222A257D076885BFFB66F19B7CE -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll
[2009/03/03 00:17:45 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=B1BB45E24717A7F790B4411C4446EF5E -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll

< MD5 for: SERVICES.EXE >
[2008/01/20 22:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=8737764F4FD36D6808EE80578409C843 -- C:\Windows\System32\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\ERDNT\cache\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 22:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2008/04/26 04:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009/04/11 02:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2011/09/20 17:02:55 | 000,913,280 | ---- | M] (Microsoft Corporation) MD5=16731B631F28F63CD9F4CB60940E7DDD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_b58c64c97caa1c43\tcpip.sys
[2009/08/15 17:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009/08/14 13:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2011/06/17 16:13:55 | 000,905,104 | ---- | M] (Microsoft Corporation) MD5=2756186E287139310997090797E0182B -- C:\Windows\ERDNT\cache\tcpip.sys
[2011/06/17 16:13:55 | 000,905,104 | ---- | M] (Microsoft Corporation) MD5=2756186E287139310997090797E0182B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18484_none_b4b2134c63c9c70f\tcpip.sys
[2012/03/30 08:39:11 | 000,905,600 | ---- | M] (Microsoft Corporation) MD5=27D470DABC77BC60D0A3B0E4DEB6CB91 -- C:\Windows\System32\drivers\tcpip.sys
[2012/03/30 08:39:11 | 000,905,600 | ---- | M] (Microsoft Corporation) MD5=27D470DABC77BC60D0A3B0E4DEB6CB91 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18604_none_b50896786388e1d5\tcpip.sys
[2010/02/18 07:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010/02/18 10:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009/08/14 10:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2010/02/18 10:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010/02/18 08:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2010/06/16 11:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2009/08/14 12:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2011/06/17 16:13:55 | 000,913,296 | ---- | M] (Microsoft Corporation) MD5=6647FCE6FC4970DAAFE5C64C794513D3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22662_none_b54f51417cd8f970\tcpip.sys
[2010/06/16 12:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010/06/16 11:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2011/09/20 17:02:55 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=814A1C66FBD4E1B310A517221F1456BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_b502c618638c7f52\tcpip.sys
[2008/04/26 04:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009/08/14 13:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010/02/18 13:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010/06/16 12:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2010/02/18 10:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2012/03/30 08:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22828_none_b58096797cb31c04\tcpip.sys
[2008/01/20 22:25:03 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009/08/14 12:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: TDX.SYS >
[2009/04/11 00:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\System32\drivers\tdx.sys
[2009/04/11 00:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys
[2008/01/20 22:24:53 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=D09276B1FAB033CE1D40DCBDF303D10F -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys

< MD5 for: USERINIT.EXE >
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 22:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2006/11/02 05:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/11 02:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008/01/20 22:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/20 22:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/01/20 22:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008/01/20 22:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/20 22:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WMISVC.DLL >
[2008/01/20 22:24:59 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=00B79A7C984678F24CF052E5BEB3A2F5 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.0.6001.18000_none_a0b2bbcff6f11e8e\WMIsvc.dll
[2009/04/11 02:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) MD5=6B2A1D0E80110E3D04E6863C6E62FD8A -- C:\Windows\System32\wbem\WMIsvc.dll
[2009/04/11 02:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) MD5=6B2A1D0E80110E3D04E6863C6E62FD8A -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.0.6002.18005_none_a29e34dbf412e9da\WMIsvc.dll

< MD5 for: WSCSVC.DLL >
[2009/04/11 02:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=1CA6C40261DDC0425987980D0CD2AAAB -- C:\Windows\System32\wscsvc.dll
[2009/04/11 02:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=1CA6C40261DDC0425987980D0CD2AAAB -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.0.6002.18005_none_1c2bd6beaf3aa18d\wscsvc.dll
[2008/01/20 22:23:39 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=683DD16B590372F2C9661D277F35E49C -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.0.6001.18000_none_1a405db2b218d641\wscsvc.dll

========== Files - Unicode (All) ==========
[2012/05/30 21:17:01 | 004,708,624 | ---- | M] ()(C:\Users\Age\Documents\"????????".mp3) -- C:\Users\Age\Documents\"待ち合わせの途中".mp3
[2012/05/30 21:16:23 | 004,708,624 | ---- | C] ()(C:\Users\Age\Documents\"????????".mp3) -- C:\Users\Age\Documents\"待ち合わせの途中".mp3

< End of report >

descriptionTrojan horse BackDoor.Generic12.BIXF and all the fixins EmptyExtras Log Pt 1

more_horiz
OTL Extras logfile created on: 8/16/2012 8:49:13 PM - Run 5
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Age\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 56.57% Memory free
5.94 Gb Paging File | 4.57 Gb Available in Paging File | 76.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.68 Gb Total Space | 16.97 Gb Free Space | 7.55% Space Free | Partition Type: NTFS

Computer Name: MELVIN | User Name: Age | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200
"{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}" = Vz In Home Agent
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CA49C4E-7B1C-460c-9DB8-4A7160CDF8D1}" = ProductContext
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0F052922-4BCE-4763-A540-00857554336D}" = Redist
"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
"{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}" = Canon MF Toolbox 4.9.1.1.mf04
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
"{1DEF8B27-D75B-4f2a-B723-C506047D1438}" = K8600
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{24176A21-AFC8-3DCC-A2BB-901734AA64B9}" = Google Talk Plugin
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{27A2ABE9-E4C4-45DD-B9A8-CEEEE380E7E1}" = VAIO Content Metadata Intelligent Analyzing Manager
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3A98125E-B0AC-47E4-80D7-75DF75B13AA1}" = BPDSoftware_Ini
"{3BDDF462-8A95-4C50-86DA-4D41F3483EA5}" = Canon MF Toolbox 4.9.1.1.mf04
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}" = Adobe InDesign CS
"{44B44E0E-B7F8-45D2-9B1F-B073D337A097}" = BPD_HPSU
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B8AB184-EE5E-4277-BB68-C352BE13DD7B}" = 8600_Help
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69B078F7-E057-4488-AE6B-CB7BBEEE8DA6}" = HP Officejet Pro K8600 Series
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{757CC5BA-BF08-46A5-8D10-64C6FDF659C6}" = VAIO Content Metadata Manager Setting
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A367C28-423C-48E2-8C76-EBA1171F932A}" = Adobe Photoshop Album 2.0
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D10D317-F8E0-4493-99AE-F6ADBB223553}" = BPDSoftware
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C71059E-6DDD-4958-9251-7A5F865B6BA0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4399CF4-7A3F-4E84-B763-AD352640203D}" = VAIO Content Metadata XML Interface Library
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAB0F8F5-282A-45F1-B31A-EB894827456B}" = MPM
"{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO Wireless Wizard
"{BE2DDF55-4C42-44CC-A56E-C8E4A65CB2FF}" = IHA_MessageCenter
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C8FC7066-4457-4365-9BDF-4E439BF703C8}" = AVG 2011
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CC56A2CB-EC09-4175-B8BD-93E2440D410B}" = VAIO Content Metadata Manager Setting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFB61C36-61C9-46E9-8AA3-6E5A896AC989}" = 8600_Readme
"{D06F5884-B439-440B-A58D-6C057C2FF8EB}" = Click to Disc
"{D0AE373E-C276-432B-9A95-F8DD356A8242}" = VAIO Movie Story
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D90507A2-6183-497D-9075-951DC80362DA}" = VAIO Media plus
"{DB3A97C0-EEC1-43FE-AB56-E2EA972CF111}" = 1600
"{DD929BD3-5D41-4407-BE04-119B4A631869}" = Canon MF Toolbox 4.9.1.1.mf04
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEBA60A3-7CDE-48D7-993D-7C68663AEE68}" = VAIO Content Metadata Intelligent Analyzing Manager
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1D25278-B51A-4163-BC3D-20A4D2D09F98}" = VAIO My Memory Center
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E533E637-FB3E-4F28-8B18-449CC9AB7235}" = AVG 2011
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA79DC46-98B0-4A26-A76F-448A032E5E4D}" = 1600Trb
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skypeâ„¢ 5.9
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F485E43D-18B1-4B40-AF4B-EDA78E91DA80}" = Dolby Control Center
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F5DAFD10-6E61-49BF-B3C5-5AA9AF3A0863}" = Verizon Download Manager
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FACD3674-FC12-4B6C-A923-E1D687704E9B}" = VAIO Content Metadata XML Interface Library
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEA5A8ED-93A1-44EE-9A7D-43103DB3F78D}" = 1600_Help
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AIM_7" = AIM 7
"AVG" = AVG 2011
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"DVD Flick_is1" = DVD Flick 1.3.0.7
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 8.0
"ICCup Launcher_is1" = ICCup Launcher
"ImgBurn" = ImgBurn
"InfraRecorder" = InfraRecorder
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00
"LastFM_is1" = Last.fm 1.5.4.27091
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProInst" = Intel PROSet Wireless
"QcDrv" = Logitech® Camera Driver
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Starcraft" = Starcraft
"The KMPlayer" = The KMPlayer (remove only)
"Veoh Web Player Beta" = Veoh Web Player
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome
"RewardsArcade" = RewardsArcade

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/16/2012 7:13:12 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00067410, process id 0x56c, application start time
0x01cd7c04b4f04658.

Error - 8/16/2012 7:13:17 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00067410, process id 0x14a4, application start time
0x01cd7c04b7c0c3a8.

Error - 8/16/2012 7:21:44 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00067467, process id 0x1758, application start time
0x01cd7c05e6750b18.

Error - 8/16/2012 7:21:47 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00067410, process id 0x10a0, application start time
0x01cd7c05e82b0818.

Error - 8/16/2012 7:35:45 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00067410, process id 0x16c8, application start time
0x01cd7c07db4d4a78.

Error - 8/16/2012 7:35:48 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00067410, process id 0x16f0, application start time
0x01cd7c07dd1fd7f8.

Error - 8/16/2012 7:37:33 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x0006742d, process id 0x1028, application start time
0x01cd7c081bf3ace8.

Error - 8/16/2012 7:37:36 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00067410, process id 0x1578, application start time
0x01cd7c081de23e48.

Error - 8/16/2012 8:14:07 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00067410, process id 0x1fc8, application start time
0x01cd7c0d37691260.

Error - 8/16/2012 8:14:10 PM | Computer Name = Melvin | Source = Application Error | ID = 1000
Description = Faulting application LVCOMSX.EXE, version 8.4.7.1032, time stamp 0x42974846,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00067410, process id 0x19c0, application start time
0x01cd7c0d39515a60.

[ OSession Events ]
Error - 5/25/2010 1:49:20 AM | Computer Name = Melvin | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 305784
seconds with 420 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/12/2012 5:23:40 PM | Computer Name = Melvin | Source = PlugPlayManager | ID = 12
Description = The device 'Optiarc DVD RW AD-7560A USB Device' (USBSTOR\CdRom&Ven_Optiarc&Prod_DVD_RW_AD-7560A&Rev_DS04\F76000019BEF&0)
disappeared from the system without first being prepared for removal.

Error - 8/12/2012 6:37:07 PM | Computer Name = Melvin | Source = PlugPlayManager | ID = 12
Description = The device 'USB Mass Storage Device' (USB\VID_054C&PID_0377\F76000019BEF)
disappeared from the system without first being prepared for removal.

Error - 8/12/2012 6:37:07 PM | Computer Name = Melvin | Source = PlugPlayManager | ID = 12
Description = The device 'Optiarc DVD RW AD-7560A USB Device' (USBSTOR\CdRom&Ven_Optiarc&Prod_DVD_RW_AD-7560A&Rev_DS04\F76000019BEF&0)
disappeared from the system without first being prepared for removal.

Error - 8/12/2012 8:43:26 PM | Computer Name = Melvin | Source = PlugPlayManager | ID = 12
Description = The device 'USB Mass Storage Device' (USB\VID_054C&PID_0377\F76000019BEF)
disappeared from the system without first being prepared for removal.

Error - 8/12/2012 8:43:26 PM | Computer Name = Melvin | Source = PlugPlayManager | ID = 12
Description = The device 'Optiarc DVD RW AD-7560A USB Device' (USBSTOR\CdRom&Ven_Optiarc&Prod_DVD_RW_AD-7560A&Rev_DS04\F76000019BEF&0)
disappeared from the system without first being prepared for removal.

Error - 8/16/2012 6:27:41 PM | Computer Name = Melvin | Source = Service Control Manager | ID = 7024
Description =

Error - 8/16/2012 6:27:41 PM | Computer Name = Melvin | Source = Service Control Manager | ID = 7000
Description =

Error - 8/16/2012 6:27:41 PM | Computer Name = Melvin | Source = Service Control Manager | ID = 7000
Description =

Error - 8/16/2012 6:27:41 PM | Computer Name = Melvin | Source = Service Control Manager | ID = 7000
Description =

Error - 8/16/2012 6:29:03 PM | Computer Name = Melvin | Source = Service Control Manager | ID = 7022
Description =


< End of report >

descriptionTrojan horse BackDoor.Generic12.BIXF and all the fixins EmptyRe: Trojan horse BackDoor.Generic12.BIXF and all the fixins

more_horiz
bump

descriptionTrojan horse BackDoor.Generic12.BIXF and all the fixins EmptyRe: Trojan horse BackDoor.Generic12.BIXF and all the fixins

more_horiz
Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
The log also show that you only have 7.55% free space on your hard drive. Windows require 15% or more to operate efficiently. You will need to free up more space(33.6 Gb). You can do this by transferring music, videos, pictures and other important data to an external harddrive or DVD's. You can use RW's because they are re-usable. You can also uninstall any programs no longer used or needed.
************************************************************************
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:

:OTL

IE - HKLM\..\SearchScopes,DefaultScope = {CF739809-1C6C-47C0-85B9-569DBB141420}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q={searchTerms}&crm=1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2B68F2F3-3342-4A2A-81CA-8072852D359E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\..\SearchScopes\{547EEAAC-3665-4e6c-B326-C622D698543A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=SOLTDF&pc=SOLTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q={searchTerms}&crm=1
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q="
O2 - BHO: (RewardsArcade) - {597A9974-8CB0-4f41-B61F-ED065738A397} - C:\Program Files\RewardsArcade\RewardsArcade.dll (215 Apps)

:folders
C:\Program Files\RewardsArcade

:COMMANDS
[resethosts]
[purity]
[start explorer]


* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
**************************************************************
Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Trojan horse BackDoor.Generic12.BIXF and all the fixins AswMBR_Scan

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

Trojan horse BackDoor.Generic12.BIXF and all the fixins AswMBR_SaveLog

On completion of the scan click save log, save it to your desktop and post in your next reply
*************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Trojan horse BackDoor.Generic12.BIXF and all the fixins Mbamicontw5 Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

descriptionTrojan horse BackDoor.Generic12.BIXF and all the fixins EmptyIssues with OTL

more_horiz
Sorry it took me a week to get back to this; I don't have much free time during the work week.

I'm running OTL Version 3.2.22.3 and every time I try to Run Fix using the code you gave me above, OTL goes into a Not Responding state and remains that way for hours, never actually resuming or finishing. What do you suggest I do? I could move onto the other instructions you gave me, but I believe OTL needs to run its fix first.

descriptionTrojan horse BackDoor.Generic12.BIXF and all the fixins EmptyRe: Trojan horse BackDoor.Generic12.BIXF and all the fixins

more_horiz
Please move on to the other scans. We can come back to OTL later.

descriptionTrojan horse BackDoor.Generic12.BIXF and all the fixins EmptyaswMBR log

more_horiz
By the time aswMBR finished, the user interface on my computer had really taken a turn for the worse. I couldn't save the log; I couldn't even open My Computer, Documents or any other folders while attempting to pull up Task Manager would just turn my screen black for an unlimited amount of time until I hit Esc. So this is what was shown in the aswMBR window; I just typed it up manually. Hopefully, after a reboot, I'll be able to run the other two scans.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-26 12:06:18
-----------------------------
12:06:18.310 OS Version: Windows 6.0.6002 Service Pack 2
12:06:18.311 Number of processors: 2 586 0x1706
12:06:18.312 ComputerName: MELVIN UserName: Age
12:06:20.867 Initialize success
12:06:27.141 AVAST engine defs: 12082500
12:06:36.907 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:06:36.907 Disk 0 Vendor: FUJITSU_ 0000 Size: 238475MB BusType: 3
12:06:36.907 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006c
12:06:36.922 Disk 1 Vendor: RICOH 01 Size: 238475MB BusType: 0
12:06:36.922 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006d
12:06:36.922 Disk 2 Vendor: RICOH 02 Size: 238475MB BusType: 0
12:06:36.969 Disk 0 MBR read successfully
12:06:36.985 Disk 0 MBR scan
12:06:36.985 Disk 0 Windows VISTA default MBR code
12:06:37.016 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8401 MB offset 2048
12:06:37.031 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 230072 MB offset 17207296
12:06:37.047 Disk 0 scanning sectors +488395120
12:06:37.156 Disk 0 scanning C:\Windows\system32\drivers
12:07:05.762 Service scanning
12:07:44.635 Modules scanning
12:07:57.667 Disk 0 trace - called modules:
12:07:57.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
12:07:57.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ba5968]
12:07:57.687 3 CLASSPNP.SYS[8afa38b3] -> nt!IofCallDriver -> [0x86059700]
12:07:57.697 5 acpi.sys[806946bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8606b028]
12:07:59.511 AVAST engine scan C:\
21.58.25.360 Scan finished successfully

descriptionTrojan horse BackDoor.Generic12.BIXF and all the fixins EmptySuperAntiSpyware log

more_horiz
Well, my computer isn't doing much better after a reboot. There was nothing found or quarantined by SuperAntiSpyware and due to this it didn't come up with the white box for me to verify that everything has a checked box beside it nor did it prompt me to restart. I'll run the next scan when I get home today...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/27/2012 at 04:33 AM

Application Version : 5.0.1128

Core Rules Database Version : 0
Trace Rules Database Version: 0

Scan type : Complete Scan
Total Scan Time : 05:24:14

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned : 753
Memory threats detected : 0
Registry items scanned : 545
Registry threats detected : 0
File items scanned : 252385
File threats detected : 0

descriptionTrojan horse BackDoor.Generic12.BIXF and all the fixins EmptyRe: Trojan horse BackDoor.Generic12.BIXF and all the fixins

more_horiz
Please boot in Safe mode and run the MBAM scan to see if it runs better in Safe mode.

descriptionTrojan horse BackDoor.Generic12.BIXF and all the fixins EmptyMBAM log

more_horiz
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.25.04

Windows Vista Service Pack 2 x86 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
Age :: MELVIN [administrator]

8/27/2012 8:24:13 PM
mbam-log-2012-08-27 (20-24-13).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 442790
Time elapsed: 1 hour(s), 24 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 12
HKCR\CLSID\{25514C64-8321-494e-BD3E-3DBAB3F8CEBA} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\CLSID\{597A9974-8CB0-4f41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\RewardsArcade.BHO.1 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\RewardsArcade.FBApi (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\RewardsArcade.FBApi.1 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\TypeLib\{60BE6B2E-F2F5-4404-AA1E-4381D4A6EEA2} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\Age\AppData\Local\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\n. -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 29
C:\Program Files\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.

Files Detected: 112
C:\Program Files\ICCup\Launcher\iccwc3.icc (PUP.GameTool) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\RewardsArcade.dll (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\RewardsArcade.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\Uninstall.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\UserConfirmation.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\appAPIinternalWrapper.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\fb.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\jquery.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\json.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\icon128.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\panelarrow-up.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\popup.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\popup.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\popup_binding.xml (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\AppData\Local\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon128.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\panelarrow-up.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup_binding.xml (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\Age\Local Settings\Application Data\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000000.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

descriptionTrojan horse BackDoor.Generic12.BIXF and all the fixins EmptyRe: Trojan horse BackDoor.Generic12.BIXF and all the fixins

more_horiz
Please try to boot in Normal Mode and run the MBAM scan again. Post the log if anything is found.

Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:

Trojan horse BackDoor.Generic12.BIXF and all the fixins NSIS_disclaimer_ENG

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

Trojan horse BackDoor.Generic12.BIXF and all the fixins NSIS_extraction

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Trojan horse BackDoor.Generic12.BIXF and all the fixins RcAuto1

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Trojan horse BackDoor.Generic12.BIXF and all the fixins Whatnext

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

descriptionTrojan horse BackDoor.Generic12.BIXF and all the fixins EmptyMBAM log 2

more_horiz
Here is the new MBAM log. I will run combofix when I get home from work. Also, yesterday I ran a new OTL scan before MBAM. I can post that if you'd like.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.25.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Age :: MELVIN [administrator]

8/28/2012 11:11:45 PM
mbam-log-2012-08-28 (23-11-45).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 446385
Time elapsed: 2 hour(s), 22 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Delete on reboot.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000000.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{d9e1dd59-b756-558e-7b02-c3868aea93eb}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

descriptionTrojan horse BackDoor.Generic12.BIXF and all the fixins EmptyRe: Trojan horse BackDoor.Generic12.BIXF and all the fixins

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum