Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91517 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

FBI Virus & Redirect Infection [Solved]


  • This topic is locked This topic is locked
20 replies to this topic

#1 olddog

olddog

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 10 November 2013 - 08:34 PM

Browser was being redirected - suddenly got the FBI pay $300 to unlock screen.

 

A friend found the virus through scans and it was disabled, but probably not completely cleaned.

Suspect files: lfrwlarlc.ext (several files)

 

Also having an issue with a browser extension (comes up as 'Extension' in Chrome) which keeps reappearing and is causing browser redirects when clicking on links.

 

OTL Logfile is as follows (no Extras.txt was generated):

 


OTL logfile created on: 11/10/2013 8:02:45 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ken\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.97 Gb Total Physical Memory | 4.25 Gb Available Physical Memory | 71.21% Memory free
11.93 Gb Paging File | 10.27 Gb Available in Paging File | 86.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.57 Gb Total Space | 613.97 Gb Free Space | 89.43% Space Free | Partition Type: NTFS
 
Computer Name: INSPIRON | User Name: Ken | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ken\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe (SupportSoft, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\3d075c3b7d099aca217beecac1f66b4b\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0149e914e4cfbde7da65d4558af19ce0\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll ()
MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (sprtsvc_DellComms) -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe (SupportSoft, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{4CEDE513-3A98-4897-86E1-AC7DBC4503D7}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {7FCE52A8-0AB7-4ADD-B448-8AF55E03C169}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{7FCE52A8-0AB7-4ADD-B448-8AF55E03C169}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKCU\..\SearchScopes,DefaultScope = {6649DE94-68E1-434C-8EC6-4509FF6DB0EE}
IE - HKCU\..\SearchScopes\{6649DE94-68E1-434C-8EC6-4509FF6DB0EE}: "URL" = http://www.google.co...1I7AURU_enUS521
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{E50D1C85-07BA-46C1-89F1-59FAD5B39D12}: "URL" = http://www.google.co...1I7AURU_enUS521
IE - HKCU\..\SearchScopes\8622ED3E5916460FB8C4152DD1D78AAC: "URL" = http://www.google.co...1I7AURU_enUS521
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/...q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/...age={language},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: Skype Click to Call = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Google Wallet = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\amd64\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellComms] C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKCU..\Run: [Amd Update] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.15.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.93.41.125 24.93.41.126 209.18.47.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25B84475-4E8E-4608-9F76-FB770156C78D}: DhcpNameServer = 24.93.41.125 24.93.41.126 209.18.47.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4475F8C9-EC14-4775-853A-02CCCF60F423}: DhcpNameServer = 24.93.41.125 24.93.41.126 209.18.47.61
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/10 19:58:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2013/11/10 19:16:39 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013/11/10 19:12:33 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/11/10 19:12:26 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/11/10 19:05:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/11/10 19:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/11/10 19:03:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/11/10 19:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/11/10 19:01:30 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\SystemRequirementsLab
[2013/11/10 18:55:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2013/11/10 12:27:55 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\AVAST Software
[2013/11/10 12:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/11/10 12:27:35 | 001,032,416 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/11/10 12:27:35 | 000,409,832 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/11/10 12:27:35 | 000,065,264 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/11/10 12:27:34 | 000,092,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/11/10 12:27:34 | 000,084,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/11/10 12:27:34 | 000,038,984 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/11/10 12:27:33 | 000,334,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/11/10 12:27:32 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/10 12:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/11/10 12:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/11/10 12:03:06 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ken\Desktop\HijackThis.exe
[2013/10/30 14:44:47 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/10/28 18:52:02 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Amd
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/10 19:58:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2013/11/10 19:47:50 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/10 19:47:50 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/10 19:45:14 | 000,730,532 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/10 19:45:14 | 000,627,104 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/10 19:45:14 | 000,107,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/10 19:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/10 19:43:59 | 000,000,082 | ---- | M] () -- C:\Users\Ken\Desktop\Are you Infected- Need Help- - Virus, Spyware & Malware Removal - What the Tech-!.url
[2013/11/10 19:41:38 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/10 19:40:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/10 19:40:31 | 509,333,503 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/10 19:27:32 | 000,015,588 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2013/11/10 19:12:21 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/11/10 19:12:18 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/11/10 19:12:18 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/11/10 19:12:17 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/11/10 19:07:14 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/10 12:27:47 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/10 12:27:33 | 001,032,416 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/11/10 12:27:33 | 000,409,832 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/11/10 12:27:33 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/11/10 12:27:33 | 000,205,320 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/11/10 12:27:33 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/11/10 12:27:33 | 000,084,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/11/10 12:27:33 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/11/10 12:27:33 | 000,065,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/11/10 12:27:33 | 000,038,984 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/11/10 12:27:32 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/10 12:12:25 | 095,025,368 | ---- | M] () -- C:\ProgramData\lfrwlarlc.bxx
[2013/11/10 12:11:54 | 000,000,291 | ---- | M] () -- C:\ProgramData\lfrwlarlc.reg
[2013/11/10 12:10:31 | 000,000,000 | ---- | M] () -- C:\ProgramData\lfrwlarlc.fvv
[2013/11/10 12:03:07 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ken\Desktop\HijackThis.exe
[2013/11/04 15:42:43 | 531,835,657 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/10/28 18:26:11 | 000,000,398 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Ken.job
[2013/10/18 17:59:29 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2013/11/10 19:43:59 | 000,000,082 | ---- | C] () -- C:\Users\Ken\Desktop\Are you Infected- Need Help- - Virus, Spyware & Malware Removal - What the Tech-!.url
[2013/11/10 19:27:32 | 000,015,588 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2013/11/10 12:27:47 | 000,001,968 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/10 12:27:35 | 000,205,320 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/11/10 12:27:35 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/11/05 16:56:35 | 000,000,291 | ---- | C] () -- C:\ProgramData\lfrwlarlc.reg
[2013/11/05 15:50:58 | 000,000,000 | ---- | C] () -- C:\ProgramData\lfrwlarlc.fvv
[2013/11/05 15:50:55 | 095,025,368 | ---- | C] () -- C:\ProgramData\lfrwlarlc.bxx
[2013/10/30 14:44:39 | 531,835,657 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/07/07 17:37:36 | 000,743,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2013/05/11 16:47:44 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$4ff053a975058e082a69df2170d3b564\@
[2013/05/11 16:47:44 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$4ff053a975058e082a69df2170d3b564\L
[2013/05/11 16:47:44 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$4ff053a975058e082a69df2170d3b564\U
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-2215017056-37532305-2827909930-1000\$4ff053a975058e082a69df2170d3b564\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\$Recycle.Bin\S-1-5-18\$4ff053a975058e082a69df2170d3b564\n.
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/11/10 12:27:55 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\AVAST Software
[2013/11/10 19:01:30 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\SystemRequirementsLab
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.ADML  >
[2009/07/13 20:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2009/06/10 14:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2010/09/27 10:07:24 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/09/27 10:07:33 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/09/27 10:07:24 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/09/27 10:07:27 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/09/27 10:07:33 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/09/27 10:07:27 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/09/27 10:07:33 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/09/27 10:07:27 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/09/27 10:07:33 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/09/27 10:07:24 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/09/27 10:07:27 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/09/27 10:07:24 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2009/07/13 20:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/13 20:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/13 20:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/13 20:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui
 
< MD5 for: EXPLORER.EXE-D5E97654.PF  >
[2013/11/10 19:13:05 | 000,121,512 | ---- | M] () MD5=A12AF0377C58E1B8E20D2E95A42259A3 -- C:\Windows\Prefetch\EXPLORER.EXE-D5E97654.pf
 
< MD5 for: IEXPLORE.EXE  >
[2012/06/02 05:47:54 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=004640AB259C1572EBD5FB0A32F63686 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_0dbfc836999db0ca\iexplore.exe
[2013/01/08 19:53:45 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=0100BCF23941C83462E4A70F94C3392E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_0d2c5bc980874648\iexplore.exe
[2012/05/17 17:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=0129BB16161C2FD9A6B19111AB047198 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_1798a687b4d6030f\iexplore.exe
[2013/05/16 20:32:12 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=07DFD28E57879554D054464EE4A5662D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_20d88bb252a3770f\iexplore.exe
[2012/11/13 20:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=0D286C0FE561D1A7EB30E83A0FF305B2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_178ed6e5b4dd3857\iexplore.exe
[2012/06/28 23:02:52 | 000,754,784 | ---- | M] (Microsoft Corporation) MD5=1223ACBFC1093852DFF039E189599BBD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_0d45fcc9807373c2\iexplore.exe
[2013/07/26 00:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=133CEF30905806A35606652D409EEEBA -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_16893df21e3dcd43\iexplore.exe
[2013/08/10 00:31:28 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=1F3B062444AD6F667B5336E78D5A02B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_ffb36d2837eafb72\iexplore.exe
[2012/08/24 01:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_1787d4dfb4e386f6\iexplore.exe
[2013/02/22 01:04:50 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=25B53709A37C3FD814B68EA0A92D18F9 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_0d238c71808d94e7\iexplore.exe
[2012/05/17 16:59:46 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=268982F1FD671A077C6A2AF41E351436 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_181271f4ce004017\iexplore.exe
[2012/10/08 02:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_178cd651b4df05a9\iexplore.exe
[2013/06/11 22:41:27 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=2A5F565327BFD679EC5F790DC15BBF25 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_0a0343986c500b78\iexplore.exe
[2009/07/13 19:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2012/08/24 05:23:44 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=2D53C5F71653EF94E7829846405D4ED2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_0d332a8d8082c4fb\iexplore.exe
[2013/06/11 18:23:57 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=30E7CA4620500FE012EB464F0E1DE91E -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_20da757e52a1c35e\iexplore.exe
[2013/02/21 22:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_177836c3b4ee56e2\iexplore.exe
[2012/06/02 03:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=34B01BBD8F00B6B9C9248DC4F1E3CD01 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_1799a6d1b4d51c66\iexplore.exe
[2013/08/10 00:10:22 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=351657C79B62B91E16A95AD23EA3710D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_168ab5d61e3c99b7\iexplore.exe
[2013/08/09 22:18:11 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=37287D98A1BF5D56AA729CEB9B27C6B1 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_20df6028529d5bb2\iexplore.exe
[2013/05/16 19:57:28 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=3902E280F6117A468D5573343A7AA1F6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_09ffa3426c5372da\iexplore.exe
[2013/04/04 16:47:49 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=3F00BE80B9CEA20B7FE7363D15EDDB94 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16483_none_176a65f9b4f926ce\iexplore.exe
[2013/02/21 22:10:31 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=4145E2B5663F6FACC08EFDB17B658BB2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_17f703a2ce14129d\iexplore.exe
[2011/08/19 22:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=41FE5E37EFE0B587A688BA0E4FA41288 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_19d3ea0872c5a830\iexplore.exe
[2013/08/09 23:13:42 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=48A1306191216997F717C451B8D15139 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_0a08177a6c4bbd6d\iexplore.exe
[2012/10/08 06:29:46 | 000,754,848 | ---- | M] (Microsoft Corporation) MD5=49442BA6DCE4B4E3C1CB0AB193FE29AD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_0d382bff807e43ae\iexplore.exe
[2012/05/17 20:51:05 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=4E99F42504A99D5024C2EFA015001937 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_0d43fc3580754114\iexplore.exe
[2012/08/24 04:49:07 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=5A150AFABB25BEA50CEDC8650A7B8A9E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_0dc3c95e999a1626\iexplore.exe
[2012/06/28 20:45:31 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=5D03518409F37D1483C98869D86E23FF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_0dc0c880999cca21\iexplore.exe
[2012/06/02 06:52:21 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=610F6596921C4BAA8834ADBB9BE272EE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_0d44fc7f80745a6b\iexplore.exe
[2012/08/24 01:49:25 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=62188720CE27B982B4285C03163C9FB3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_181873b0cdfad821\iexplore.exe
[2013/01/08 16:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_1781061bb4e80843\iexplore.exe
[2011/06/21 00:14:22 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=6B2383EDA3956983E3219A62D8408DAB -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_0fe16ab757a12871\iexplore.exe
[2011/06/20 23:25:30 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6BB506124872ACDFAC5BD912CA1334CE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_1a3615098c01ea6c\iexplore.exe
[2013/07/25 21:49:06 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=7BA1862B8A5698DC5FCFDFF3BC359DE9 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_20dde844529e8f3e\iexplore.exe
[2013/02/02 02:09:12 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=7C2923004FFC497E54F38E835F108EE8 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_0d9c579499b8b898\iexplore.exe
[2010/11/20 07:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2013/07/25 23:47:06 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=8D805B4EEEE0ECF6B604BE284978F135 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_ffb0112a37ee15f1\iexplore.exe
[2013/05/16 21:02:08 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=8F00471CA24ADF8D2AFAACF856EB70A4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_ffaaf8f037f2b0df\iexplore.exe
[2011/10/27 16:14:57 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
[2012/06/28 19:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_179aa71bb4d435bd\iexplore.exe
[2013/06/11 20:28:00 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=98C6F2A9A981A54222602B87C6310BDE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_1685cb2c1e410163\iexplore.exe
[2013/04/04 19:55:57 | 000,763,504 | ---- | M] (Microsoft Corporation) MD5=A1B0DEC3BB845C6369F97BC1A3542A07 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16483_none_0d15bba7809864d3\iexplore.exe
[2013/02/01 22:19:03 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=A285E1965C115031DA02B777EE9D7689 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_17f101e6ce197a93\iexplore.exe
[2011/06/20 23:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=A3AB0A260049BE22AB52E302D9220A92 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_19f459cc72ad545d\iexplore.exe
[2013/02/02 01:37:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=A8EBEBCD9F5C49475194099FCD276992 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_0d1d8ab58092fcdd\iexplore.exe
[2013/05/21 02:02:38 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_20e92fca5296266a\iexplore.exe
[2011/08/19 23:46:07 | 000,696,576 | ---- | M] (Microsoft Corporation) MD5=AC1CC7CD5CBE60EFF105BB3C0DC199C5 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_0f7f3fb63e64e635\iexplore.exe
[2012/11/15 21:08:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=AC4957E154F750DF54F36ADC8E3E040D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_0db6f8de99a3ff69\iexplore.exe
[2013/02/22 01:17:45 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=B21A57AA4CB928059A0C0C58A9E77A02 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_0da2595099b350a2\iexplore.exe
[2011/06/21 00:21:24 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=B38DE184AC135A4B0AE7D286476FA33F -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_0f9faf7a3e4c9262\iexplore.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2012/06/02 02:51:58 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=BE967C74B89577B78FB57C061E12B04C -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_18147288cdfe72c5\iexplore.exe
[2013/04/04 15:55:02 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=C036AB1ED8BAC04FE4A349BA263077BB -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20593_none_17e932d8ce1ee289\iexplore.exe
[2013/04/04 18:40:37 | 000,763,504 | ---- | M] (Microsoft Corporation) MD5=C4A4F4AD91677DA1659A9ADE63746B8B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20593_none_0d94888699be208e\iexplore.exe
[2010/11/20 06:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2011/08/19 23:42:38 | 000,696,576 | ---- | M] (Microsoft Corporation) MD5=C66C8BF791F9DB974022506265518EE0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_102322ab576fcd64\iexplore.exe
[2013/06/12 01:51:43 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=CA88A25280B1D85ED0BC26B042ABBCCF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_ffae994637ef497d\iexplore.exe
[2013/05/21 02:02:38 | 000,775,232 | ---- | M] (Microsoft Corporation) MD5=CEA304830B4770BDA3572B87D0841848 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_169485781e35646f\iexplore.exe
[2012/10/08 02:22:05 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=CECB15F834FC2B4B150449717ADE18DD -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_1808a252ce07755f\iexplore.exe
[2013/09/22 17:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=D6B7DDB68436F13C3CAE2B92524F1FEC -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/09/22 17:54:30 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=D6B7DDB68436F13C3CAE2B92524F1FEC -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_20cf006852aa5f74\iexplore.exe
[2013/09/22 18:01:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=DB352EBF77E8655E0C46B6923F3C9950 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_09f78a2a6c58f471\iexplore.exe
[2013/02/01 22:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=DDE5A0DFAF7C6370FB36402D7A746ED3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_17723507b4f3bed8\iexplore.exe
[2013/07/25 23:09:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=E70D60B3A350BD09D86CDAD9CF55F36B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_0a04bb7c6c4ed7ec\iexplore.exe
[2013/09/22 19:55:58 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=E9F843E7E412AE9A507FD5ABBBD06462 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_ffa2dfd837f83276\iexplore.exe
[2012/06/28 17:35:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=EB4105348272018D096FEB655CD1608C -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_181572d2cdfd8c1c\iexplore.exe
[2013/05/16 21:30:45 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=EDC77CF787FA015205936C9A3228486E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_1683e1601e42b514\iexplore.exe
[2013/01/08 18:51:57 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=EF1F6F41FB2C9BBB484B21017F380201 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_0daa285e99ade8ac\iexplore.exe
[2013/01/08 15:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_17fed2b0ce0eaaa7\iexplore.exe
[2011/10/27 16:14:56 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe
[2009/07/13 19:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
[2012/10/08 05:09:10 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=F61714ABCF9BF0CEF0A6249AD4FD490B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_0db3f80099a6b364\iexplore.exe
[2012/11/13 20:19:28 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F691418EE9A6344AEB5C1B0518FBF8AE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_180ba330ce04c164\iexplore.exe
[2013/09/22 19:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=F6A7D9C0BC326F695526069C1DA1E8B7 -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/09/22 19:25:59 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=F6A7D9C0BC326F695526069C1DA1E8B7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_167a56161e499d79\iexplore.exe
[2012/05/17 19:37:57 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=F8B2D47ED17C1D087D14EC747E5AC57A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_0dbdc7a2999f7e1c\iexplore.exe
[2011/08/19 22:32:44 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=FA623BE79902A7B49FF4F21117B63C83 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_1a77ccfd8bd08f5f\iexplore.exe
[2012/11/14 01:11:18 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=FD0D2E1FAEBAE5031BE2EB8000D973F1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_0d3a2c93807c765c\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.10024.HTML  >
[2013/06/11 18:45:37 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.10024.html
 
< MD5 for: IEXPLORE.EXE.10056.HTML  >
[2013/07/19 17:40:03 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.10056.html
 
< MD5 for: IEXPLORE.EXE.10116.HTML  >
[2013/07/11 18:13:51 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.10116.html
 
< MD5 for: IEXPLORE.EXE.1012.HTML  >
[2013/04/24 18:06:51 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.1012.html
 
< MD5 for: IEXPLORE.EXE.10132.HTML  >
[2013/05/31 13:27:39 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.10132.html
 
< MD5 for: IEXPLORE.EXE.10196.HTML  >
[2013/05/30 18:03:29 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.10196.html
 
< MD5 for: IEXPLORE.EXE.10244.HTML  >
[2013/06/19 20:45:43 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.10244.html
 
< MD5 for: IEXPLORE.EXE.10296.HTML  >
[2013/06/26 15:41:43 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.10296.html
 
< MD5 for: IEXPLORE.EXE.10312.HTML  >
[2013/04/28 16:49:19 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.10312.html
 
< MD5 for: IEXPLORE.EXE.1032.HTML  >
[2013/07/17 09:37:51 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.1032.html
 
< MD5 for: IEXPLORE.EXE.10480.HTML  >
[2013/05/17 11:45:19 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.10480.html
 
< MD5 for: IEXPLORE.EXE.10608.HTML  >
[2013/08/03 17:31:00 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.10608.html
 
< MD5 for: IEXPLORE.EXE.10636.HTML  >
[2013/05/30 18:01:57 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.10636.html
 
< MD5 for: IEXPLORE.EXE.10672.HTML  >
[2013/03/29 16:32:48 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.10672.html
 
< MD5 for: IEXPLORE.EXE.1072.HTML  >
[2013/04/28 16:08:46 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.1072.html
 
< MD5 for: IEXPLORE.EXE.10740.HTML  >
[2013/05/04 12:58:32 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.10740.html
 
< MD5 for: IEXPLORE.EXE.10796.HTML  >
[2013/06/01 17:57:29 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.10796.html
 
< MD5 for: IEXPLORE.EXE.108.HTML  >
[2013/06/22 14:53:15 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.108.html
 
< MD5 for: IEXPLORE.EXE.10956.HTML  >
[2013/06/08 15:51:23 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.10956.html
 
< MD5 for: IEXPLORE.EXE.10972.HTML  >
[2013/05/30 18:13:30 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.10972.html
 
< MD5 for: IEXPLORE.EXE.11024.HTML  >
[2013/06/20 18:09:49 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.11024.html
 
< MD5 for: IEXPLORE.EXE.1104.HTML  >
[2013/05/21 18:13:13 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.1104.html
 
< MD5 for: IEXPLORE.EXE.11048.HTML  >
[2013/06/01 17:57:29 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.11048.html
 
< MD5 for: IEXPLORE.EXE.11072.HTML  >
[2013/05/22 14:35:08 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.11072.html
 
< MD5 for: IEXPLORE.EXE.11092.HTML  >
[2013/05/11 16:35:39 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.11092.html
 
< MD5 for: IEXPLORE.EXE.11340.HTML  >
[2013/08/02 17:55:12 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.11340.html
 
< MD5 for: IEXPLORE.EXE.11448.HTML  >
[2013/07/18 16:22:25 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.11448.html
 
< MD5 for: IEXPLORE.EXE.11492.HTML  >
[2013/05/22 20:39:54 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.11492.html
 
< MD5 for: IEXPLORE.EXE.11532.HTML  >
[2013/06/21 16:58:34 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.11532.html
 
< MD5 for: IEXPLORE.EXE.11648.HTML  >
[2013/04/01 15:28:59 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.11648.html
 
< MD5 for: IEXPLORE.EXE.1168.HTML  >
[2013/08/10 17:59:17 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.1168.html
 
< MD5 for: IEXPLORE.EXE.11696.HTML  >
[2013/06/07 15:55:55 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.11696.html
 
< MD5 for: IEXPLORE.EXE.11832.HTML  >
[2013/06/06 18:08:26 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.11832.html
 
< MD5 for: IEXPLORE.EXE.11892.HTML  >
[2013/05/11 17:03:54 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.11892.html
 
< MD5 for: IEXPLORE.EXE.1196.HTML  >
[2013/05/20 20:14:00 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.1196.html
 
< MD5 for: IEXPLORE.EXE.12008.HTML  >
[2013/08/13 17:36:21 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.12008.html
 
< MD5 for: IEXPLORE.EXE.12012.HTML  >
[2013/06/03 19:48:44 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.12012.html
 
< MD5 for: IEXPLORE.EXE.12088.HTML  >
[2013/04/05 18:46:25 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.12088.html
 
< MD5 for: IEXPLORE.EXE.12204.HTML  >
[2013/06/26 15:55:33 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.12204.html
 
< MD5 for: IEXPLORE.EXE.12240.HTML  >
[2013/07/18 16:22:26 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.12240.html
 
< MD5 for: IEXPLORE.EXE.12280.HTML  >
[2013/06/10 19:26:29 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.12280.html
 
< MD5 for: IEXPLORE.EXE.12372.HTML  >
[2013/06/22 14:26:39 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.12372.html
 
< MD5 for: IEXPLORE.EXE.12376.HTML  >
[2013/07/21 19:48:27 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.12376.html
 
< MD5 for: IEXPLORE.EXE.12392.HTML  >
[2013/07/20 19:02:47 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.12392.html
 
< MD5 for: IEXPLORE.EXE.12456.HTML  >
[2013/08/11 17:47:06 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.12456.html
 
< MD5 for: IEXPLORE.EXE.12480.HTML  >
[2013/08/11 18:09:44 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.12480.html
 
< MD5 for: IEXPLORE.EXE.12528.HTML  >
[2013/06/22 18:06:32 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.12528.html
 
< MD5 for: IEXPLORE.EXE.12532.HTML  >
[2013/07/31 17:28:58 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.12532.html
 
< MD5 for: IEXPLORE.EXE.12548.HTML  >
[2013/05/22 14:35:17 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.12548.html
 
< MD5 for: IEXPLORE.EXE.12584.HTML  >
[2013/06/03 19:48:44 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.12584.html
 
< MD5 for: IEXPLORE.EXE.12592.HTML  >
[2013/06/27 16:30:52 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.12592.html
 
< MD5 for: IEXPLORE.EXE.12596.HTML  >
[2013/05/12 20:39:14 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.12596.html
 
< MD5 for: IEXPLORE.EXE.12624.HTML  >
[2013/08/03 17:31:00 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.12624.html
 
< MD5 for: IEXPLORE.EXE.12644.HTML  >
[2013/06/20 18:11:36 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.12644.html
 
< MD5 for: IEXPLORE.EXE.12648.HTML  >
[2013/07/02 18:57:04 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.12648.html
 
< MD5 for: IEXPLORE.EXE.12708.HTML  >
[2013/06/08 16:58:04 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.12708.html
 
< MD5 for: IEXPLORE.EXE.12768.HTML  >
[2013/08/12 18:55:06 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.12768.html
 
< MD5 for: IEXPLORE.EXE.13012.HTML  >
[2013/06/06 18:42:45 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.13012.html
 
< MD5 for: IEXPLORE.EXE.1312.HTML  >
[2013/05/28 16:28:55 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.1312.html
 
< MD5 for: IEXPLORE.EXE.13204.HTML  >
[2013/08/15 15:27:41 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.13204.html
 
< MD5 for: IEXPLORE.EXE.13356.HTML  >
[2013/08/13 14:50:30 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.13356.html
 
< MD5 for: IEXPLORE.EXE.13492.HTML  >
[2013/08/02 17:55:13 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.13492.html
 
< MD5 for: IEXPLORE.EXE.13544.HTML  >
[2013/07/01 17:46:07 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.13544.html
 
< MD5 for: IEXPLORE.EXE.13596.HTML  >
[2013/08/19 16:46:39 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.13596.html
 
< MD5 for: IEXPLORE.EXE.13600.HTML  >
[2013/07/31 17:30:22 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.13600.html
 
< MD5 for: IEXPLORE.EXE.13788.HTML  >
[2013/08/13 17:35:33 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.13788.html
 
< MD5 for: IEXPLORE.EXE.13832.HTML  >
[2013/06/25 17:03:57 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.13832.html
 
< MD5 for: IEXPLORE.EXE.13844.HTML  >
[2013/06/06 18:08:47 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.13844.html
 
< MD5 for: IEXPLORE.EXE.13912.HTML  >
[2013/06/21 16:58:34 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.13912.html
 
< MD5 for: IEXPLORE.EXE.13940.HTML  >
[2013/06/27 16:30:52 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.13940.html
 
< MD5 for: IEXPLORE.EXE.13980.HTML  >
[2013/06/08 15:27:52 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.13980.html
 
< MD5 for: IEXPLORE.EXE.14272.HTML  >
[2013/06/24 17:31:15 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.14272.html
 
< MD5 for: IEXPLORE.EXE.14320.HTML  >
[2013/08/15 14:55:26 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.14320.html
 
< MD5 for: IEXPLORE.EXE.14420.HTML  >
[2013/06/01 17:58:13 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.14420.html
 
< MD5 for: IEXPLORE.EXE.1444.HTML  >
[2013/06/25 17:03:58 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.1444.html
 
< MD5 for: IEXPLORE.EXE.14472.HTML  >
[2013/07/31 16:41:22 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.14472.html
 
< MD5 for: IEXPLORE.EXE.14580.HTML  >
[2013/05/20 19:33:34 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.14580.html
 
< MD5 for: IEXPLORE.EXE.14744.HTML  >
[2013/07/21 19:48:27 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.14744.html
 
< MD5 for: IEXPLORE.EXE.14860.HTML  >
[2013/08/12 18:55:06 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.14860.html
 
< MD5 for: IEXPLORE.EXE.14900.HTML  >
[2013/06/19 19:42:07 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.14900.html
 
< MD5 for: IEXPLORE.EXE.14984.HTML  >
[2013/07/24 17:59:25 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.14984.html
 
< MD5 for: IEXPLORE.EXE.15032.HTML  >
[2013/07/02 18:56:23 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.15032.html
 
< MD5 for: IEXPLORE.EXE.15036.HTML  >
[2013/05/11 17:16:13 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.15036.html
 
< MD5 for: IEXPLORE.EXE.15144.HTML  >
[2013/03/29 16:29:19 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.15144.html
 
< MD5 for: IEXPLORE.EXE.1516.HTML  >
[2013/05/29 15:37:36 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.1516.html
 
< MD5 for: IEXPLORE.EXE.15168.HTML  >
[2013/06/25 16:59:04 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.15168.html
 
< MD5 for: IEXPLORE.EXE.15232.HTML  >
[2013/05/22 23:50:06 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.15232.html
 
< MD5 for: IEXPLORE.EXE.15248.HTML  >
[2013/05/04 18:34:06 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.15248.html
 
< MD5 for: IEXPLORE.EXE.15284.HTML  >
[2013/05/02 18:41:16 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.15284.html
 
< MD5 for: IEXPLORE.EXE.15348.HTML  >
[2013/07/02 18:33:35 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.15348.html
 
< MD5 for: IEXPLORE.EXE.15444.HTML  >
[2013/04/04 19:03:00 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.15444.html
 
< MD5 for: IEXPLORE.EXE.15596.HTML  >
[2013/08/13 16:52:38 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.15596.html
 
< MD5 for: IEXPLORE.EXE.15668.HTML  >
[2013/05/11 15:42:57 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.15668.html
 
< MD5 for: IEXPLORE.EXE.1580.HTML  >
[2013/04/14 18:38:09 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.1580.html
 
< MD5 for: IEXPLORE.EXE.15820.HTML  >
[2013/04/07 18:27:54 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.15820.html
 
< MD5 for: IEXPLORE.EXE.15856.HTML  >
[2013/06/06 18:42:58 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.15856.html
 
< MD5 for: IEXPLORE.EXE.15928.HTML  >
[2013/05/22 20:39:28 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.15928.html
 
< MD5 for: IEXPLORE.EXE.15956.HTML  >
[2013/06/08 17:07:45 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.15956.html
 
< MD5 for: IEXPLORE.EXE.16124.HTML  >
[2013/03/29 16:29:19 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.16124.html
 
< MD5 for: IEXPLORE.EXE.16272.HTML  >
[2013/08/15 15:27:50 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.16272.html
 
< MD5 for: IEXPLORE.EXE.1676.HTML  >
[2013/06/19 20:45:43 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.1676.html
 
< MD5 for: IEXPLORE.EXE.16880.HTML  >
[2013/07/22 19:08:57 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.16880.html
 
< MD5 for: IEXPLORE.EXE.16992.HTML  >
[2013/07/26 15:57:22 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.16992.html
 
< MD5 for: IEXPLORE.EXE.17008.HTML  >
[2013/07/19 19:23:29 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.17008.html
 
< MD5 for: IEXPLORE.EXE.1712.HTML  >
[2013/07/11 18:13:41 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.1712.html
 
< MD5 for: IEXPLORE.EXE.17304.HTML  >
[2013/05/20 20:09:46 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.17304.html
 
< MD5 for: IEXPLORE.EXE.17376.HTML  >
[2013/05/07 16:20:31 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.17376.html
 
< MD5 for: IEXPLORE.EXE.17436.HTML  >
[2013/05/17 11:45:19 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.17436.html
 
< MD5 for: IEXPLORE.EXE.17864.HTML  >
[2013/06/06 18:08:42 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.17864.html
 
< MD5 for: IEXPLORE.EXE.18208.HTML  >
[2013/04/04 19:03:09 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.18208.html
 
< MD5 for: IEXPLORE.EXE.18464.HTML  >
[2013/05/06 18:33:54 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.18464.html
 
< MD5 for: IEXPLORE.EXE.18596.HTML  >
[2013/07/19 19:49:19 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.18596.html
 
< MD5 for: IEXPLORE.EXE.18620.HTML  >
[2013/06/06 18:42:44 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.18620.html
 
< MD5 for: IEXPLORE.EXE.18780.HTML  >
[2013/07/31 17:28:58 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.18780.html
 
< MD5 for: IEXPLORE.EXE.19028.HTML  >
[2013/03/29 16:29:14 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.19028.html
 
< MD5 for: IEXPLORE.EXE.19284.HTML  >
[2013/05/11 16:49:39 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.19284.html
 
< MD5 for: IEXPLORE.EXE.19392.HTML  >
[2013/04/05 17:26:24 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.19392.html
 
< MD5 for: IEXPLORE.EXE.20096.HTML  >
[2013/08/05 16:57:36 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.20096.html
 
< MD5 for: IEXPLORE.EXE.20120.HTML  >
[2013/04/07 17:54:59 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.20120.html
 
< MD5 for: IEXPLORE.EXE.2020.HTML  >
[2013/05/30 17:36:16 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.2020.html
 
< MD5 for: IEXPLORE.EXE.2056.HTML  >
[2013/06/08 17:07:45 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.2056.html
 
< MD5 for: IEXPLORE.EXE.20560.HTML  >
[2013/06/06 18:09:20 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.20560.html
 
< MD5 for: IEXPLORE.EXE.20604.HTML  >
[2013/05/12 20:39:14 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.20604.html
 
< MD5 for: IEXPLORE.EXE.2064.HTML  >
[2013/06/04 18:23:19 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.2064.html
 
< MD5 for: IEXPLORE.EXE.20684.HTML  >
[2013/04/07 17:37:01 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.20684.html
 
< MD5 for: IEXPLORE.EXE.20696.HTML  >
[2013/06/08 13:56:13 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.20696.html
 
< MD5 for: IEXPLORE.EXE.20724.HTML  >
[2013/06/06 18:08:32 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.20724.html
 
< MD5 for: IEXPLORE.EXE.2080.HTML  >
[2013/05/02 18:41:16 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.2080.html
 
< MD5 for: IEXPLORE.EXE.20800.HTML  >
[2013/08/03 15:58:40 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.20800.html
 
< MD5 for: IEXPLORE.EXE.2088.HTML  >
[2013/05/20 20:14:00 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.2088.html
 
< MD5 for: IEXPLORE.EXE.20960.HTML  >
[2013/06/06 18:09:00 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.20960.html
 
< MD5 for: IEXPLORE.EXE.21376.HTML  >
[2013/06/06 18:08:22 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.21376.html
 
< MD5 for: IEXPLORE.EXE.2140.HTML  >
[2013/04/24 18:22:05 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.2140.html
 
< MD5 for: IEXPLORE.EXE.2156.HTML  >
[2013/05/11 09:19:40 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.2156.html
 
< MD5 for: IEXPLORE.EXE.2164.HTML  >
[2013/06/24 19:17:42 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.2164.html
 
< MD5 for: IEXPLORE.EXE.21840.HTML  >
[2013/04/07 18:27:54 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.21840.html
 
< MD5 for: IEXPLORE.EXE.21852.HTML  >
[2013/07/19 19:46:39 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.21852.html
 
< MD5 for: IEXPLORE.EXE.22032.HTML  >
[2013/06/06 18:09:20 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.22032.html
 
< MD5 for: IEXPLORE.EXE.22128.HTML  >
[2013/06/08 14:38:13 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.22128.html
 
< MD5 for: IEXPLORE.EXE.2236.HTML  >
[2013/05/22 19:44:55 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.2236.html
 
< MD5 for: IEXPLORE.EXE.22424.HTML  >
[2013/06/06 18:08:38 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.22424.html
 
< MD5 for: IEXPLORE.EXE.22640.HTML  >
[2013/07/31 15:03:28 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.22640.html
 
< MD5 for: IEXPLORE.EXE.22868.HTML  >
[2013/06/07 15:16:17 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.22868.html
 
< MD5 for: IEXPLORE.EXE.2300.HTML  >
[2013/08/05 16:07:59 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.2300.html
 
< MD5 for: IEXPLORE.EXE.2312.HTML  >
[2013/08/09 19:15:32 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.2312.html
 
< MD5 for: IEXPLORE.EXE.2320.HTML  >
[2013/06/19 19:09:25 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.2320.html
 
< MD5 for: IEXPLORE.EXE.23244.HTML  >
[2013/06/08 15:27:52 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.23244.html
 
< MD5 for: IEXPLORE.EXE.23276.HTML  >
[2013/04/10 19:34:26 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.23276.html
 
< MD5 for: IEXPLORE.EXE.23788.HTML  >
[2013/08/02 18:44:57 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.23788.html
 
< MD5 for: IEXPLORE.EXE.23840.HTML  >
[2013/07/24 17:56:04 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.23840.html
 
< MD5 for: IEXPLORE.EXE.23864.HTML  >
[2013/04/07 18:28:07 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.23864.html
 
< MD5 for: IEXPLORE.EXE.2416.HTML  >
[2013/03/29 16:30:57 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.2416.html
 
< MD5 for: IEXPLORE.EXE.2448.HTML  >
[2013/08/16 19:05:56 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.2448.html
 
< MD5 for: IEXPLORE.EXE.2456.HTML  >
[2013/07/16 18:30:33 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.2456.html
 
< MD5 for: IEXPLORE.EXE.2468.HTML  >
[2013/05/02 16:50:25 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.2468.html
 
< MD5 for: IEXPLORE.EXE.2480.HTML  >
[2013/06/08 14:38:13 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.2480.html
 
< MD5 for: IEXPLORE.EXE.25076.HTML  >
[2013/08/05 18:46:45 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.25076.html
 
< MD5 for: IEXPLORE.EXE.25272.HTML  >
[2013/08/02 18:44:13 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.25272.html
 
< MD5 for: IEXPLORE.EXE.25540.HTML  >
[2013/07/21 19:48:27 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.25540.html
 
< MD5 for: IEXPLORE.EXE.25808.HTML  >
[2013/07/22 19:08:57 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.25808.html
 
< MD5 for: IEXPLORE.EXE.2588.HTML  >
[2013/04/10 19:34:26 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.2588.html
 
< MD5 for: IEXPLORE.EXE.2648.HTML  >
[2013/05/02 15:21:01 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.2648.html
 
< MD5 for: IEXPLORE.EXE.26616.HTML  >
[2013/08/05 16:51:17 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.26616.html
 
< MD5 for: IEXPLORE.EXE.26888.HTML  >
[2013/07/19 19:47:44 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.26888.html
 
< MD5 for: IEXPLORE.EXE.27024.HTML  >
[2013/07/19 17:41:25 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.27024.html
 
< MD5 for: IEXPLORE.EXE.2704.HTML  >
[2013/06/19 19:10:44 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.2704.html
 
< MD5 for: IEXPLORE.EXE.27428.HTML  >
[2013/05/04 18:33:19 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.27428.html
 
< MD5 for: IEXPLORE.EXE.27804.HTML  >
[2013/07/26 17:36:14 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.27804.html
 
< MD5 for: IEXPLORE.EXE.27836.HTML  >
[2013/08/02 18:44:57 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.27836.html
 
< MD5 for: IEXPLORE.EXE.27876.HTML  >
[2013/07/20 19:02:47 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.27876.html
 
< MD5 for: IEXPLORE.EXE.28432.HTML  >
[2013/07/26 15:56:53 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.28432.html
 
< MD5 for: IEXPLORE.EXE.2848.HTML  >
[2013/08/17 18:16:42 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.2848.html
 
< MD5 for: IEXPLORE.EXE.2900.HTML  >
[2013/07/07 20:02:19 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.2900.html
 
< MD5 for: IEXPLORE.EXE.2908.HTML  >
[2013/05/28 18:07:20 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.2908.html
 
< MD5 for: IEXPLORE.EXE.29704.HTML  >
[2013/05/06 18:52:07 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.29704.html
 
< MD5 for: IEXPLORE.EXE.2984.HTML  >
[2013/08/13 17:35:33 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.2984.html
 
< MD5 for: IEXPLORE.EXE.30460.HTML  >
[2013/05/04 14:20:31 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.30460.html
 
< MD5 for: IEXPLORE.EXE.3060.HTML  >
[2013/04/23 15:49:48 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.3060.html
 
< MD5 for: IEXPLORE.EXE.31120.HTML  >
[2013/05/04 18:18:54 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.31120.html
 
< MD5 for: IEXPLORE.EXE.3132.HTML  >
[2013/05/22 14:04:13 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.3132.html
 
< MD5 for: IEXPLORE.EXE.32068.HTML  >
[2013/05/04 18:19:25 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.32068.html
 
< MD5 for: IEXPLORE.EXE.3288.HTML  >
[2013/05/30 18:19:54 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.3288.html
 
< MD5 for: IEXPLORE.EXE.3304.HTML  >
[2013/08/05 18:46:41 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.3304.html
 
< MD5 for: IEXPLORE.EXE.3332.HTML  >
[2013/06/13 15:41:52 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.3332.html
 
< MD5 for: IEXPLORE.EXE.3336.HTML  >
[2013/06/10 19:26:29 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.3336.html
 
< MD5 for: IEXPLORE.EXE.33384.HTML  >
[2013/05/04 18:22:00 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.33384.html
 
< MD5 for: IEXPLORE.EXE.3348.HTML  >
[2013/08/19 16:40:04 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.3348.html
 
< MD5 for: IEXPLORE.EXE.33736.HTML  >
[2013/05/04 18:33:19 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.33736.html
 
< MD5 for: IEXPLORE.EXE.3376.HTML  >
[2013/07/01 17:46:07 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.3376.html
 
< MD5 for: IEXPLORE.EXE.3392.HTML  >
[2013/07/26 15:57:22 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.3392.html
 
< MD5 for: IEXPLORE.EXE.3440.HTML  >
[2013/08/12 18:55:06 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.3440.html
 
< MD5 for: IEXPLORE.EXE.3476.HTML  >
[2013/07/06 18:48:03 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.3476.html
 
< MD5 for: IEXPLORE.EXE.3488.HTML  >
[2013/08/17 18:16:45 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.3488.html
 
< MD5 for: IEXPLORE.EXE.3504.HTML  >
[2013/07/10 21:13:05 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.3504.html
 
< MD5 for: IEXPLORE.EXE.3520.HTML  >
[2013/07/10 21:13:05 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.3520.html
 
< MD5 for: IEXPLORE.EXE.3576.HTML  >
[2013/04/28 16:10:18 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.3576.html
 
< MD5 for: IEXPLORE.EXE.3592.HTML  >
[2013/03/27 15:29:59 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.3592.html
 
< MD5 for: IEXPLORE.EXE.3672.HTML  >
[2013/08/17 17:27:29 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.3672.html
 
< MD5 for: IEXPLORE.EXE.3728.HTML  >
[2013/05/11 09:17:49 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.3728.html
 
< MD5 for: IEXPLORE.EXE.392.HTML  >
[2013/08/16 18:20:14 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.392.html
 
< MD5 for: IEXPLORE.EXE.3960.HTML  >
[2013/07/10 20:54:29 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.3960.html
 
< MD5 for: IEXPLORE.EXE.3972.HTML  >
[2013/07/19 17:40:02 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.3972.html
 
< MD5 for: IEXPLORE.EXE.4036.HTML  >
[2013/05/19 19:55:21 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.4036.html
 
< MD5 for: IEXPLORE.EXE.4148.HTML  >
[2013/04/24 18:01:23 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.4148.html
 
< MD5 for: IEXPLORE.EXE.4164.HTML  >
[2013/04/24 18:57:21 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.4164.html
 
< MD5 for: IEXPLORE.EXE.4176.HTML  >
[2013/05/28 18:57:30 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.4176.html
 
< MD5 for: IEXPLORE.EXE.4220.HTML  >
[2013/06/22 18:03:11 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.4220.html
 
< MD5 for: IEXPLORE.EXE.4272.HTML  >
[2013/07/02 18:57:04 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.4272.html
 
< MD5 for: IEXPLORE.EXE.4300.HTML  >
[2013/05/11 09:15:08 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.4300.html
 
< MD5 for: IEXPLORE.EXE.4368.HTML  >
[2013/08/06 18:49:33 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.4368.html
 
< MD5 for: IEXPLORE.EXE.4384.HTML  >
[2013/06/13 15:41:52 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.4384.html
 
< MD5 for: IEXPLORE.EXE.4412.HTML  >
[2013/06/12 19:05:12 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.4412.html
 
< MD5 for: IEXPLORE.EXE.4428.HTML  >
[2013/08/06 18:31:58 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.4428.html
 
< MD5 for: IEXPLORE.EXE.4440.HTML  >
[2013/06/21 16:58:34 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.4440.html
 
< MD5 for: IEXPLORE.EXE.4452.HTML  >
[2013/05/21 18:08:01 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.4452.html
 
< MD5 for: IEXPLORE.EXE.4456.HTML  >
[2013/05/19 19:17:45 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.4456.html
 
< MD5 for: IEXPLORE.EXE.4528.HTML  >
[2013/05/19 19:55:21 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.4528.html
 
< MD5 for: IEXPLORE.EXE.4644.HTML  >
[2013/05/03 20:41:59 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.4644.html
 
< MD5 for: IEXPLORE.EXE.4732.HTML  >
[2013/04/30 15:03:11 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.4732.html
 
< MD5 for: IEXPLORE.EXE.4736.HTML  >
[2013/06/19 19:09:25 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.4736.html
 
< MD5 for: IEXPLORE.EXE.4748.HTML  >
[2013/08/06 18:32:10 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.4748.html
 
< MD5 for: IEXPLORE.EXE.4776.HTML  >
[2013/04/14 19:51:04 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.4776.html
 
< MD5 for: IEXPLORE.EXE.4812.HTML  >
[2013/07/06 18:47:17 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.4812.html
 
< MD5 for: IEXPLORE.EXE.4900.HTML  >
[2013/08/18 19:27:36 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.4900.html
 
< MD5 for: IEXPLORE.EXE.4948.HTML  >
[2013/04/04 19:03:00 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.4948.html
 
< MD5 for: IEXPLORE.EXE.4984.HTML  >
[2013/07/11 18:13:42 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.4984.html
 
< MD5 for: IEXPLORE.EXE.5032.HTML  >
[2013/08/06 18:32:10 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.5032.html
 
< MD5 for: IEXPLORE.EXE.5044.HTML  >
[2013/04/14 20:01:31 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.5044.html
 
< MD5 for: IEXPLORE.EXE.5108.HTML  >
[2013/05/11 16:49:39 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.5108.html
 
< MD5 for: IEXPLORE.EXE.5144.HTML  >
[2013/03/28 18:18:50 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.5144.html
 
< MD5 for: IEXPLORE.EXE.5148.HTML  >
[2013/04/12 23:09:27 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.5148.html
 
< MD5 for: IEXPLORE.EXE.5208.HTML  >
[2013/08/10 17:59:17 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.5208.html
 
< MD5 for: IEXPLORE.EXE.5252.HTML  >
[2013/07/09 19:40:18 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.5252.html
 
< MD5 for: IEXPLORE.EXE.5288.HTML  >
[2013/06/01 17:58:13 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.5288.html
 
< MD5 for: IEXPLORE.EXE.5300.HTML  >
[2013/07/10 20:54:29 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.5300.html
 
< MD5 for: IEXPLORE.EXE.5308.HTML  >
[2013/08/02 18:44:13 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.5308.html
 
< MD5 for: IEXPLORE.EXE.5392.HTML  >
[2013/05/21 18:28:31 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.5392.html
 
< MD5 for: IEXPLORE.EXE.5476.HTML  >
[2013/04/24 18:05:18 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.5476.html
 
< MD5 for: IEXPLORE.EXE.5492.HTML  >
[2013/07/07 20:02:19 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.5492.html
 
< MD5 for: IEXPLORE.EXE.5508.HTML  >
[2013/05/11 08:32:52 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.5508.html
 
< MD5 for: IEXPLORE.EXE.5520.HTML  >
[2013/05/30 18:19:27 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.5520.html
 
< MD5 for: IEXPLORE.EXE.5544.HTML  >
[2013/08/22 14:44:26 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.5544.html
 
< MD5 for: IEXPLORE.EXE.5688.HTML  >
[2013/05/28 16:32:40 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.5688.html
 
< MD5 for: IEXPLORE.EXE.5720.HTML  >
[2013/08/13 17:15:09 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.5720.html
 
< MD5 for: IEXPLORE.EXE.5740.HTML  >
[2013/04/12 16:04:38 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.5740.html
 
< MD5 for: IEXPLORE.EXE.5760.HTML  >
[2013/05/20 20:41:10 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.5760.html
 
< MD5 for: IEXPLORE.EXE.5880.HTML  >
[2013/05/10 15:42:18 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.5880.html
 
< MD5 for: IEXPLORE.EXE.5940.HTML  >
[2013/06/18 17:15:47 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.5940.html
 
< MD5 for: IEXPLORE.EXE.5976.HTML  >
[2013/05/19 19:19:06 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.5976.html
 
< MD5 for: IEXPLORE.EXE.5988.HTML  >
[2013/06/18 17:16:07 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.5988.html
 
< MD5 for: IEXPLORE.EXE.5992.HTML  >
[2013/06/07 15:47:42 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.5992.html
 
< MD5 for: IEXPLORE.EXE.6004.HTML  >
[2013/04/23 15:47:39 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.6004.html
 
< MD5 for: IEXPLORE.EXE.6060.HTML  >
[2013/07/06 18:47:17 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.6060.html
 
< MD5 for: IEXPLORE.EXE.6064.HTML  >
[2013/04/24 19:08:10 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.6064.html
 
< MD5 for: IEXPLORE.EXE.6148.HTML  >
[2013/08/06 18:49:33 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.6148.html
 
< MD5 for: IEXPLORE.EXE.6180.HTML  >
[2013/08/17 18:16:42 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.6180.html
 
< MD5 for: IEXPLORE.EXE.6236.HTML  >
[2013/05/02 18:41:16 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.6236.html
 
< MD5 for: IEXPLORE.EXE.6312.HTML  >
[2013/06/08 13:46:23 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.6312.html
 
< MD5 for: IEXPLORE.EXE.6344.HTML  >
[2013/08/11 18:41:10 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.6344.html
 
< MD5 for: IEXPLORE.EXE.6360.HTML  >
[2013/08/19 16:40:04 | 000,004,308 | ---- | M] () MD5=564C89F90FB579A6FC06B7D76A0FC418 -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.6360.html
 
< MD5 for: IEXPLORE.EXE.6480.HTML  >
[2013/08/06 18:55:33 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.6480.html
 
< MD5 for: IEXPLORE.EXE.6552.HTML  >
[2013/08/05 16:09:48 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.6552.html
 
< MD5 for: IEXPLORE.EXE.6572.HTML  >
[2013/08/16 19:05:56 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.6572.html
 
< MD5 for: IEXPLORE.EXE.6592.HTML  >
[2013/04/14 19:37:19 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.6592.html
 
< MD5 for: IEXPLORE.EXE.6616.HTML  >
[2013/03/28 18:41:06 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.6616.html
 
< MD5 for: IEXPLORE.EXE.6640.HTML  >
[2013/05/20 17:43:07 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.6640.html
 
< MD5 for: IEXPLORE.EXE.6804.HTML  >
[2013/06/21 14:28:16 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.6804.html
 
< MD5 for: IEXPLORE.EXE.6828.HTML  >
[2013/06/07 15:58:04 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.6828.html
 
< MD5 for: IEXPLORE.EXE.6880.HTML  >
[2013/08/19 16:48:48 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.6880.html
 
< MD5 for: IEXPLORE.EXE.6896.HTML  >
[2013/06/26 15:55:33 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.6896.html
 
< MD5 for: IEXPLORE.EXE.6908.HTML  >
[2013/08/09 19:15:43 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.6908.html
 
< MD5 for: IEXPLORE.EXE.6944.HTML  >
[2013/05/02 18:42:04 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.6944.html
 
< MD5 for: IEXPLORE.EXE.6952.HTML  >
[2013/08/11 18:41:10 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.6952.html
 
< MD5 for: IEXPLORE.EXE.6960.HTML  >
[2013/07/26 17:36:45 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.6960.html
 
< MD5 for: IEXPLORE.EXE.6972.HTML  >
[2013/06/04 17:07:58 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.6972.html
 
< MD5 for: IEXPLORE.EXE.7024.HTML  >
[2013/05/06 18:24:34 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.7024.html
 
< MD5 for: IEXPLORE.EXE.7068.HTML  >
[2013/04/23 15:22:39 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.7068.html
 
< MD5 for: IEXPLORE.EXE.7088.HTML  >
[2013/07/02 18:23:04 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.7088.html
 
< MD5 for: IEXPLORE.EXE.7096.HTML  >
[2013/07/15 20:16:07 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.7096.html
 
< MD5 for: IEXPLORE.EXE.7152.HTML  >
[2013/04/01 15:20:14 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.7152.html
 
< MD5 for: IEXPLORE.EXE.7256.HTML  >
[2013/06/26 15:55:40 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.7256.html
 
< MD5 for: IEXPLORE.EXE.7464.HTML  >
[2013/04/14 20:01:31 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.7464.html
 
< MD5 for: IEXPLORE.EXE.7484.HTML  >
[2013/05/06 18:52:07 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.7484.html
 
< MD5 for: IEXPLORE.EXE.7488.HTML  >
[2013/06/18 17:16:07 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.7488.html
 
< MD5 for: IEXPLORE.EXE.7508.HTML  >
[2013/05/07 16:53:41 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.7508.html
 
< MD5 for: IEXPLORE.EXE.7532.HTML  >
[2013/06/21 17:11:37 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.7532.html
 
< MD5 for: IEXPLORE.EXE.7556.HTML  >
[2013/07/24 17:59:25 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.7556.html
 
< MD5 for: IEXPLORE.EXE.7580.HTML  >
[2013/04/12 23:09:36 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.7580.html
 
< MD5 for: IEXPLORE.EXE.7616.HTML  >
[2013/04/12 16:04:38 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.7616.html
 
< MD5 for: IEXPLORE.EXE.7672.HTML  >
[2013/03/27 15:47:05 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.7672.html
 
< MD5 for: IEXPLORE.EXE.7704.HTML  >
[2013/04/12 23:11:18 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.7704.html
 
< MD5 for: IEXPLORE.EXE.7720.HTML  >
[2013/06/18 17:16:01 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.7720.html
 
< MD5 for: IEXPLORE.EXE.7724.HTML  >
[2013/06/20 17:51:19 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.7724.html
 
< MD5 for: IEXPLORE.EXE.776.HTML  >
[2013/04/23 15:49:40 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.776.html
 
< MD5 for: IEXPLORE.EXE.7776.HTML  >
[2013/06/11 18:43:20 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.7776.html
 
< MD5 for: IEXPLORE.EXE.7780.HTML  >
[2013/05/28 18:57:30 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.7780.html
 
< MD5 for: IEXPLORE.EXE.7792.HTML  >
[2013/08/11 17:09:50 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.7792.html
 
< MD5 for: IEXPLORE.EXE.7900.HTML  >
[2013/04/14 19:41:46 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.7900.html
 
< MD5 for: IEXPLORE.EXE.8028.HTML  >
[2013/06/21 16:04:16 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.8028.html
 
< MD5 for: IEXPLORE.EXE.804.HTML  >
[2013/08/18 19:53:09 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.804.html
 
< MD5 for: IEXPLORE.EXE.8044.HTML  >
[2013/05/29 20:16:50 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.8044.html
 
< MD5 for: IEXPLORE.EXE.8072.HTML  >
[2013/06/20 17:51:19 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.8072.html
 
< MD5 for: IEXPLORE.EXE.8120.HTML  >
[2013/07/15 19:31:46 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.8120.html
 
< MD5 for: IEXPLORE.EXE.8176.HTML  >
[2013/08/06 18:49:12 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.8176.html
 
< MD5 for: IEXPLORE.EXE.8268.HTML  >
[2013/05/02 17:10:39 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.8268.html
 
< MD5 for: IEXPLORE.EXE.8284.HTML  >
[2013/06/19 20:46:05 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.8284.html
 
< MD5 for: IEXPLORE.EXE.8288.HTML  >
[2013/07/17 10:00:51 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.8288.html
 
< MD5 for: IEXPLORE.EXE.8308.HTML  >
[2013/04/22 17:26:35 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.8308.html
 
< MD5 for: IEXPLORE.EXE.8332.HTML  >
[2013/07/01 17:46:07 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.8332.html
 
< MD5 for: IEXPLORE.EXE.8348.HTML  >
[2013/04/30 23:03:40 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.8348.html
 
< MD5 for: IEXPLORE.EXE.8360.HTML  >
[2013/04/14 19:22:04 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.8360.html
 
< MD5 for: IEXPLORE.EXE.8364.HTML  >
[2013/05/17 11:45:19 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.8364.html
 
< MD5 for: IEXPLORE.EXE.8396.HTML  >
[2013/08/10 17:36:41 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.8396.html
 
< MD5 for: IEXPLORE.EXE.8408.HTML  >
[2013/06/21 17:11:37 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.8408.html
 
< MD5 for: IEXPLORE.EXE.8420.HTML  >
[2013/08/18 19:53:09 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.8420.html
 
< MD5 for: IEXPLORE.EXE.8432.HTML  >
[2013/07/22 19:08:55 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.8432.html
 
< MD5 for: IEXPLORE.EXE.8448.HTML  >
[2013/06/01 16:24:47 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.8448.html
 
< MD5 for: IEXPLORE.EXE.8464.HTML  >
[2013/04/30 23:03:40 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.8464.html
 
< MD5 for: IEXPLORE.EXE.8476.HTML  >
[2013/06/22 17:47:28 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.8476.html
 
< MD5 for: IEXPLORE.EXE.8488.HTML  >
[2013/03/29 16:32:44 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.8488.html
 
< MD5 for: IEXPLORE.EXE.8516.HTML  >
[2013/07/26 16:41:29 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.8516.html
 
< MD5 for: IEXPLORE.EXE.8528.HTML  >
[2013/06/04 18:23:21 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.8528.html
 
< MD5 for: IEXPLORE.EXE.8536.HTML  >
[2013/05/30 17:54:08 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.8536.html
 
< MD5 for: IEXPLORE.EXE.8548.HTML  >
[2013/05/11 09:24:49 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.8548.html
 
< MD5 for: IEXPLORE.EXE.8552.HTML  >
[2013/05/11 15:33:03 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.8552.html
 
< MD5 for: IEXPLORE.EXE.8556.HTML  >
[2013/05/29 15:37:36 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.8556.html
 
< MD5 for: IEXPLORE.EXE.8580.HTML  >
[2013/05/29 20:16:50 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.8580.html
 
< MD5 for: IEXPLORE.EXE.8616.HTML  >
[2013/08/05 18:46:41 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.8616.html
 
< MD5 for: IEXPLORE.EXE.8624.HTML  >
[2013/05/20 17:22:21 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.8624.html
 
< MD5 for: IEXPLORE.EXE.8648.HTML  >
[2013/08/18 18:38:06 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.8648.html
 
< MD5 for: IEXPLORE.EXE.8704.HTML  >
[2013/05/28 17:54:59 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.8704.html
 
< MD5 for: IEXPLORE.EXE.8732.HTML  >
[2013/05/04 13:27:04 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.8732.html
 
< MD5 for: IEXPLORE.EXE.8752.HTML  >
[2013/04/05 18:46:25 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.8752.html
 
< MD5 for: IEXPLORE.EXE.8808.HTML  >
[2013/05/30 18:01:41 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.8808.html
 
< MD5 for: IEXPLORE.EXE.8832.HTML  >
[2013/05/04 13:16:52 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.8832.html
 
< MD5 for: IEXPLORE.EXE.8872.HTML  >
[2013/08/10 17:59:33 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.8872.html
 
< MD5 for: IEXPLORE.EXE.8876.HTML  >
[2013/05/29 19:49:45 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.8876.html
 
< MD5 for: IEXPLORE.EXE.8884.HTML  >
[2013/06/19 19:09:25 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.8884.html
 
< MD5 for: IEXPLORE.EXE.8920.HTML  >
[2013/05/22 14:35:06 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.8920.html
 
< MD5 for: IEXPLORE.EXE.8948.HTML  >
[2013/05/11 16:35:39 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.8948.html
 
< MD5 for: IEXPLORE.EXE.8972.HTML  >
[2013/04/22 17:55:36 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.8972.html
 
< MD5 for: IEXPLORE.EXE.8980.HTML  >
[2013/08/13 16:55:57 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.8980.html
 
< MD5 for: IEXPLORE.EXE.9008.HTML  >
[2013/03/27 15:38:44 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.9008.html
 
< MD5 for: IEXPLORE.EXE.9024.HTML  >
[2013/05/11 08:17:53 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.9024.html
 
< MD5 for: IEXPLORE.EXE.9080.HTML  >
[2013/07/02 16:10:22 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.9080.html
 
< MD5 for: IEXPLORE.EXE.916.HTML  >
[2013/04/05 17:36:25 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.916.html
 
< MD5 for: IEXPLORE.EXE.9160.HTML  >
[2013/07/02 18:43:42 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.9160.html
 
< MD5 for: IEXPLORE.EXE.9196.HTML  >
[2013/06/26 15:55:33 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.9196.html
 
< MD5 for: IEXPLORE.EXE.9224.HTML  >
[2013/06/07 14:28:00 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.9224.html
 
< MD5 for: IEXPLORE.EXE.9288.HTML  >
[2013/07/26 17:25:31 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.9288.html
 
< MD5 for: IEXPLORE.EXE.9344.HTML  >
[2013/07/02 18:56:23 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.9344.html
 
< MD5 for: IEXPLORE.EXE.9396.HTML  >
[2013/06/03 19:30:26 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.9396.html
 
< MD5 for: IEXPLORE.EXE.9472.HTML  >
[2013/05/30 16:23:07 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.9472.html
 
< MD5 for: IEXPLORE.EXE.9492.HTML  >
[2013/06/19 19:10:44 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.9492.html
 
< MD5 for: IEXPLORE.EXE.9496.HTML  >
[2013/05/02 16:14:41 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.9496.html
 
< MD5 for: IEXPLORE.EXE.9560.HTML  >
[2013/07/09 19:40:18 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.9560.html
 
< MD5 for: IEXPLORE.EXE.9580.HTML  >
[2013/06/27 16:30:52 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.9580.html
 
< MD5 for: IEXPLORE.EXE.9732.HTML  >
[2013/04/01 15:54:18 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\iexplore.exe.9732.html
 
< MD5 for: IEXPLORE.EXE.9784.HTML  >
[2013/07/07 20:02:38 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.9784.html
 
< MD5 for: IEXPLORE.EXE.9812.HTML  >
[2013/07/17 09:38:02 | 000,002,154 | ---- | M] () MD5=2D593902F8766125827C41DE14F0D34F -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.9812.html
 
< MD5 for: IEXPLORE.EXE.988.HTML  >
[2013/06/10 18:36:20 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.988.html
 
< MD5 for: IEXPLORE.EXE.9884.HTML  >
[2013/08/19 16:48:30 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.9884.html
 
< MD5 for: IEXPLORE.EXE.9936.HTML  >
[2013/05/22 20:17:16 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.9936.html
 
< MD5 for: IEXPLORE.EXE.9992.HTML  >
[2013/06/06 18:42:44 | 000,001,077 | ---- | M] () MD5=0A170ED6EBCB531315E62B64806C108E -- C:\Users\Ken\AppData\Local\Temp\Low\__skype_toolbar_v5_logs\html\IEXPLORE.EXE.9992.html
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2011/10/27 16:14:56 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2011/10/27 16:14:57 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2013/05/21 02:02:38 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2013/05/21 02:02:38 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/05/21 02:02:38 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_103c8b6555e6a67e\iexplore.exe.mui
[2013/05/21 02:02:38 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_1a9135b78a476879\iexplore.exe.mui
[2009/07/13 20:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui
[2009/07/13 20:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/13 20:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui
[2009/07/13 20:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui
 
< MD5 for: IEXPLORE.EXE-058FE8F5.PF  >
[2013/11/10 19:04:25 | 000,123,002 | ---- | M] () MD5=DDCCF2D5C7FCE51373F1CAC308036994 -- C:\Windows\Prefetch\IEXPLORE.EXE-058FE8F5.pf
 
< MD5 for: IEXPLORE.EXE-A033F7A0.PF  >
[2013/11/10 19:04:31 | 000,266,352 | ---- | M] () MD5=2D3B00662B44A414C765E5891A83F547 -- C:\Windows\Prefetch\IEXPLORE.EXE-A033F7A0.pf
 
< MD5 for: SERVICES  >
[2009/06/10 15:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.CFG  >
[2013/09/03 07:53:56 | 000,558,864 | ---- | M] () MD5=4097D9DB7F5DB4533DDA8271136C9B7B -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 11:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2009/07/13 20:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 20:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.HEARSTMAGS[1].XML  >
[2013/09/18 17:09:27 | 000,000,213 | ---- | M] () MD5=63A5D3F219D770AAF40499B854D06B0B -- C:\Users\Ken\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\RYM8M05M\services.hearstmags[1].xml
 
< MD5 for: SERVICES.LNK  >
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/07/13 20:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 20:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: WINLOGON.ADML  >
[2009/07/13 20:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2009/06/10 15:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/09/27 10:07:33 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/09/27 10:07:33 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2010/11/20 07:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2010/11/20 07:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
[2009/07/13 20:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui
 
< MD5 for: WINLOGON.MFL  >
[2009/07/13 20:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/13 20:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2009/07/13 14:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 14:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2010/09/27 10:08:44 | 000,003,932 | RH-- | M] () -- C:\dell.sdr
[2013/11/10 19:40:31 | 509,333,503 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/10 19:40:31 | 2110,767,103 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\Fonts\*.com >
[2009/07/13 23:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 14:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2013/11/10 12:27:32 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/04/16 23:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is OS
 Volume Serial Number is 8658-D48A
 Directory of C:\
07/13/2009  11:08 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\Program Files\Windows Defender
07/13/2009  11:37 PM    <SYMLINKD>     en-US [c:\windows\system32\config]
07/13/2009  07:41 PM    <SYMLINK>      MpAsDesc.dll [c:\windows\system32\config]
07/13/2009  07:41 PM    <SYMLINK>      MpClient.dll [c:\windows\system32\config]
07/13/2009  07:39 PM    <SYMLINK>      MpCmdRun.exe [c:\windows\system32\config]
07/13/2009  07:41 PM    <SYMLINK>      MpCommu.dll [c:\windows\system32\config]
07/13/2009  07:29 PM    <SYMLINK>      MpEvMsg.dll [c:\windows\system32\config]
07/13/2009  07:41 PM    <SYMLINK>      MpOAV.dll [c:\windows\system32\config]
07/13/2009  07:41 PM    <SYMLINK>      MpRTP.dll [c:\windows\system32\config]
07/13/2009  07:41 PM    <SYMLINK>      MpSvc.dll [c:\windows\system32\config]
07/13/2009  07:39 PM    <SYMLINK>      MSASCui.exe [c:\windows\system32\config]
11/20/2010  07:27 AM    <SYMLINK>      MsMpCom.dll [c:\windows\system32\config]
07/13/2009  07:29 PM    <SYMLINK>      MsMpLics.dll [c:\windows\system32\config]
07/13/2009  07:41 PM    <SYMLINK>      MsMpRes.dll [c:\windows\system32\config]
              12 File(s)      3,919,360 bytes
 Directory of C:\ProgramData
07/13/2009  11:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  11:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  11:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  11:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  11:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  11:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
07/13/2009  11:08 PM    <SYMLINKD>     All Users [C:\ProgramData]
07/13/2009  11:08 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
07/13/2009  11:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  11:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  11:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  11:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  11:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  11:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
07/13/2009  11:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009  11:08 PM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009  11:08 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/13/2009  11:08 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/13/2009  11:08 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009  11:08 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009  11:08 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009  11:08 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009  11:08 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009  11:08 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
07/13/2009  11:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/13/2009  11:08 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009  11:08 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
07/13/2009  11:08 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/13/2009  11:08 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/13/2009  11:08 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Ken
08/17/2011  05:31 PM    <JUNCTION>     Application Data [C:\Users\Ken\AppData\Roaming]
08/17/2011  05:31 PM    <JUNCTION>     Cookies [C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Cookies]
08/17/2011  05:31 PM    <JUNCTION>     Local Settings [C:\Users\Ken\AppData\Local]
08/17/2011  05:31 PM    <JUNCTION>     My Documents [C:\Users\Ken\Documents]
08/17/2011  05:31 PM    <JUNCTION>     NetHood [C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/17/2011  05:31 PM    <JUNCTION>     PrintHood [C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/17/2011  05:31 PM    <JUNCTION>     Recent [C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Recent]
08/17/2011  05:31 PM    <JUNCTION>     SendTo [C:\Users\Ken\AppData\Roaming\Microsoft\Windows\SendTo]
08/17/2011  05:31 PM    <JUNCTION>     Start Menu [C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu]
08/17/2011  05:31 PM    <JUNCTION>     Templates [C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Ken\AppData\Local
08/17/2011  05:31 PM    <JUNCTION>     Application Data [C:\Users\Ken\AppData\Local]
08/17/2011  05:31 PM    <JUNCTION>     History [C:\Users\Ken\AppData\Local\Microsoft\Windows\History]
08/17/2011  05:31 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Ken\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Ken\Documents
08/17/2011  05:31 PM    <JUNCTION>     My Music [C:\Users\Ken\Music]
08/17/2011  05:31 PM    <JUNCTION>     My Pictures [C:\Users\Ken\Pictures]
08/17/2011  05:31 PM    <JUNCTION>     My Videos [C:\Users\Ken\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
07/13/2009  11:08 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/13/2009  11:08 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/13/2009  11:08 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\winsxs\amd64_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_118cf1dcd54a3dea
07/13/2009  07:29 PM    <SYMLINK>      MpEvMsg.dll [c:\windows\system32\config]
               1 File(s)         52,224 bytes
 Directory of C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c
07/13/2009  07:41 PM    <SYMLINK>      MpAsDesc.dll [c:\windows\system32\config]
07/13/2009  07:41 PM    <SYMLINK>      MpClient.dll [c:\windows\system32\config]
07/13/2009  07:39 PM    <SYMLINK>      MpCmdRun.exe [c:\windows\system32\config]
07/13/2009  07:41 PM    <SYMLINK>      MpCommu.dll [c:\windows\system32\config]
07/13/2009  07:41 PM    <SYMLINK>      MpOAV.dll [c:\windows\system32\config]
07/13/2009  07:41 PM    <SYMLINK>      MpRTP.dll [c:\windows\system32\config]
07/13/2009  07:41 PM    <SYMLINK>      MpSvc.dll [c:\windows\system32\config]
07/13/2009  07:39 PM    <SYMLINK>      MSASCui.exe [c:\windows\system32\config]
07/13/2009  07:29 PM    <SYMLINK>      MsMpLics.dll [c:\windows\system32\config]
07/13/2009  07:41 PM    <SYMLINK>      MsMpRes.dll [c:\windows\system32\config]
              10 File(s)      3,806,208 bytes
 Directory of C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306
07/13/2009  07:41 PM    <SYMLINK>      MpAsDesc.dll [c:\windows\system32\config]
07/13/2009  07:41 PM    <SYMLINK>      MpClient.dll [c:\windows\system32\config]
07/13/2009  07:39 PM    <SYMLINK>      MpCmdRun.exe [c:\windows\system32\config]
07/13/2009  07:41 PM    <SYMLINK>      MpCommu.dll [c:\windows\system32\config]
07/13/2009  07:41 PM    <SYMLINK>      MpOAV.dll [c:\windows\system32\config]
07/13/2009  07:41 PM    <SYMLINK>      MpRTP.dll [c:\windows\system32\config]
07/13/2009  07:41 PM    <SYMLINK>      MpSvc.dll [c:\windows\system32\config]
07/13/2009  07:39 PM    <SYMLINK>      MSASCui.exe [c:\windows\system32\config]
11/20/2010  07:27 AM    <SYMLINK>      MsMpCom.dll [c:\windows\system32\config]
07/13/2009  07:29 PM    <SYMLINK>      MsMpLics.dll [c:\windows\system32\config]
07/13/2009  07:41 PM    <SYMLINK>      MsMpRes.dll [c:\windows\system32\config]
              11 File(s)      3,867,136 bytes
     Total Files Listed:
              34 File(s)     11,644,928 bytes
              51 Dir(s)  659,043,024,896 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/08/17 22:11:53 | 000,000,221 | -HS- | M] () -- C:\Users\Ken\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
[2013/11/10 12:03:07 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ken\Desktop\HijackThis.exe
[2013/11/10 19:58:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
< End of report >

Edited by olddog, 10 November 2013 - 08:40 PM.

    Advertisements

Register to Remove


#2 Robybel

Robybel

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,536 posts

Posted 11 November 2013 - 11:21 AM

Hi and Welcome!! olddog :)
My name is Robybel.
I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  •  
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Vista and Windows 7 users:
These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.
Having said that....Let's get going!! ;)

==============================

**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information.
You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft.
More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

Unfortunately I have found what is known as the ZeroAccess on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself.
As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.

If you would like to format and reinstall your Operating System please let me know and we can assist you with that.
If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help.

-----------------------------

FRST.jpgFRST

Download the 32 bit or 64 bit version for your system of FRST and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

- Proud Graduate of WTT Classroom -

Member of UNITE

Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation Posted Image

#3 olddog

olddog

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 12 November 2013 - 10:02 PM

Robybel

 

I do not have another uninfected "clean" computer to download to flash drive. I will not have that until the 27th . Should I wait til then and restart the process ? Or proceed with trying to download flash drive through the infected machine ? Additionally my printer is out !  HP top of line barely out of warr. working on HP. I also do not have a repair , or a system restore , or Windows installation disk that I know of. The Dell disks seem to be drivers etc.!


Edited by olddog, 12 November 2013 - 10:08 PM.


#4 Robybel

Robybel

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,536 posts

Posted 14 November 2013 - 04:57 AM

Ok olddog

Please read through these instructions to familarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:but rename it to Robybel.exe before saving it to your desktop.



Link 1
Link 2



*VERY IMPORTANT- Save Robybel.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
- Proud Graduate of WTT Classroom -

Member of UNITE

Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation Posted Image

#5 Robybel

Robybel

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,536 posts

Posted 17 November 2013 - 08:40 AM

Still need help?
- Proud Graduate of WTT Classroom -

Member of UNITE

Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation Posted Image

#6 olddog

olddog

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 17 November 2013 - 06:02 PM

Yes. I turned off all known anti virus /malware . Started scan and after it copied registry I received a message "warning" Mcafee anti virus and malware is still running. Turn off etc. ok to continue. This box has since disappeared??? something threw me off line and it was gone when it came back on. Mcafee was on the original Dell load and expired. I can not find any Icon or file where it it running from to shut it down. Trying to contact  my other Guru "daughter" who led me to this site. She may know where it is .She has Dell also.


Edited by olddog, 17 November 2013 - 06:08 PM.


#7 olddog

olddog

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 17 November 2013 - 08:04 PM

My local Guru said  they  had  uninstalled Mcafee. to go ahead and run the scan and post the log that the scan may be seeing something somewhere to think it was still active. So here is the log.

 

ComboFix 13-11-16.01 - Ken 11/17/2013  19:28:01.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6109.4664 [GMT -6:00]
Running from: c:\users\Ken\Downloads\Robybel.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\B83F.tmp
c:\programdata\Microsoft\Windows\DRM\C2D9.tmp
c:\programdata\Microsoft\Windows\DRM\C2DA.tmp
c:\windows\SysWow64\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-18 to 2013-11-18  )))))))))))))))))))))))))))))))
.
.
2013-11-13 09:04 . 2013-10-12 06:35 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-13 09:03 . 2013-10-12 08:45 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-11-13 03:03 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-11-11 01:16 . 2013-08-05 17:50 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2013-11-11 01:12 . 2013-11-11 01:12 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-11 01:03 . 2013-11-11 01:12 -------- d-----w- c:\programdata\Oracle
2013-11-11 01:03 . 2013-11-11 01:03 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-11-11 01:01 . 2013-11-11 01:01 -------- d-----w- c:\users\Ken\AppData\Roaming\SystemRequirementsLab
2013-11-11 00:58 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-11 00:58 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-11 00:58 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-11 00:58 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-11 00:58 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-11 00:58 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-11 00:58 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-11 00:55 . 2013-11-11 00:55 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2013-11-10 18:27 . 2013-11-10 18:27 -------- d-----w- c:\users\Ken\AppData\Roaming\AVAST Software
2013-11-10 18:27 . 2013-11-11 06:27 409832 ----a-w- c:\windows\system32\drivers\aswsp.sys
2013-11-10 18:27 . 2013-11-10 18:27 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-10 18:27 . 2013-11-10 18:27 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-10 18:27 . 2013-11-10 18:27 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-10 18:27 . 2013-11-10 18:27 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-10 18:27 . 2013-11-10 18:27 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-10 18:27 . 2013-11-10 18:27 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-10 18:27 . 2013-11-10 18:27 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-10 18:27 . 2013-11-10 18:27 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-10 18:27 . 2013-11-10 18:27 43152 ----a-w- c:\windows\avastSS.scr
2013-11-10 18:27 . 2013-11-10 18:27 -------- d-----w- c:\program files\AVAST Software
2013-11-10 18:26 . 2013-11-10 18:26 -------- d-----w- c:\programdata\AVAST Software
2013-11-05 22:56 . 2013-11-10 18:11 291 ----a-w- c:\programdata\lfrwlarlc.reg
2013-10-30 19:50 . 2013-10-30 19:50 34816 ----a-w- c:\programdata\Microsoft\Windows\DRM\B81F.tmp
2013-10-29 00:52 . 2013-11-10 18:29 -------- d-----w- c:\users\Ken\AppData\Local\Amd
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-13 09:01 . 2011-09-08 06:23 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-10-11 19:17 . 2013-10-11 19:17 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2013-10-08 22:44 . 2011-08-17 18:22 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-08 02:30 . 2013-10-09 23:30 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-09 23:30 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-09 23:30 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-08-29 02:17 . 2013-10-09 23:30 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-09 23:30 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-09 23:30 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-09 23:30 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-09 23:30 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-09 23:30 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-09 23:30 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-09 23:30 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-09 23:30 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-09 23:30 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-09 23:30 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-09 23:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-09 23:30 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-09 23:30 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-09 23:30 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-09 23:30 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-09 23:30 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-09 23:29 461312 ----a-w- c:\windows\system32\scavengeui.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2013-08-31 00:26 1423520 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.3.107.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-04 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-02 20472992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellComms"="c:\program files (x86)\Dell\DellComms\bin\sprtcmd.exe" [2009-05-05 206064]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-10 3568312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2012-05-18 559616]
.
c:\users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.exe [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.107.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.107.0\BBSvc.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe;c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-17 01:10 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-21 22:44]
.
2013-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04 00:00]
.
2013-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04 00:00]
.
2013-11-17 c:\windows\Tasks\Norton Security Scan for Ken.job
- c:\progra~2\NORTON~2\Engine\372~1.5\Nss.exe [2012-09-24 08:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2013-08-31 00:21 1142944 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.3.107.0\amd64\BingExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-10 18:27 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-14 163360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-14 387616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-14 418336]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 24.93.41.125 24.93.41.126 209.18.47.61
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Amd Update - c:\users\Ken\AppData\Local\Amd\bordbk150.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
.
**************************************************************************
.
Completion time: 2013-11-17  19:43:27 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-18 01:43
.
Pre-Run: 657,416,519,680 bytes free
Post-Run: 658,595,229,696 bytes free
.
- - End Of File - - 048608C9037FCDCC3154C369151E1727
CDB4DE4BBD714F152979DA2DCBEF57EB


#8 Robybel

Robybel

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,536 posts

Posted 19 November 2013 - 02:33 PM

Hi Olddog

 

Please follow all previous instructions regarding security programs.

Open a new Notepad session

  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

ClearJavaCache:: 

SecCenter::
{86355677-4064-3EA7-ABB3-1B136EB04637}
{BE0ED752-0A0B-3FFF-80EC-B2269063014C}
{3D54B793-665E-3129-9103-206115370C8A}

File::
c:\programdata\Microsoft\Windows\DRM\B81F.tmp

In the notepad

  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save

Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

CFScriptB-4.gif

 

 

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


- Proud Graduate of WTT Classroom -

Member of UNITE

Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation Posted Image

#9 olddog

olddog

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 20 November 2013 - 05:27 PM

Ran scan as directed here is the log from CFScript::

 

ComboFix 13-11-16.01 - Ken 11/20/2013  17:07:00.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6109.4881 [GMT -6:00]
Running from: c:\users\Ken\Downloads\Robybel.exe
Command switches used :: c:\users\Ken\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Microsoft\Windows\DRM\B81F.tmp"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\B81F.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-20 to 2013-11-20  )))))))))))))))))))))))))))))))
.
.
2013-11-20 23:12 . 2013-11-20 23:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-18 21:22 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-11-18 21:22 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-11-18 21:22 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-11-18 21:22 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-11-18 21:22 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-11-18 21:22 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-11-18 21:22 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-11-13 09:03 . 2013-10-12 08:45 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-11-13 03:03 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-11-11 01:16 . 2013-08-05 17:50 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2013-11-11 01:12 . 2013-11-11 01:12 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-11 01:03 . 2013-11-11 01:12 -------- d-----w- c:\programdata\Oracle
2013-11-11 01:03 . 2013-11-11 01:03 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-11-11 01:01 . 2013-11-11 01:01 -------- d-----w- c:\users\Ken\AppData\Roaming\SystemRequirementsLab
2013-11-11 00:58 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-11 00:58 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-11 00:58 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-11 00:58 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-11 00:58 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-11 00:58 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-11 00:58 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-11 00:55 . 2013-11-11 00:55 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2013-11-10 18:27 . 2013-11-10 18:27 -------- d-----w- c:\users\Ken\AppData\Roaming\AVAST Software
2013-11-10 18:27 . 2013-11-11 06:27 409832 ----a-w- c:\windows\system32\drivers\aswsp.sys
2013-11-10 18:27 . 2013-11-10 18:27 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-10 18:27 . 2013-11-10 18:27 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-10 18:27 . 2013-11-10 18:27 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-10 18:27 . 2013-11-10 18:27 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-10 18:27 . 2013-11-10 18:27 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-10 18:27 . 2013-11-10 18:27 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-10 18:27 . 2013-11-10 18:27 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-10 18:27 . 2013-11-10 18:27 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-10 18:27 . 2013-11-10 18:27 43152 ----a-w- c:\windows\avastSS.scr
2013-11-10 18:27 . 2013-11-10 18:27 -------- d-----w- c:\program files\AVAST Software
2013-11-10 18:26 . 2013-11-10 18:26 -------- d-----w- c:\programdata\AVAST Software
2013-11-05 22:56 . 2013-11-10 18:11 291 ----a-w- c:\programdata\lfrwlarlc.reg
2013-10-29 00:52 . 2013-11-10 18:29 -------- d-----w- c:\users\Ken\AppData\Local\Amd
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-13 09:01 . 2011-09-08 06:23 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-10-11 19:17 . 2013-10-11 19:17 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2013-10-08 22:44 . 2011-08-17 18:22 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-08 02:30 . 2013-10-09 23:30 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-09 23:30 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-09 23:30 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-08-29 02:17 . 2013-10-09 23:30 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-09 23:30 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-09 23:30 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-09 23:30 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-09 23:30 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-09 23:30 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-09 23:30 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-09 23:30 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-09 23:30 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-09 23:30 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-09 23:30 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-09 23:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-09 23:30 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-09 23:30 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-09 23:30 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-09 23:30 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-09 23:30 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-09 23:29 461312 ----a-w- c:\windows\system32\scavengeui.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2013-08-31 00:26 1423520 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.3.107.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-04 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-02 20472992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellComms"="c:\program files (x86)\Dell\DellComms\bin\sprtcmd.exe" [2009-05-05 206064]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-10 3568312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2012-05-18 559616]
.
c:\users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.107.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.107.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe;c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.exe [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-17 01:10 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-21 22:44]
.
2013-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04 00:00]
.
2013-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-04 00:00]
.
2013-11-17 c:\windows\Tasks\Norton Security Scan for Ken.job
- c:\progra~2\NORTON~2\Engine\372~1.5\Nss.exe [2012-09-24 08:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2013-08-31 00:21 1142944 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.3.107.0\amd64\BingExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-10 18:27 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-14 163360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-14 387616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-14 418336]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 24.93.41.125 24.93.41.126 209.18.47.61
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-20  17:13:59
ComboFix-quarantined-files.txt  2013-11-20 23:13
ComboFix2.txt  2013-11-18 01:43
.
Pre-Run: 661,033,115,648 bytes free
Post-Run: 660,783,300,608 bytes free
.
- - End Of File - - 2EF3AA1CE93CE34AB75B7FC78A7C71AE
CDB4DE4BBD714F152979DA2DCBEF57EB


#10 Robybel

Robybel

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,536 posts

Posted 21 November 2013 - 01:31 AM

Hi Olddog :)

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
Next
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


Next


ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png
On your next reply please post :
  • Malwarebytes report
  • ESET Report

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
- Proud Graduate of WTT Classroom -

Member of UNITE

Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation Posted Image

    Advertisements

Register to Remove


#11 olddog

olddog

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 21 November 2013 - 07:12 PM

Hi Robybel.

TFC stopped the 1st 2 times about halfway through . 3rd restart ran straight through.

 

MBam ( said no malicious threats found)  log:

 

2013/11/21 15:47:06 -0600 INSPIRON Ken IP-BLOCK 8.26.70.22 (Type: outgoing, Port: 61356, Process: avastsvc.exe)
2013/11/21 16:53:29 -0600 INSPIRON Ken MESSAGE Starting protection
2013/11/21 16:53:29 -0600 INSPIRON Ken MESSAGE Protection started successfully
2013/11/21 16:53:29 -0600 INSPIRON Ken MESSAGE Starting IP protection
2013/11/21 16:53:35 -0600 INSPIRON Ken MESSAGE IP Protection started successfully
2013/11/21 16:55:51 -0600 INSPIRON Ken MESSAGE Starting database refresh
2013/11/21 16:55:51 -0600 INSPIRON Ken MESSAGE Stopping IP protection
2013/11/21 16:55:51 -0600 INSPIRON Ken MESSAGE IP Protection stopped successfully
2013/11/21 16:55:54 -0600 INSPIRON Ken MESSAGE Database refreshed successfully
2013/11/21 16:55:54 -0600 INSPIRON Ken MESSAGE Starting IP protection
2013/11/21 16:55:58 -0600 INSPIRON Ken MESSAGE IP Protection started successfully
 
ESET Report
 
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\B81F.tmp.vir a variant of Win64/Kryptik.EY trojan
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\B83F.tmp.vir a variant of Win64/Kryptik.EY trojan
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\C2D9.tmp.vir a variant of Win64/Kryptik.EY trojan
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\C2DA.tmp.vir a variant of Win64/Kryptik.EY trojan
 
 
From Olddog : The help is much appreciated. Thank you.


#12 Robybel

Robybel

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,536 posts

Posted 22 November 2013 - 01:21 AM

Hi olddog

Please let me know how your machine is running and if there are any outstanding issues.
- Proud Graduate of WTT Classroom -

Member of UNITE

Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation Posted Image

#13 olddog

olddog

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 24 November 2013 - 07:35 PM

Hi  Robybel

 

 Machine seems to be running well and very  fast.   Outstanding issues: sometimes,infrequently not everytime ,when I single click a link or site I still get an ad redirect, they don't seem to be malicious, do not seem to get them if I double click? I don't know if this anything to be concerned about? Has occured on Google Chrome and MSN. My virus( Avast)/ malware(MBAM PRO) didn't really show anything.

In the last ESET  log , what are these and are they deactivated? Orphans , phantoms ?

Once again thank you very much . Olddog

 

 
ESET Report
 
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\B81F.tmp.vir a variant of Win64/Kryptik.EY trojan
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\B83F.tmp.vir a variant of Win64/Kryptik.EY trojan
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\C2D9.tmp.vir a variant of Win64/Kryptik.EY trojan
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\C2DA.tmp.vir a variant of Win64/Kryptik.EY trojan

Edited by olddog, 24 November 2013 - 07:36 PM.


#14 Robybel

Robybel

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 1,536 posts

Posted 25 November 2013 - 12:14 AM

Hi Olddog :)

Very good job ;)
 

In the last ESET log , what are these and are they deactivated? Orphans , phantoms ?[/size]

 
They are some detections in Qoobox. (they will not be active malware so don't worry):
 
Ok Go ahead


Reset browsers

Mozilla Firefox
 

  1. Go to "Start / Run"
  2. Enter the following command:firefox -safe-mode
  3. In the open window (upon launching safe mode), select "Reset preferences to default Firefox"
  4. Click "Make Changes and Restart"
  5. You can now browse properly on Firefox.

Internet Explorer
 

  1. Start Internet Explorer.
  2. On the Tools menu, click Internet Options.
  3. On the Advanced tab, click Reset under Reset Internet Explorer settings.
  4. Check Delete personal settings
  5. In the Reset Internet Explorer Settings dialog box, click Reset to confirm.

Google Chrome
 

  1. Exit Google Chrome completely.
  2. Enter the keyboard shortcut Windows key + E to open Windows Explorer.
  3. In the Windows Explorer window that appears enter the following in the address bar : %USERPROFILE%\Local Settings\Application Data\Google\Chrome\User Data\
  4. Locate the folder called "Default" in the directory window that opens and rename it as "Backup default."

Try opening Google Chrome again. A new "Default" folder is automatically created as you start using the browser.

Next

Re-Run OTL

  • Open OTL again and click the Quick Scan button
  • Post the OTL.txt log it produces in your next reply.

- Proud Graduate of WTT Classroom -

Member of UNITE

Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation Posted Image

#15 olddog

olddog

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 27 November 2013 - 07:39 PM

"Friend" back for Thanksgiving, performing final cleanup. Firefox not installed, but IE and Chrome have been cleaned/backed up now. Here is the final log, and I'm going to set olddog up with AdBlock Plus

 

OTL.Txt:

 

OTL logfile created on: 11/27/2013 7:33:16 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ken\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.97 Gb Total Physical Memory | 4.12 Gb Available Physical Memory | 69.03% Memory free
11.93 Gb Paging File | 9.15 Gb Available in Paging File | 76.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.57 Gb Total Space | 615.97 Gb Free Space | 89.72% Space Free | Partition Type: NTFS
 
Computer Name: INSPIRON | User Name: Ken | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\Ken\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe (SupportSoft, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\3d075c3b7d099aca217beecac1f66b4b\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0149e914e4cfbde7da65d4558af19ce0\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll ()
MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (sprtsvc_DellComms) -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe (SupportSoft, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswsp.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{4CEDE513-3A98-4897-86E1-AC7DBC4503D7}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {7FCE52A8-0AB7-4ADD-B448-8AF55E03C169}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{7FCE52A8-0AB7-4ADD-B448-8AF55E03C169}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.com/ [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{6649DE94-68E1-434C-8EC6-4509FF6DB0EE}: "URL" = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: Skype Click to Call = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Google Wallet = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/11/20 17:12:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\amd64\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\6001f630-658f-48f5-b684-78acb98e79dd.exe (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellComms] C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - Startup: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.15.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.93.41.125 24.93.41.126 209.18.47.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25B84475-4E8E-4608-9F76-FB770156C78D}: DhcpNameServer = 24.93.41.125 24.93.41.126 209.18.47.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4475F8C9-EC14-4775-853A-02CCCF60F423}: DhcpNameServer = 24.93.41.125 24.93.41.126 209.18.47.61
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/21 16:39:41 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Ken\Desktop\TFC.exe
[2013/11/20 17:14:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/11/20 17:14:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/11/17 19:25:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/11/17 19:25:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/11/17 19:25:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/11/16 19:57:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/11/16 19:57:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/11/10 19:58:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2013/11/10 19:16:39 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013/11/10 19:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/11/10 19:03:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/11/10 19:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/11/10 19:01:30 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\SystemRequirementsLab
[2013/11/10 18:55:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2013/11/10 12:27:55 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\AVAST Software
[2013/11/10 12:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/11/10 12:27:35 | 001,032,416 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/11/10 12:27:35 | 000,409,832 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2013/11/10 12:27:35 | 000,065,264 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/11/10 12:27:34 | 000,092,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/11/10 12:27:34 | 000,084,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/11/10 12:27:34 | 000,038,984 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/11/10 12:27:33 | 000,334,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/11/10 12:27:32 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/10 12:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/11/10 12:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/11/10 12:03:06 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ken\Desktop\HijackThis.exe
[2013/10/30 14:44:47 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/27 19:11:56 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/27 19:10:38 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/27 19:10:38 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/27 19:07:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/27 19:05:45 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/27 19:05:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/21 19:28:17 | 000,730,596 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/21 19:28:17 | 000,627,104 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/21 19:28:17 | 000,107,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/21 19:23:15 | 509,333,503 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/21 16:39:42 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\TFC.exe
[2013/11/20 17:12:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/11/17 18:27:03 | 000,001,142 | ---- | M] () -- C:\Users\Ken\Desktop\McAfee - Shortcut.lnk
[2013/11/17 17:35:45 | 000,000,398 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Ken.job
[2013/11/16 20:05:34 | 000,000,017 | ---- | M] () -- C:\Users\Ken\AppData\Local\resmon.resmoncfg
[2013/11/16 19:27:35 | 000,001,125 | ---- | M] () -- C:\Users\Ken\Desktop\Robybel.exe - Shortcut.lnk
[2013/11/16 19:14:19 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/11 00:27:38 | 000,409,832 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2013/11/10 19:58:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2013/11/10 19:43:59 | 000,000,082 | ---- | M] () -- C:\Users\Ken\Desktop\Are you Infected- Need Help- - Virus, Spyware & Malware Removal - What the Tech-!.url
[2013/11/10 19:27:32 | 000,015,588 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2013/11/10 12:27:47 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/10 12:27:33 | 001,032,416 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/11/10 12:27:33 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/11/10 12:27:33 | 000,205,320 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/11/10 12:27:33 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/11/10 12:27:33 | 000,084,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/11/10 12:27:33 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/11/10 12:27:33 | 000,065,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/11/10 12:27:33 | 000,038,984 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/11/10 12:27:32 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/10 12:12:25 | 095,025,368 | ---- | M] () -- C:\ProgramData\lfrwlarlc.bxx
[2013/11/10 12:11:54 | 000,000,291 | ---- | M] () -- C:\ProgramData\lfrwlarlc.reg
[2013/11/10 12:10:31 | 000,000,000 | ---- | M] () -- C:\ProgramData\lfrwlarlc.fvv
[2013/11/10 12:03:07 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ken\Desktop\HijackThis.exe
[2013/11/04 15:42:43 | 531,835,657 | ---- | M] () -- C:\Windows\MEMORY.DMP
 
========== Files Created - No Company Name ==========
 
[2013/11/17 19:25:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/11/17 19:25:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/11/17 19:25:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/11/17 19:25:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/11/17 19:25:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/11/17 18:27:03 | 000,001,142 | ---- | C] () -- C:\Users\Ken\Desktop\McAfee - Shortcut.lnk
[2013/11/16 20:05:34 | 000,000,017 | ---- | C] () -- C:\Users\Ken\AppData\Local\resmon.resmoncfg
[2013/11/16 19:27:35 | 000,001,125 | ---- | C] () -- C:\Users\Ken\Desktop\Robybel.exe - Shortcut.lnk
[2013/11/10 19:43:59 | 000,000,082 | ---- | C] () -- C:\Users\Ken\Desktop\Are you Infected- Need Help- - Virus, Spyware & Malware Removal - What the Tech-!.url
[2013/11/10 19:27:32 | 000,015,588 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2013/11/10 12:27:47 | 000,001,968 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/10 12:27:35 | 000,205,320 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/11/10 12:27:35 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/11/05 16:56:35 | 000,000,291 | ---- | C] () -- C:\ProgramData\lfrwlarlc.reg
[2013/11/05 15:50:58 | 000,000,000 | ---- | C] () -- C:\ProgramData\lfrwlarlc.fvv
[2013/11/05 15:50:55 | 095,025,368 | ---- | C] () -- C:\ProgramData\lfrwlarlc.bxx
[2013/10/30 14:44:39 | 531,835,657 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/07/07 17:37:36 | 000,743,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/11/10 12:27:55 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\AVAST Software
[2013/11/10 19:01:30 | 000,000,000 | ---D | M] -- C:\Users\Ken\AppData\Roaming\SystemRequirementsLab
 
========== Purity Check ==========
 
 
 
< End of report >

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users