Jump to content


Photo
- - - - -

Windows Firewall Problem


  • This topic is locked This topic is locked
28 replies to this topic

#1 brecko8700

brecko8700

    New Member

  • Members
  • Pip
  • 14 posts

Posted 10 November 2011 - 12:45 AM

Hi, I have been having issues with malware and search engine redirecting. "Cloud Protection" and "Privacy Protection" had both infected my computer but I have been able to get both of them removed. The windows firewall is disabled and is unable to restart. I have ran malware bytes and removed quite a few problems. Windows firewall will not start. It's ability to run depends on the base filtering engine, which is working properly and running, and the "windows firewall authorization driver". In device manager, after showing hidden objects, the "windows firewall authorization driver" has a yellow exclamation point next to it, and when opened, it states "This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)".

Any help with this issue would be greatly appreciated.

#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 10 November 2011 - 12:47 PM

Hello brecko8700! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Please make sure you follow the instructions here:
http://forums.malwar...showtopic=97530
http://forums.malwar...showtopic=99247

Once finished, please post the log file from Malwarebytes' Anti-Malware.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 brecko8700

brecko8700

    New Member

  • Members
  • Pip
  • 14 posts

Posted 11 November 2011 - 11:26 PM

So there were 87 items found during this scan. I removed all of them. I forgot to mention in my first post, but there are a couple of other things going on. I am having an issue with websites being redirected from google, and also my web browser opens by itself and goes to the same "redirect" site. And lastly, about half of the icons on my desktop are transparent, like they are hidden files. Heres the log from the scan:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8129

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

11/11/2011 8:09:18 PM
mbam-log-2011-11-11 (20-09-18).txt

Scan type: Quick scan
Objects scanned: 173223
Time elapsed: 5 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 79
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ZYXwwkUVelOB8234A (Trojan.FakeAlert.CLGen) -> Value: ZYXwwkUVelOB8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aYXwwkUVelOBP8234A (Trojan.FakeAlert.CLGen) -> Value: aYXwwkUVelOBP8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QYXwwkUVelOBPy8234A (Trojan.FakeAlert.CLGen) -> Value: QYXwwkUVelOBPy8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gWJJ7fEL8gTZhC8234A (Trojan.FakeAlert.CLGen) -> Value: gWJJ7fEL8gTZhC8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lnm6WJ7fEL8TZhC8234A (Trojan.FakeAlert.CLGen) -> Value: lnm6WJ7fEL8TZhC8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DzNS2iibD3pG4Lr8234A (Trojan.FakeAlert.CLGen) -> Value: DzNS2iibD3pG4Lr8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bhZNeF23C1e8234A (Trojan.FakeAlert.CLGen) -> Value: bhZNeF23C1e8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bVmsWWfgxmr8234A (Trojan.FakeAlert.CLGen) -> Value: bVmsWWfgxmr8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FwjjUCCel8234A (Trojan.FakeAlert.CLGen) -> Value: FwjjUCCel8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KwjjUCCelIBzPNx8234A (Trojan.FakeAlert.CLGen) -> Value: KwjjUCCelIBzPNx8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bwjjUCCelIBzPyx8234A (Trojan.FakeAlert.CLGen) -> Value: bwjjUCCelIBzPyx8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Fl3PCsNeo8234A (Trojan.FakeAlert.CLGen) -> Value: Fl3PCsNeo8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\j3PCsNeoW98234A (Trojan.FakeAlert.CLGen) -> Value: j3PCsNeoW98234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\r1l3PCsNeoK98234A (Trojan.FakeAlert.CLGen) -> Value: r1l3PCsNeoK98234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1l3PCsNeoK98234A (Trojan.FakeAlert.CLGen) -> Value: l1l3PCsNeoK98234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\K3PCsNeoW9HCO8234A (Trojan.FakeAlert.CLGen) -> Value: K3PCsNeoW9HCO8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LlddiiVNtxAucS8234A (Trojan.FakeAlert.CLGen) -> Value: LlddiiVNtxAucS8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kl3PCsNeoK9HCOm8234A (Trojan.FakeAlert.CLGen) -> Value: Kl3PCsNeoK9HCOm8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bl3PCsNeoK9HCOm8234A (Trojan.FakeAlert.CLGen) -> Value: bl3PCsNeoK9HCOm8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ul3PCsNeoW9HCOm8234A (Trojan.FakeAlert.CLGen) -> Value: Ul3PCsNeoW9HCOm8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ye3PCsNeoW9HCOm8234A (Trojan.FakeAlert.CLGen) -> Value: ye3PCsNeoW9HCOm8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Wl3PCsNeoK9HCOm8234A (Trojan.FakeAlert.CLGen) -> Value: Wl3PCsNeoK9HCOm8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DbwjkXVOmSj7Pdj8234A (Trojan.FakeAlert.CLGen) -> Value: DbwjkXVOmSj7Pdj8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GFPxw8fVYX8234A (Trojan.FakeAlert.CLGen) -> Value: GFPxw8fVYX8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Nxw8fVYXwkUVeOt8234A (Trojan.FakeAlert.CLGen) -> Value: Nxw8fVYXwkUVeOt8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\G7trmJbVm68234A (Trojan.FakeAlert.CLGen) -> Value: G7trmJbVm68234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mtUmJbVm6sW7fL88234A (Trojan.FakeAlert.CLGen) -> Value: mtUmJbVm6sW7fL88234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WfffELL8gTZqYwU8234A (Trojan.FakeAlert.CLGen) -> Value: WfffELL8gTZqYwU8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cyyyeF5sJ7dE8234A (Trojan.FakeAlert.CLGen) -> Value: cyyyeF5sJ7dE8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HTTTZqqhYCw8234A (Trojan.FakeAlert.CLGen) -> Value: HTTTZqqhYCw8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uEoJTTZqhYCw8234A (Trojan.FakeAlert.CLGen) -> Value: uEoJTTZqhYCw8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uTTTZqqhYCwk8234A (Trojan.FakeAlert.CLGen) -> Value: uTTTZqqhYCwk8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SEoJTTZqhYCwU8234A (Trojan.FakeAlert.CLGen) -> Value: SEoJTTZqhYCwU8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dtcSS1ivD34mHsW8234A (Trojan.FakeAlert.CLGen) -> Value: dtcSS1ivD34mHsW8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Vl1ibD33on4HZCk8234A (Trojan.FakeAlert.CLGen) -> Value: Vl1ibD33on4HZCk8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ql1ibD33on4HZCk8234A (Trojan.FakeAlert.CLGen) -> Value: ql1ibD33on4HZCk8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\v1iibD3oon4HZCk8234A (Trojan.FakeAlert.CLGen) -> Value: v1iibD3oon4HZCk8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ohhhTXwwjUC8234A (Trojan.FakeAlert.CLGen) -> Value: ohhhTXwwjUC8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TktxxP0uu8234A (Trojan.FakeAlert.CLGen) -> Value: TktxxP0uu8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aktxxP0uuS8234A (Trojan.FakeAlert.CLGen) -> Value: aktxxP0uuS8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\owtxxP0uuS18234A (Trojan.FakeAlert.CLGen) -> Value: owtxxP0uuS18234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VtxxPP0ucS1iD3n8234A (Trojan.FakeAlert.CLGen) -> Value: VtxxPP0ucS1iD3n8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qiiivDD3o8234A (Trojan.FakeAlert.CLGen) -> Value: qiiivDD3o8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\P11iivD33nF4aHs8234A (Trojan.FakeAlert.CLGen) -> Value: P11iivD33nF4aHs8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\k1ivvD2nF4p8234A (Trojan.FakeAlert.CLGen) -> Value: k1ivvD2nF4p8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vJJ7dEKzeyxA18234A (Trojan.FakeAlert.CLGen) -> Value: vJJ7dEKzeyxA18234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QCLgZYCIVrltP0c8234A (Trojan.FakeAlert.CLGen) -> Value: QCLgZYCIVrltP0c8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FLgZYCIIVrltP0c8234A (Trojan.FakeAlert.CLGen) -> Value: FLgZYCIIVrltP0c8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Av7BPNyyx8234A (Trojan.FakeAlert.CLGen) -> Value: Av7BPNyyx8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\y334hhTwjUelBNv8234A (Trojan.FakeAlert.CLGen) -> Value: y334hhTwjUelBNv8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IrrOBttxPyc18234A (Trojan.FakeAlert.CLGen) -> Value: IrrOBttxPyc18234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Q17BPNyyxAuvSqe8234A (Trojan.FakeAlert.CLGen) -> Value: Q17BPNyyxAuvSqe8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xD7BPNyyxAuvSqe8234A (Trojan.FakeAlert.CLGen) -> Value: xD7BPNyyxAuvSqe8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\L7BPPyyxA1uSqeF8234A (Trojan.FakeAlert.CLGen) -> Value: L7BPPyyxA1uSqeF8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WNxxA00uS2b3p5Q8234A (Trojan.FakeAlert.CLGen) -> Value: WNxxA00uS2b3p5Q8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WWpn6KK7fRLgTXj8234A (Trojan.FakeAlert.CLGen) -> Value: WWpn6KK7fRLgTXj8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Wdpn6KK7fRLgTXj8234A (Trojan.FakeAlert.CLGen) -> Value: Wdpn6KK7fRLgTXj8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PGGG5zWfRL98234A (Trojan.FakeAlert.CLGen) -> Value: PGGG5zWfRL98234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qGGG5zWfRL9h8234A (Trojan.FakeAlert.CLGen) -> Value: qGGG5zWfRL9h8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Q2tGG5zWfRL9XqC8234A (Trojan.FakeAlert.CLGen) -> Value: Q2tGG5zWfRL9XqC8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gGG5zWffRLhXqUk8234A (Trojan.FakeAlert.CLGen) -> Value: gGG5zWffRLhXqUk8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KSbF3pm5QJ8234A (Trojan.FakeAlert.CLGen) -> Value: KSbF3pm5QJ8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NbFF3pmGQJdKLT8234A (Trojan.FakeAlert.CLGen) -> Value: NbFF3pmGQJdKLT8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UPbF3pmGQJdKLTq8234A (Trojan.FakeAlert.CLGen) -> Value: UPbF3pmGQJdKLTq8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UPbF3pm5QJdKLTq8234A (Trojan.FakeAlert.CLGen) -> Value: UPbF3pm5QJdKLTq8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kl044m5sQ7dK8zS8234A (Trojan.FakeAlert.CLGen) -> Value: kl044m5sQ7dK8zS8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\j044pm5sQ7dK8zS8234A (Trojan.FakeAlert.CLGen) -> Value: j044pm5sQ7dK8zS8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FS22FnGa6dWK8234A (Trojan.FakeAlert.CLGen) -> Value: FS22FnGa6dWK8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RnnG5a6ddK7fL98234A (Trojan.FakeAlert.CLGen) -> Value: RnnG5a6ddK7fL98234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aZ22onnF4pHQ7E88234A (Trojan.FakeAlert.CLGen) -> Value: aZ22onnF4pHQ7E88234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qJn4pmH5sQJ78234A (Trojan.FakeAlert.CLGen) -> Value: qJn4pmH5sQJ78234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\F9hhYXwUe8234A (Trojan.FakeAlert.CLGen) -> Value: F9hhYXwUe8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a89hhXwUelBzN138234A (Trojan.FakeAlert.CLGen) -> Value: a89hhXwUelBzN138234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OjIxi7WdqV8234A (Trojan.FakeAlert.CLGen) -> Value: OjIxi7WdqV8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NjIxi7WdqVt8234A (Trojan.FakeAlert.CLGen) -> Value: NjIxi7WdqVt8234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\H23Yzu35dqVtF238234A (Trojan.FakeAlert.CLGen) -> Value: H23Yzu35dqVtF238234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SjIxi7WdqVtF2358234A (Trojan.FakeAlert.CLGen) -> Value: SjIxi7WdqVtF2358234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DjIxi7WdqVtF2358234A (Trojan.FakeAlert.CLGen) -> Value: DjIxi7WdqVtF2358234A -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PddqkBN2FGJ8Xt8234A (Trojan.FakeAlert.CLGen) -> Value: PddqkBN2FGJ8Xt8234A -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Home\AppData\Local\Temp\wpbt0.dll (Exploit.Drop) -> Quarantined and deleted successfully.
c:\Users\Home\AppData\Local\Temp\0.28225748762686875.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Users\Home\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\winupd.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.

#4 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 12 November 2011 - 06:03 AM

What about the instructions for DDS?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#5 brecko8700

brecko8700

    New Member

  • Members
  • Pip
  • 14 posts

Posted 12 November 2011 - 10:29 AM

Sorry, didn't see the request for DDS. Should I run it and post the log?

#6 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 12 November 2011 - 12:21 PM

Yes, please. Use the instructions here:
http://forums.malwar...?showtopic=9573
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#7 brecko8700

brecko8700

    New Member

  • Members
  • Pip
  • 14 posts

Posted 12 November 2011 - 11:16 PM

Attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/16/2009 8:56:23 AM
System Uptime: 11/12/2011 7:59:19 PM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION | | Benicia
Processor: Pentium® Dual-Core CPU E5200 @ 2.50GHz | CPU 1 | 2500/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 582 GiB total, 436.283 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.931 GiB free.
E: is CDROM (UDF)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6
Combat Arms
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CyberLink DVD Suite Deluxe
DirectX for Managed Code Update (Summer 2004)
DJ_SF_03_D1500_Software_Min
Feedback Tool
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP Odometer
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Support Information
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
Java Auto Updater
Java™ 6 Update 26
LabelPrint
LightScribe System Software
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Default Manager
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Web Publishing Wizard 1.52
Microsoft Works
Mozilla Firefox (3.6.24)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Disney Kitchen
Octoshape add-in for Adobe Flash Player
Picaboo X
PictureMover
Python 2.6.1
QuickTime
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
The Print Shop 23
Toolbox
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
11/9/2011 8:16:22 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.115.1237.0 Loading engine version: 1.1.7702.0
11/9/2011 8:11:55 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
11/9/2011 8:07:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate1ca8fabaf33d630) service to connect.
11/9/2011 8:07:55 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate1ca8fabaf33d630) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/9/2011 7:46:35 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.115.1237.0 Loading engine version: 1.1.7801.0
11/9/2011 6:29:49 PM, Error: Service Control Manager [7001] - The Windows Event Collector service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
11/8/2011 8:00:11 PM, Error: Service Control Manager [7030] - The CGPS Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/8/2011 7:24:22 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 002100E1DA1F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
11/8/2011 6:57:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt spldr Wanarpv6
11/8/2011 6:57:56 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/8/2011 6:57:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/8/2011 6:57:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/8/2011 6:57:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/8/2011 6:57:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/8/2011 6:57:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/8/2011 12:36:28 PM, Error: netbt [4321] - The name "WORKGROUP :0" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer.
11/8/2011 12:36:20 PM, Error: netbt [4321] - The name "WORKGROUP :0" could not be registered on the interface with IP address 192.168.1.5. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer.
11/8/2011 12:36:19 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 002100E1DA1F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
11/7/2011 3:10:31 PM, Error: EventLog [6008] - The previous system shutdown at 9:46:14 PM on 11/6/2011 was unexpected.
11/12/2011 8:01:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
11/12/2011 8:01:20 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
11/12/2011 8:01:20 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
11/11/2011 8:10:36 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 002100E1DA1F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
11/11/2011 5:32:07 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 002100E1DA1F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
11/10/2011 11:15:23 AM, Error: netbt [4321] - The name "WORKGROUP :0" could not be registered on the interface with IP address 192.168.1.2. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================


DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_26
Run by Home at 20:06:35 on 2011-11-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.3825 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\igfxsrvc.exe
C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"C:\Windows\system32\svchost.exe"
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
uRun: [s11iivDD3on4aH5] C:\Users\Home\AppData\Roaming\svhostu.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos1.walmart.com/WalmartActivia.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{659A2472-CCCC-43E3-864C-023B39AB7739} : DhcpNameServer = 192.168.1.1
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun-x64: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun-x64: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\lgc4x2qq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-17 366152]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 gupdate1ca8fabaf33d630;Google Update Service (gupdate1ca8fabaf33d630);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-7 133104]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-18 89920]
S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-7 133104]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-11-13 03:59:39 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A2649D9D-DB71-4623-99A0-8134EA8DDB41}\offreg.dll
2011-11-12 01:15:06 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A2649D9D-DB71-4623-99A0-8134EA8DDB41}\mpengine.dll
2011-11-10 04:55:58 1426304 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-10 04:54:41 893440 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-10 04:54:41 707584 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-10 04:54:41 50688 ----a-w- C:\Program Files\Windows Mail\wabimp.dll
2011-11-10 04:08:14 -------- d-----w- C:\Users\Home\AppData\Roaming\FONyxA0uv2b3n5Q
2011-11-10 04:08:13 -------- d-----w- C:\Users\Home\AppData\Local\PMB Files
2011-11-10 04:08:09 -------- d-----w- C:\Users\Home\AppData\Roaming\dxA1uS2ob3m5Q6W
2011-11-10 04:07:54 -------- d-----w- C:\Users\Home\AppData\Roaming\LdEK8fRZ9TwUeI
2011-11-10 04:07:53 -------- d-----w- C:\Users\Home\AppData\Roaming\u4pmG5sQJ
2011-11-10 04:07:53 -------- d-----w- C:\Users\Home\AppData\Roaming\H4pmG5sQJdKfZhX
2011-11-10 04:07:48 -------- d-----w- C:\Users\Home\AppData\Roaming\YcA1ivD2oFpHsJd
2011-11-09 04:00:27 -------- d-----w- C:\Users\Home\AppData\Local\ID Vault
2011-11-09 04:00:27 -------- d-----w- C:\ProgramData\IsolatedStorage
2011-11-09 04:00:00 -------- d-----w- C:\Users\Home\AppData\Roaming\ID Vault
2011-11-09 03:58:59 -------- d-----w- C:\ProgramData\White Sky, Inc
2011-10-28 02:35:33 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe(960)
2011-10-26 23:12:34 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2011-10-18 14:53:50 -------- d--h--w- C:\Users\Home\AppData\Local\CrashDumps
2011-10-18 03:37:51 -------- d--h--w- C:\Users\Home\AppData\Local\NPE
2011-10-18 01:27:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\Malwarebytes
2011-10-18 01:26:40 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-18 01:26:37 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-18 01:26:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-17 22:44:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\okUUUVrlOBtP0cS
2011-10-17 22:42:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\WcbnQWETYVN01nH
2011-10-17 22:38:40 -------- d--h--w- C:\Users\Home\AppData\Roaming\a36EjVx1Gs
2011-10-17 22:38:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\EDDD2ooF4pmGsQ6
2011-10-17 22:36:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\o2b3GaHdKR9
2011-10-17 22:34:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\V68hjkzAipadRXC
2011-10-17 22:31:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\FOOAiWYN3WjN3JC
2011-10-17 22:31:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\uPoJ9UAmEwzvG6R
2011-10-17 22:30:24 -------- d--h--w- C:\Users\Home\AppData\Roaming\GFFF3pGaTV
2011-10-17 22:30:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\OsJf147qeishB26
2011-10-17 22:30:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\KGG4H66sWJ7ELgT
2011-10-17 22:30:19 -------- d--h--w- C:\Users\Home\AppData\Roaming\x111ivvoaRV
2011-10-17 22:30:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\Z00ccS11ivDon4a
2011-10-17 22:29:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\tbF33pG5aQ
2011-10-17 22:29:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\bddVx0cibD3pG4Q
2011-10-17 22:29:30 -------- d--h--w- C:\Users\Home\AppData\Roaming\appmmHsKhjVelBz
2011-10-17 22:29:17 -------- d--h--w- C:\Users\Home\AppData\Roaming\qyAA1uuvS2ob
2011-10-17 22:29:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\BLgTTZqhC3R04YN
2011-10-17 22:29:09 -------- d--h--w- C:\Users\Home\AppData\Roaming\TIIVVrlOtxP0UrO
2011-10-17 22:29:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\lvmQJJ7dEK8ZYvm
2011-10-17 22:28:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\xXqUa6W7R9XjCks
2011-10-17 22:28:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\O11uuvDD2o
2011-10-17 22:28:24 -------- d--h--w- C:\Users\Home\AppData\Roaming\ZPPPuccS1
2011-10-17 22:28:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\FyyccA1ivD2n5Qu
2011-10-17 22:28:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\bPP0ycA1ivD2n5
2011-10-17 22:28:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\CllOBzzP0yc
2011-10-17 22:27:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\NzpfOoEjAGgrvJ9
2011-10-17 22:27:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\mtZd4PqaitwLHDz
2011-10-17 22:27:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\yZpXujFe6z71BO
2011-10-17 22:27:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\UztrBVrlBzNyxx0
2011-10-17 22:27:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\JjvqPADG42QpV7h
2011-10-17 22:27:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\DyK19vsI6JfheqQ
2011-10-17 22:27:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\D888gTTZqhYCkUr
2011-10-17 22:27:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\cmxJ2rmwbLr17Uv
2011-10-17 22:27:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\aiWYzpfOoE
2011-10-17 22:27:41 -------- d--h--w- C:\Users\Home\AppData\Roaming\vzzOONyxAi2SF3m
2011-10-17 22:27:41 -------- d--h--w- C:\Users\Home\AppData\Roaming\vzOONyxxAi2SF3m
2011-10-17 22:27:40 -------- d--h--w- C:\Users\Home\AppData\Roaming\JBBBrzONNyAi2SF
2011-10-17 22:26:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\vzzOONyyxvSib3p
2011-10-17 22:26:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\vzzOONyxv2ibFpi
2011-10-17 22:26:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\vzOONNyxv2ibFpi
2011-10-17 22:26:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\vOOONNyxv2ibFpi
2011-10-17 22:25:37 -------- d--h--w- C:\Users\Home\AppData\Roaming\LH4jdeoa5EwdCI
2011-10-17 22:24:11 -------- d--h--w- C:\Users\Home\AppData\Roaming\pnnGG5aQH
2011-10-17 22:20:44 -------- d--h--w- C:\Users\Home\AppData\Roaming\gAA11vvD2on4pm5
2011-10-17 22:17:39 -------- d--h--w- C:\Users\Home\AppData\Roaming\vbbD33onG4wVr
2011-10-17 22:17:26 -------- d--h--w- C:\Users\Home\AppData\Roaming\uiibD33onGwV
2011-10-17 22:16:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\H1iibbD3onG
2011-10-17 22:15:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\QS11ibD3onG
2011-10-17 22:15:50 -------- d--h--w- C:\Users\Home\AppData\Roaming\Q111ibD3onG
2011-10-17 22:15:32 -------- d--h--w- C:\Users\Home\AppData\Roaming\H11iibDonG4
2011-10-17 22:15:29 -------- d--h--w- C:\Users\Home\AppData\Roaming\QS1iibDonG4
2011-10-17 22:13:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\okIrrzOOxA0cSi
2011-10-17 22:12:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\o7kIrrzONxA0cS
2011-10-17 22:11:35 -------- d--h--w- C:\Users\Home\AppData\Roaming\nDDD2o45JiJS
2011-10-17 22:10:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\nD22onnFALBz
2011-10-17 22:10:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\mlOOBBtzPy1vDoF
2011-10-17 22:10:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\HOOttzPP0yA1iD2
2011-10-17 22:10:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\UyccAA1ivD2oF4m
2011-10-17 22:09:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\HOOOttzP0ycAiv2
2011-10-17 22:09:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\ZVeelOOBtPy1vDo
2011-10-17 22:09:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\mlOOOBtzP0ycAiD
2011-10-17 22:09:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\HOOOBBtzP0yc1iD
2011-10-17 22:07:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\U0uucc2ibvZqYwI
2011-10-17 22:07:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\SJJJ6ddERZ
2011-10-17 22:07:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\nbbZZqjYCwkI
2011-10-17 22:07:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\nbbnZqjYCwkI
2011-10-17 22:07:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\HjYYCwkIIVlONx
2011-10-17 22:07:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\EOOONttxP0uc1iD
2011-10-17 22:07:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\AwwkIrOtPuSb3n4
2011-10-17 22:07:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\AwkIrOtPuSb3n4m
2011-10-17 22:07:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\AtxxA00uc2bvZjC
2011-10-17 22:07:42 -------- d--h--w- C:\Users\Home\AppData\Roaming\cQQJJ6dEE
2011-10-17 22:05:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\YhebFT8SVr
2011-10-17 22:04:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\ngggTXXqYekIrzN
2011-10-17 22:03:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\rqqhhYXww
2011-10-17 22:02:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\R2YYCCwkVrlOtPu
2011-10-17 22:01:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\WK77fEEL9gTq
2011-10-17 22:00:11 -------- d--h--w- C:\Users\Home\AppData\Roaming\a3ppmG55aQ6dW
2011-10-17 21:58:39 -------- d--h--w- C:\Users\Home\AppData\Roaming\W6SrXs3xwEpAegW
2011-10-17 21:58:36 -------- d--h--w- C:\Users\Home\AppData\Roaming\cXHvlRaSrZs2Pj8
2011-10-17 21:58:35 -------- d--h--w- C:\Users\Home\AppData\Roaming\ymnovzzVrUV
2011-10-17 21:58:35 -------- d--h--w- C:\Users\Home\AppData\Roaming\vlIXLfLE7Q
2011-10-17 21:58:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\UH2lYEyVR3xeEai
2011-10-17 21:58:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\pJdsJWffEL865Gn
2011-10-17 21:57:51 -------- d--h--w- C:\Users\Home\AppData\Roaming\JQov1yNAVYhhgXW
2011-10-17 21:57:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\mqX9JJ55Q6D1SPA
2011-10-17 21:57:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\rov1NPykYhhg
2011-10-17 21:57:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\CmbSAP0BUeCjLf
2011-10-17 21:57:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\OzITZFcUh330tUY
2011-10-17 21:56:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\dW1BXAIdTrTdDxk
2011-10-17 21:56:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\fHH66sWJJ7EL8TZ
2011-10-17 21:56:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\nxeLHtXKpuB5Sxr
2011-10-17 21:56:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\cPUh8dGaJDAA
2011-10-17 21:56:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\USlZQ2PURabCJnc
2011-10-17 21:56:41 -------- d--h--w- C:\Users\Home\AppData\Roaming\hdDxwE4Al
2011-10-17 21:56:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\A85SkfQD0qQ2PCG
2011-10-17 21:56:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\SLHFbF0VVUJ420x
2011-10-17 21:56:21 -------- d--h--w- C:\Users\Home\AppData\Roaming\CPj8Gx94Sqv
2011-10-17 21:56:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\qHm3i1xBIYqLHFb
2011-10-17 21:56:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\dqJoPjfFNT6btwE
2011-10-17 21:55:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\KzXdFyCLaSl9d2r
2011-10-17 21:55:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\nOrq8pSxr
2011-10-17 21:54:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\p9soOXnxw
2011-10-17 21:54:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\YKTezv5QZO45H
2011-10-17 21:54:36 -------- d--h--w- C:\Users\Home\AppData\Roaming\lb3mqpjVlzc2mvK
2011-10-17 21:54:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\vSib3mqpjVlzc
2011-10-17 21:54:27 -------- d--h--w- C:\Users\Home\AppData\Roaming\Q000uS1b3oG
2011-10-17 21:54:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\TOzje9ncPUq985p
2011-10-17 21:54:06 -------- d--h--w- C:\Users\Home\AppData\Roaming\HFAyVOfm2odZeov
2011-10-17 21:53:08 -------- d--h--w- C:\Users\Home\AppData\Roaming\RWS96nSVhEsuzj
2011-10-17 21:53:08 -------- d--h--w- C:\Users\Home\AppData\Roaming\kLHoACRaixURQ4S
2011-10-17 21:53:06 -------- d--h--w- C:\Users\Home\AppData\Roaming\mtXC9ncPUq
2011-10-17 21:53:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\nTWS9WGiO
2011-10-17 21:53:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\NsFvzU9LDtkdFyj
2011-10-17 21:53:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\bwEDlh6uCEnB9db
2011-10-17 21:53:02 -------- d--h--w- C:\Users\Home\AppData\Roaming\q11ivvn4amH5dgX
2011-10-17 21:53:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\cVycS11ivD3oFmH
2011-10-17 21:52:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\VNP1ivvn4
2011-10-17 21:52:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\ro1tXdapNYE4cUK
2011-10-17 21:51:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\SoBRGukEpuCd2
2011-10-17 21:51:27 -------- d--h--w- C:\Users\Home\AppData\Roaming\CKf9qCIVrhHijZ6
2011-10-17 21:50:54 -------- d--h--w- C:\Users\Home\AppData\Roaming\vhsvVnFF4pHsQEg
2011-10-17 21:50:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\PnxZayrRFpH5Qdg
2011-10-17 21:50:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\eCR4xqW4zpH5Qdg
2011-10-17 21:50:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\EEK88RhXUlrkgau
2011-10-17 21:50:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\dEK88RhXUlrkgau
2011-10-17 21:50:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\C66dK8fRhXUlxIX
2011-10-17 21:50:07 -------- d--h--w- C:\Users\Home\AppData\Roaming\AozC9QcrTHAj
2011-10-17 21:50:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\Z2PX6bOjsiOZ5Fy
2011-10-17 21:50:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\nRntqsoNwWFAILa
2011-10-17 21:48:40 -------- d--h--w- C:\Users\Home\AppData\Roaming\m4mBS47qkzv47
2011-10-17 21:48:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\liiibD33o
2011-10-17 21:48:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\hOttxPP0cS1ib3n
2011-10-17 21:48:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\X26ZObWhPn
2011-10-17 21:48:15 -------- d--h--w- C:\Users\Home\AppData\Roaming\tu49ViJYPndw0FR
2011-10-17 21:46:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\TF4a5JERe0D4H7g
2011-10-17 21:45:51 -------- d--h--w- C:\Users\Home\AppData\Roaming\q3oHWfEgy
2011-10-17 21:44:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\Azxv3567gCVNu2D
2011-10-17 21:44:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\rZXlcbJRU
2011-10-17 21:44:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\BrONx0c1b34msW7
2011-10-17 21:44:36 -------- d--h--w- C:\Users\Home\AppData\Roaming\gXjVlBzyAvbpGQ
2011-10-17 21:44:25 -------- d--h--w- C:\Users\Home\AppData\Roaming\Vgli5ZOvs9tD
2011-10-17 21:44:13 -------- d--h--w- C:\Users\Home\AppData\Roaming\U14QgjPDQhB2deS
2011-10-17 21:44:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\yPv47RwtAbs8XI
2011-10-17 21:43:17 -------- d--h--w- C:\Users\Home\AppData\Roaming\dBzyAuSiFn5HdKf
2011-10-17 21:43:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\RmRt49tbfzm9y5X
2011-10-17 21:42:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\wwwrOx0c1Do4m5W
2011-10-17 21:39:37 -------- d--h--w- C:\Users\Home\AppData\Roaming\errzzPNyyx1
2011-10-17 21:29:06 -------- d--h--w- C:\Users\Home\AppData\Roaming\CVelBzzPyA1u2b4
2011-10-17 21:29:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\gnnF4pmHsQ7dR9w
2011-10-17 21:28:40 -------- d--h--w- C:\Users\Home\AppData\Roaming\UnGG446WJ7ELgYC
2011-10-17 21:28:40 -------- d--h--w- C:\Users\Home\AppData\Roaming\A333onnG46WJEgY
2011-10-17 21:28:36 -------- d--h--w- C:\Users\Home\AppData\Roaming\oasETwOcomJgktA
2011-10-17 21:28:29 -------- d--h--w- C:\Users\Home\AppData\Roaming\sHsKLjkVlxS
2011-10-17 21:28:29 -------- d--h--w- C:\Users\Home\AppData\Roaming\lClzyAvoFG6W8hX
2011-10-17 21:28:29 -------- d--h--w- C:\Users\Home\AppData\Roaming\ExSGsgUy1D
2011-10-17 21:28:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\yYr0in45JgXBy2p
2011-10-17 21:28:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\xTqCrzNx0ci3n4
2011-10-17 21:23:27 -------- d--h--w- C:\Users\Home\AppData\Roaming\STqttxzlewRTR8k
2011-10-17 21:23:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\Y7RecyBCj9gfQd7
2011-10-17 21:23:07 -------- d--h--w- C:\Users\Home\AppData\Roaming\s9qlvbo0ytzCwZ
2011-10-17 21:22:48 -------- d--h--w- C:\Users\Home\AppData\Roaming\ht5ZCVz2G
2011-10-17 21:21:19 -------- d--h--w- C:\Users\Home\AppData\Roaming\XUUVellOBycAiv2
2011-10-17 21:21:18 -------- d--h--w- C:\Users\Home\AppData\Roaming\XxxPP0ycS1iD3n4
2011-10-17 21:21:18 -------- d--h--w- C:\Users\Home\AppData\Roaming\XxPP0ycS1ivDoF4
2011-10-17 21:20:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\P99hTTXqjUekIrO
2011-10-17 21:20:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\P99hhTXqjUCkIrO
2011-10-17 21:20:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\iwwkkUVelOBzPyA
2011-10-17 21:20:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\bwwkUUVelOtzPyA
2011-10-17 21:20:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\bwwkkUVelOBzPyA
2011-10-17 21:20:20 -------- d-----w- C:\Users\Home\AppData\Roaming\lD2oonF4pm5sQ7E
2011-10-17 21:07:21 -------- d--h--w- C:\Users\Home\AppData\Roaming\NyyxAA1vS2bFpm
2011-10-17 21:06:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\HfRRRL9hTXqjUeI
2011-10-17 21:06:54 -------- d--h--w- C:\Users\Home\AppData\Roaming\mTUkWnbu7tEHm
2011-10-17 21:06:54 -------- d--h--w- C:\Users\Home\AppData\Roaming\adRTUIf4bu7tEHH
2011-10-17 21:06:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\zT3dLXCsob
2011-10-17 21:06:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\SfDjmdLXCsobu7x
2011-10-17 21:06:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\OuTEojmdLqeWFbu
2011-10-17 21:06:50 -------- d--h--w- C:\Users\Home\AppData\Roaming\rp8UPImSyKFOgsS
2011-10-17 21:06:48 -------- d--h--w- C:\Users\Home\AppData\Roaming\o4KXzLWmSyKFOgs
2011-10-17 21:06:41 -------- d--h--w- C:\Users\Home\AppData\Roaming\zkeelOOBtzP0cAD
2011-10-17 21:06:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\rhYYXXwkUVelBtP
2011-10-17 21:06:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\rhhYYXXwkUVlOtz
2011-10-17 21:06:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\rhhYYXwwkUVlOtz
2011-10-17 21:06:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\o77ffEL88TZqhCk
2011-10-17 21:05:44 -------- d--h--w- C:\Users\Home\AppData\Roaming\uTTTtPpK7fCcr7b
2011-10-17 21:05:44 -------- d--h--w- C:\Users\Home\AppData\Roaming\RwiIIN855WJ7dLg
2011-10-17 21:05:44 -------- d--h--w- C:\Users\Home\AppData\Roaming\RTTTtPpK7fCcr7b
2011-10-17 21:05:44 -------- d--h--w- C:\Users\Home\AppData\Roaming\kXRK77fCcr7
2011-10-17 21:05:44 -------- d--h--w- C:\Users\Home\AppData\Roaming\koKiIN855WJ
2011-10-17 21:05:39 -------- d--h--w- C:\Users\Home\AppData\Roaming\k666dWWK8fR
2011-10-17 21:04:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\yXXXwjUCelIrzNx
2011-10-17 21:04:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\yXXXwjUCelIBzNx
2011-10-17 21:04:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\yXXXwjUCClIBzNx
2011-10-17 21:04:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\LHIq6HUb0DWrVh
2011-10-17 21:04:51 -------- d--h--w- C:\Users\Home\AppData\Roaming\yXwwwUUCelBrzNx
2011-10-17 21:04:51 -------- d--h--w- C:\Users\Home\AppData\Roaming\a99gTXXqjY
2011-10-17 21:04:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\DT1oZ9famH6XoBv
2011-10-17 21:04:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\eLo5qTfamH6XoB
2011-10-17 21:04:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\yeeekIIBrzOvtE4
2011-10-17 21:04:42 -------- d--h--w- C:\Users\Home\AppData\Roaming\qOONNyxxA0vS
2011-10-17 21:04:42 -------- d--h--w- C:\Users\Home\AppData\Roaming\qONNyyxA0uvS
2011-10-17 21:04:42 -------- d--h--w- C:\Users\Home\AppData\Roaming\jNNNyxxA0uv2i
2011-10-17 21:03:36 -------- d--h--w- C:\Users\Home\AppData\Roaming\mVb0D3rVhu4uUCi
2011-10-17 21:03:24 -------- d--h--w- C:\Users\Home\AppData\Roaming\m6HUb0D3rVhu4uU
2011-10-17 21:02:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\dkIq6HUb0
2011-10-17 21:02:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\ydVyNwOBm1LVWoJ
2011-10-17 21:01:41 -------- d--h--w- C:\Users\Home\AppData\Roaming\m9qxanbHoWooKUd
2011-10-17 21:00:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\jFFk4QQJ7e
2011-10-17 20:59:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\yBBBrzzONyx
2011-10-17 20:59:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\xrrzzONyyx0
2011-10-17 20:59:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\qOOONyyxA0uS
2011-10-17 20:59:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\qOONNyxxA0u2
2011-10-17 20:59:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\pekkIBBrz
2011-10-17 20:59:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\nkIIBrrzO
2011-10-17 20:59:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\GIBBrrzONy
2011-10-17 20:59:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\GBBBrzzONy
2011-10-17 20:59:31 -------- d-----w- C:\Users\Home\AppData\Roaming\yBBrrzOONyx
2011-10-17 20:59:30 -------- d--h--w- C:\Users\Home\AppData\Roaming\UVJo75cVUVci4x
2011-10-17 20:57:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\To9KesGy3
2011-10-17 20:57:25 -------- d--h--w- C:\Users\Home\AppData\Roaming\FJqadplavk9j
2011-10-17 20:56:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\CIfvJAITLkaLAVw
2011-10-17 20:56:29 -------- d--h--w- C:\Users\Home\AppData\Roaming\JBrrzzPEENVCPhT
2011-10-17 20:56:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\JBBBrzzEENVCPhT
2011-10-17 20:54:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\QdPCNlN3NbjDqH
2011-10-17 20:54:11 -------- d--h--w- C:\Users\Home\AppData\Roaming\uGswGX5sSgTFUUS
2011-10-17 20:53:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\p8CVW41EFbnxFye
2011-10-17 20:48:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\Hc6VdfRZTwjUlIr
2011-10-17 20:48:34 -------- d--h--w- C:\Users\Home\AppData\Roaming\mPPP0yycA1iDo
2011-10-17 20:46:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\xsssWWJ7fELqhC
2011-10-17 20:46:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\PCwwVWOyHVQX1W0
2011-10-17 20:46:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\iTwWsEbGQSHL8jR
2011-10-17 20:46:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\KZUDGFCOi9IkgRN
2011-10-17 20:46:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\j8X1UhWDDsBvQ31
2011-10-17 20:46:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\hH8X1UhWDDsBvQ3
2011-10-17 20:46:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\EqVclRFewYDfpEB
2011-10-17 20:41:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\wUUOBzA1iv2on4m
2011-10-17 20:39:10 -------- d--h--w- C:\Users\Home\AppData\Roaming\XvvDD2onF4pm5
2011-10-17 20:36:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\JOtPciDnLwVltP1
2011-10-17 20:36:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\ev9rvQzp7kmgkig
2011-10-17 20:36:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\bD46LZUtvsgUyns
2011-10-17 20:36:14 -------- d--h--w- C:\Users\Home\AppData\Roaming\vgqXkVlBPy
2011-10-17 20:35:54 -------- d--h--w- C:\Users\Home\AppData\Roaming\nTO1aTxDmZzD
2011-10-17 20:35:40 -------- d--h--w- C:\Users\Home\AppData\Roaming\vWKK7ffEL9gZqCk
2011-10-17 20:35:39 -------- d--h--w- C:\Users\Home\AppData\Roaming\h22oobFF4pm5
2011-10-17 20:35:39 -------- d--h--w- C:\Users\Home\AppData\Roaming\f999hhYXwjUVl
2011-10-17 20:34:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\AbFF335aQJ6dK8R
2011-10-17 20:34:19 -------- d--h--w- C:\Users\Home\AppData\Roaming\L6ZUBNubpaJdKf
2011-10-17 20:34:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\cOPvnmJgqkVl
2011-10-17 20:33:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\yTvguKPWkFq0JVA
2011-10-17 20:33:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\dWWJJ7fEE8gTqYw
2011-10-17 20:33:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\hyFHgYVyv
2011-10-17 20:31:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\gUBPy15TkOv6Yzu
2011-10-17 20:31:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\NRTzGdTI3sLqIif
2011-10-17 20:31:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\KhNmRrF8eS
2011-10-17 20:30:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\zlu5TNoWUNupLI0
2011-10-17 20:30:13 -------- d--h--w- C:\Users\Home\AppData\Roaming\ZdTkvFa9VAn7jkV
2011-10-17 20:30:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\Z8XIvpdRIADa
2011-10-17 20:29:27 -------- d--h--w- C:\Users\Home\AppData\Roaming\BuoGWTzS35fjIun
2011-10-17 20:28:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\s79CunaHW78Cyva
2011-10-17 20:27:36 -------- d--h--w- C:\Users\Home\AppData\Roaming\v8XOtPc1v45ZXUt
2011-10-17 20:27:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\p555aHdK7fLTqeD
2011-10-17 20:27:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\rhYYXXwyvDob
2011-10-17 20:26:32 -------- d--h--w- C:\Users\Home\AppData\Roaming\WKNiafCuLlig
2011-10-17 20:26:32 -------- d--h--w- C:\Users\Home\AppData\Roaming\TeGKTIGs7EgqYkV
2011-10-17 20:25:51 -------- d--h--w- C:\Users\Home\AppData\Roaming\E7ZVPyc1v3naHJd
2011-10-17 20:23:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\WUCCeekIBrzOyx0
2011-10-17 20:22:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\fnnGG5aQQH
2011-10-17 20:22:08 -------- d--h--w- C:\Users\Home\AppData\Roaming\UQRUuWqriRCNbEw
2011-10-17 20:20:15 -------- d--h--w- C:\Users\Home\AppData\Roaming\Bb3m5WfLkOu2b35
2011-10-17 20:20:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\l12FJRXeByup
2011-10-17 20:19:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\vn8tDH8OD58lvGR
2011-10-17 20:19:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\u4mWLZYt0coFpm5
2011-10-17 20:19:36 -------- d--h--w- C:\Users\Home\AppData\Roaming\ITTXXwjjUCeIzSJ
2011-10-17 20:19:26 -------- d--h--w- C:\Users\Home\AppData\Roaming\RjjUUCeBBrO
2011-10-17 20:19:26 -------- d--h--w- C:\Users\Home\AppData\Roaming\PiiivDD3onF
2011-10-17 20:19:10 -------- d--h--w- C:\Users\Home\AppData\Roaming\jVVBvJheNu5JW
2011-10-17 20:19:02 -------- d--h--w- C:\Users\Home\AppData\Roaming\PDomdXkeOPc
2011-10-17 20:17:35 -------- d--h--w- C:\Users\Home\AppData\Roaming\XyyyxAA0uvSibFp
2011-10-17 20:17:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\S7LgjkNA0ucib3n
2011-10-17 20:17:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\QQQH6WLgjVNA0ci
2011-10-17 20:17:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\ySS22obFF3mG5Q6
2011-10-17 20:17:19 -------- d--h--w- C:\Users\Home\AppData\Roaming\OJJJ6ddWK8
2011-10-17 20:11:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\VTXjYCekIrxu
2011-10-17 20:11:03 -------- d--h--w- C:\Users\Home\AppData\Roaming\ObF3pma68hqkrNx
2011-10-17 20:10:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\tSbnaKLTjkrt0i3
2011-10-17 18:07:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\zhhhYXwkUelOt
2011-10-17 18:07:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\vUVVrllOBtPy1v3
2011-10-17 18:07:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\piiiDoFmH
2011-10-17 18:07:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\gOBBttxPyc1vDn4
2011-10-17 18:07:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\d55ssWJJ7dE8gZq
2011-10-17 18:01:37 -------- d--h--w- C:\Users\Home\AppData\Roaming\mRXPvnEZz12Jg9t
2011-10-17 18:01:32 -------- d--h--w- C:\Users\Home\AppData\Roaming\d8USslD7lFfIr3h
2011-10-17 18:01:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\FwPvnEZz12Jg
2011-10-17 17:59:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\VZZqqjYYCwkVrON
2011-10-17 17:59:39 -------- d--h--w- C:\Users\Home\AppData\Roaming\rFF44pmmH
2011-10-17 17:59:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\ZAA11uvvD2bFpG5
2011-10-17 17:59:32 -------- d--h--w- C:\Users\Home\AppData\Roaming\D1nmH55JLqk
2011-10-17 17:59:30 -------- d--h--w- C:\Users\Home\AppData\Roaming\URL9TXqYCeIO2nG
2011-10-17 17:59:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\fUPubQK9XjCkBzN
2011-10-17 17:59:21 -------- d--h--w- C:\Users\Home\AppData\Roaming\V4gl1adXO
2011-10-17 17:59:11 -------- d--h--w- C:\Users\Home\AppData\Roaming\Ldk2KOaZtoJYOim
2011-10-17 17:59:10 -------- d--h--w- C:\Users\Home\AppData\Roaming\WKfRRL9hhTqjUeI
2011-10-17 17:59:10 -------- d--h--w- C:\Users\Home\AppData\Roaming\WKfRRL99hTqjUek
2011-10-17 17:59:09 -------- d--h--w- C:\Users\Home\AppData\Roaming\JkkUodEKKgRZ9Yw
2011-10-17 17:57:26 -------- d--h--w- C:\Users\Home\AppData\Roaming\fycc1aAKe3NqFwQ
2011-10-17 17:56:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\cXOPc7Auv
2011-10-17 17:56:03 -------- d--h--w- C:\Users\Home\AppData\Roaming\N000ycAA1iv2oF4
2011-10-17 17:56:03 -------- d--h--w- C:\Users\Home\AppData\Roaming\j555sQQJ7dK8RZh
2011-10-17 17:47:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\tssQQJ66dE8fR9h
2011-10-17 17:47:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\pIVVrrzONtxAuc2
2011-10-17 17:47:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\EE9hhXwUelBzN13
2011-10-17 17:47:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\DlBBzPN1WjIAD5d
2011-10-17 17:47:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\DlllIBBtzPNcAuv
2011-10-17 17:47:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\DlllIBBtzPNA1uD
2011-10-17 17:45:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\sOONNASibn4Q67f
2011-10-17 17:44:25 -------- d--h--w- C:\Users\Home\AppData\Roaming\sbD33nG4aQH
2011-10-17 17:44:21 -------- d--h--w- C:\Users\Home\AppData\Roaming\h6tibDD3p
2011-10-17 17:43:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\RiG6WJ7fEL8
2011-10-17 17:43:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\LiG6WJ7fEL8
2011-10-17 17:43:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\l6WJJfEL8gTZ
2011-10-17 17:43:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\Djm6WJ7fEL8TZh
2011-10-17 17:43:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\Db46WJ7fEL8TZh
2011-10-17 17:43:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\Cb46WJ7fEL8TZhC
2011-10-17 17:43:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\Ab46WJ7fEL8TZhC
2011-10-17 17:43:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\a7ffEL8gTZqhCwD
2011-10-17 17:43:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\KG6WJ7fEL8
2011-10-17 17:43:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\hEEKK8ffR
2011-10-17 17:43:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\cXXwwkUUVeOBtP0
2011-10-17 17:43:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\ayyyxAA1uvSobFp
2011-10-17 17:41:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\Ca6dWfjCkr0qwxR
2011-10-17 17:40:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\a9qVl1pdtcfVdP7
2011-10-17 17:40:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\nGas8ZeAbgkBbRL
2011-10-17 17:40:54 -------- d--h--w- C:\Users\Home\AppData\Roaming\bR9qVl1pdtcfVd
2011-10-17 17:40:51 -------- d--h--w- C:\Users\Home\AppData\Roaming\etGas8ZeAbgkBbR
2011-10-17 17:40:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\Zzvbm5ECNDEg
2011-10-17 17:40:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\GQCiVhjUCkIOFEe
2011-10-17 17:40:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\iONNtxPP0uc1i
2011-10-17 17:40:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\S00ucibD3pGaHsK
2011-10-17 17:39:51 -------- d--h--w- C:\Users\Home\AppData\Roaming\CZYwUrOtP0yS1vD
2011-10-17 17:39:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\xEELTqYUrOt0c1
2011-10-17 17:39:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\PhhYYXwwkUVlOt
2011-10-17 17:39:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\pF444amH5sJE8gh
2011-10-17 17:39:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\o88ghhYXwkU
2011-10-17 17:39:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\i6ilYJvz3iutCE5
2011-10-17 17:39:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\AL8TqwUrOt0c1vn
2011-10-17 17:38:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\f6fhXjerNAuSoFp
2011-10-17 17:37:24 -------- d--h--w- C:\Users\Home\AppData\Roaming\jjIy1opsdKRTwCI
2011-10-17 17:35:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\uJjAGhPpRzn9x4q
2011-10-17 17:35:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\SdU2WVb7r3EVv
2011-10-17 17:35:30 -------- d--h--w- C:\Users\Home\AppData\Roaming\LVvJjAGhPpRzn9x
2011-10-17 17:34:44 -------- d--h--w- C:\Users\Home\AppData\Roaming\LvBawvJLXrxZj2H
2011-10-17 17:31:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\QkUUVVrlOBtx0yS
2011-10-17 17:26:07 -------- d--h--w- C:\Users\Home\AppData\Roaming\CgsoyrjEHnAB9d5
2011-10-17 17:23:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\D666dEEK8fR
2011-10-17 17:22:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\kcccS22ibD3pGH
2011-10-17 17:22:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\tSn6LjrPi4WgwOc
2011-10-17 17:22:24 -------- d--h--w- C:\Users\Home\AppData\Roaming\CbbFF3p5aQd8R9T
2011-10-17 04:51:24 -------- d--h--w- C:\Users\Home\AppData\Roaming\ypppnrBBtxPyc1i
2011-10-17 04:51:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\TttxxP0uuc1ioaw
2011-10-17 04:51:13 -------- d--h--w- C:\Users\Home\AppData\Roaming\zuuucSS2ibD3nGa
2011-10-17 04:51:11 -------- d--h--w- C:\Users\Home\AppData\Roaming\Xuu2obbF4pm5sQ6
2011-10-17 04:51:07 -------- d--h--w- C:\Users\Home\AppData\Roaming\fTXXXqjUCekIBzN
2011-10-17 04:51:06 -------- d--h--w- C:\Users\Home\AppData\Roaming\SRRRZ99hXwjUelB
2011-10-17 04:51:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\zEKK88fRZ9hTX
2011-10-17 04:49:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\mSiivDD3onFam5s
2011-10-17 04:48:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\gS11iivD3on
2011-10-17 04:47:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\HnnG5QQKRL9
2011-10-17 04:46:26 -------- d--h--w- C:\Users\Home\AppData\Roaming\GTTTZqqjYCwkVrO
2011-10-17 04:46:24 -------- d--h--w- C:\Users\Home\AppData\Roaming\l555sQQJ6
2011-10-17 04:46:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\wEEEK88fRZ9hXwU
2011-10-17 04:45:34 -------- d--h--w- C:\Users\Home\AppData\Roaming\NbfGzxxAGhLgRq
2011-10-17 04:44:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\QDfr1JUy2KUIvmQ
2011-10-17 04:44:42 -------- d--h--w- C:\Users\Home\AppData\Roaming\vttPcDHEZEzcFKX
2011-10-17 04:44:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\KFpmmG5aaQ6dW8f
2011-10-17 04:44:25 -------- d--h--w- C:\Users\Home\AppData\Roaming\iaHdKfLgqYeIr
2011-10-17 04:43:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\WlPci2HE8YlDbFp
2011-10-17 04:43:40 -------- d--h--w- C:\Users\Home\AppData\Roaming\LK88LhTjUeIry2a
2011-10-17 04:43:26 -------- d--h--w- C:\Users\Home\AppData\Roaming\tYzYXwBcQE8fuF5
2011-10-17 04:43:10 -------- d--h--w- C:\Users\Home\AppData\Roaming\r22obFDnH6UVrJm
2011-10-17 04:40:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\HTTTXwwjUCe
2011-10-17 04:39:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\nWnFF9hTXn5LCHT
2011-10-17 04:37:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\sPPNNyxxA1uS2bF
2011-10-17 04:37:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\LyvlCgS76fv4tJv
2011-10-17 04:37:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\sUUCCelIBtzPNc1
2011-10-17 04:36:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\fQQQH66sWK7fL9T
2011-10-17 04:36:18 -------- d--h--w- C:\Users\Home\AppData\Roaming\seu5ZISQhzi6XOi
2011-10-17 04:36:11 -------- d--h--w- C:\Users\Home\AppData\Roaming\c2HTr1HWTOi5ZOv
2011-10-17 04:35:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\tXkc1ullOBUCeIB
2011-10-17 04:35:26 -------- d--h--w- C:\Users\Home\AppData\Roaming\whhhYXXwkUVlOtz
2011-10-17 04:35:17 -------- d--h--w- C:\Users\Home\AppData\Roaming\gVeellOBtzP0cAi
2011-10-17 04:35:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\suuuccS2ibD3nG
2011-10-17 04:33:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\xcccSS1ivD3oF4m
2011-10-17 04:32:50 -------- d--h--w- C:\Users\Home\AppData\Roaming\fmmGNJB2GdIZw
2011-10-17 04:32:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\a66ddEK8fRZ9hXj
2011-10-17 04:32:15 -------- d--h--w- C:\Users\Home\AppData\Roaming\LH66ddWK7fRLgTq
2011-10-17 04:31:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\sZUspFBsBuk0KLY
2011-10-17 04:31:44 -------- d--h--w- C:\Users\Home\AppData\Roaming\hBBDsvFQh
2011-10-17 04:31:30 -------- d--h--w- C:\Users\Home\AppData\Roaming\uItPyAu2b4m5Q6E
2011-10-17 04:31:18 -------- d--h--w- C:\Users\Home\AppData\Roaming\NHWW5IIVrzONxAr
2011-10-17 04:31:08 -------- d--h--w- C:\Users\Home\AppData\Roaming\bPNv2A2dN0c
2011-10-17 04:31:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\daaWJ7f4HdV7bEy
2011-10-17 04:30:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\qzzzPNNyxA1u
2011-10-17 04:30:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\K2zPb0rllOtxPuS
2011-10-17 04:30:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\FJ7dLgZhXkVOtPy
2011-10-17 04:29:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\GeeelIIBtzPyc1u
2011-10-17 04:26:03 -------- d--h--w- C:\Users\Home\AppData\Roaming\t0SDHELYOcnQ8RU
2011-10-17 04:25:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\uq2QKqcSa9C1Tky
2011-10-17 04:25:25 -------- d--h--w- C:\Users\Home\AppData\Roaming\eKK88fRRZ9h
2011-10-17 04:24:25 -------- d--h--w- C:\Users\Home\AppData\Roaming\ESS22ibbD3nG4
2011-10-17 04:23:37 -------- d--h--w- C:\Users\Home\AppData\Roaming\m88gV1vDFp
2011-10-17 04:23:35 -------- d--h--w- C:\Users\Home\AppData\Roaming\T3pmG5WhjNAn5d7
2011-10-17 04:23:27 -------- d--h--w- C:\Users\Home\AppData\Roaming\IXwwjjUVe
2011-10-17 04:23:27 -------- d--h--w- C:\Users\Home\AppData\Roaming\HwwwkkUVelOBz0
2011-10-17 04:23:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\DkrOBxv3oH5Jd8
2011-10-17 04:23:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\tJKTkzA0i3naHKf
2011-10-17 04:23:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\pJfTrtPc1v3oW7L
2011-10-17 04:23:10 -------- d--h--w- C:\Users\Home\AppData\Roaming\ZGGG5aaQ8
2011-10-17 04:23:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\SKK88gRRZ9hXwUV
2011-10-17 04:23:02 -------- d--h--w- C:\Users\Home\AppData\Roaming\Q77ddEL8gRZ
2011-10-17 04:22:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\d34m57ghkOPiDon
2011-10-17 04:22:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\UosRUzSG8TCezyv
2011-10-17 04:22:48 -------- d--h--w- C:\Users\Home\AppData\Roaming\OlOOBBtxP0ycSiD
2011-10-17 04:22:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\ePP00uucS1iD3nG
2011-10-17 04:22:39 -------- d--h--w- C:\Users\Home\AppData\Roaming\gJ7ETYUSvaH5WJ
2011-10-17 04:22:34 -------- d--h--w- C:\Users\Home\AppData\Roaming\LVVrtPySvFa5JEh
2011-10-17 04:22:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\HwwwkUUVrlOtx0y
2011-10-17 04:22:27 -------- d--h--w- C:\Users\Home\AppData\Roaming\mOONNtxPPucS1
2011-10-17 04:22:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\RbbbD33onG4aH6W
2011-10-17 04:22:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\cubsQQJ6dEK8RZh
2011-10-17 04:22:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\cVVVellOBtzPyc1
2011-10-17 04:22:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\VUUUVrrlOBtP0yS
2011-10-17 04:20:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\s77gXjCkrOtx0uS
2011-10-17 04:19:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\vlllONNtxP
2011-10-17 04:18:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\CCCwwkUUVrOBtP0
2011-10-17 04:17:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\wELL88gTZqhYw
2011-10-17 04:16:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\qxxPP0yycSiv
2011-10-17 04:15:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\T333ppnG4aQH
2011-10-17 04:14:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\CyyccS11ivDon4
2011-10-17 04:13:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\vQJJ7KgZhXjeItP
2011-10-17 04:12:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\YQQJJ6ddWK8RL
2011-10-17 04:11:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\XXXqqjYCCeIVrOt
2011-10-17 04:10:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\YkkkUVVrlO
2011-10-17 04:10:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\q888gRRZqhYwkVe
2011-10-17 04:10:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\X3pGWTaWqNxAuS3
2011-10-17 04:10:42 -------- d--h--w- C:\Users\Home\AppData\Roaming\yelrzPNxeu70iDQ
2011-10-17 04:10:35 -------- d--h--w- C:\Users\Home\AppData\Roaming\juvvvD2obF4pm
2011-10-17 04:10:35 -------- d--h--w- C:\Users\Home\AppData\Roaming\I0nppmH55sJ7dKg
2011-10-17 04:10:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\tCkxxuS4aW7TN
2011-10-17 04:10:24 -------- d--h--w- C:\Users\Home\AppData\Roaming\kWEZNi4J3o4m5dR
2011-10-17 04:10:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\NuuvvD22obFpm5s
2011-10-17 04:10:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\KuuuvvS2obF3mGa
2011-10-17 04:10:11 -------- d--h--w- C:\Users\Home\AppData\Roaming\EzPPc2md8ZhTX
2011-10-17 04:10:07 -------- d--h--w- C:\Users\Home\AppData\Roaming\LsVe95dTUvFGHW7
2011-10-17 04:10:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\Vam6sWWLhkySsky
2011-10-17 04:08:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\KYYYCwwkIVrONx0
2011-10-17 04:08:50 -------- d--h--w- C:\Users\Home\AppData\Roaming\O3ppnGG5aQH6WKf
2011-10-17 04:08:41 -------- d--h--w- C:\Users\Home\AppData\Roaming\eZqqjjYCwkIVlOt
2011-10-17 04:08:41 -------- d--h--w- C:\Users\Home\AppData\Roaming\aZZqqhYYCwUVrOB
2011-10-17 04:08:36 -------- d--h--w- C:\Users\Home\AppData\Roaming\EnnnG4TOtxP0cSi
2011-10-17 04:08:35 -------- d--h--w- C:\Users\Home\AppData\Roaming\xVFGKx50pG6XjY
2011-10-17 04:08:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\UhhhYXXwkUVeOBz
2011-10-17 04:08:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\KtttxPP0ycS1vDo
2011-10-17 04:08:17 -------- d--h--w- C:\Users\Home\AppData\Roaming\P11iv3amHJ7E8Rq
2011-10-17 04:08:15 -------- d--h--w- C:\Users\Home\AppData\Roaming\Ln4aTaEYkgZJ8R3
2011-10-17 04:08:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\KRRZZ9hhTXwUC
2011-10-17 04:08:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\rlIIBBtzP
2011-10-17 04:08:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\PttzzNypG5JEKR9
2011-10-17 04:06:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\tbQK7gjkIVrONxA
2011-10-17 04:05:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\OQdKgZhXjV
2011-10-17 04:04:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\iQQJJ6dWWKfRLhX
2011-10-17 04:03:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\ZzPdKTjBNy03n59
2011-10-17 04:03:50 -------- d--h--w- C:\Users\Home\AppData\Roaming\jffEEL8ggTqhYwU
2011-10-17 04:03:40 -------- d--h--w- C:\Users\Home\AppData\Roaming\JGWWJfLTwrBciDo
2011-10-17 04:03:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\ACzv6KTkS
2011-10-17 04:03:32 -------- d--h--w- C:\Users\Home\AppData\Roaming\VjjUUVeel
2011-10-17 04:03:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\PaaamHH5sWJdELg
2011-10-17 04:03:26 -------- d--h--w- C:\Users\Home\AppData\Roaming\P8CBS4JRZqYXwUe
2011-10-17 04:03:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\NhhXkPvdXymswBz
2011-10-17 04:03:17 -------- d--h--w- C:\Users\Home\AppData\Roaming\BD22mEVOBtzP0c1
2011-10-17 04:03:13 -------- d--h--w- C:\Users\Home\AppData\Roaming\iIIBtPcbdTPv2bW
2011-10-17 04:03:06 -------- d--h--w- C:\Users\Home\AppData\Roaming\wRRRZqqhYXwkV
2011-10-17 04:03:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\affEEL9ggTqjYwk
2011-10-17 04:01:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\rUOcFdqziFpmHs8
2011-10-17 04:00:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\QOONxP0u1YPOnHZ
2011-10-17 04:00:48 -------- d--h--w- C:\Users\Home\AppData\Roaming\CzzOONyxx0uvSi
2011-10-17 04:00:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\SQQJJ6ddEKfRZhT
2011-10-17 04:00:42 -------- d--h--w- C:\Users\Home\AppData\Roaming\pUUVVeBDo4m6dKf
2011-10-17 04:00:37 -------- d--h--w- C:\Users\Home\AppData\Roaming\JPPcSYevXuDbp5S
2011-10-17 04:00:29 -------- d--h--w- C:\Users\Home\AppData\Roaming\G555aQQH6dWKfR9
2011-10-17 04:00:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\UG55aaQJ6dWK8R9
2011-10-17 04:00:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\HbFF3pRXqerONx
2011-10-17 04:00:18 -------- d--h--w- C:\Users\Home\AppData\Roaming\wYvDniQudf
2011-10-17 04:00:10 -------- d--h--w- C:\Users\Home\AppData\Roaming\T999gTTXqjYC
2011-10-17 04:00:09 -------- d--h--w- C:\Users\Home\AppData\Roaming\JRRLL9ggTXqYCkI
2011-10-17 04:00:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\sfRRLL9gTXq
2011-10-17 04:00:02 -------- d--h--w- C:\Users\Home\AppData\Roaming\jioGV0vDPcA12
2011-10-17 03:59:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\laaamHH5sWJ7E8Z
2011-10-17 03:59:51 -------- d--h--w- C:\Users\Home\AppData\Roaming\GE9ggTZZqjYwk
2011-10-17 03:59:44 -------- d--h--w- C:\Users\Home\AppData\Roaming\YmHh1O5sJ8UG2
2011-10-17 03:59:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\k1nWTOtxc5kUOcn
2011-10-17 03:59:30 -------- d--h--w- C:\Users\Home\AppData\Roaming\LQHH66dWK7fR9gX
2011-10-17 03:59:30 -------- d--h--w- C:\Users\Home\AppData\Roaming\E88ffRL9hTXqj
2011-10-17 03:59:25 -------- d--h--w- C:\Users\Home\AppData\Roaming\EwwjUNumJ6dW8fL
2011-10-17 03:59:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\j0yycAivDgezUeB
2011-10-17 03:59:14 -------- d--h--w- C:\Users\Home\AppData\Roaming\uZZq0cAo4mH5sJd
2011-10-17 03:59:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\WRwBhQQJOfcSiGg
2011-10-17 03:59:02 -------- d--h--w- C:\Users\Home\AppData\Roaming\xfffELL8gTZhYwk
2011-10-17 03:59:02 -------- d--h--w- C:\Users\Home\AppData\Roaming\C7ffEEL9gTZqYCk
2011-10-17 03:58:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\KCCeIipnGHK7f
2011-10-17 03:58:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\uKKZu6IvoGavAu6
2011-10-17 03:58:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\JLL88gTTZqhCwUV
2011-10-17 03:58:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\aqjjYYCwkIVrl
2011-10-17 03:58:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\ZVrr3GaHsW7fL9T
2011-10-17 03:58:36 -------- d--h--w- C:\Users\Home\AppData\Roaming\cPyA2FpmDP5a6lB
2011-10-17 03:58:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\V9ggTTZqjYCwIVl
2011-10-17 03:58:24 -------- d--h--w- C:\Users\Home\AppData\Roaming\TammHH5sWJ7dE8R
2011-10-17 03:58:19 -------- d--h--w- C:\Users\Home\AppData\Roaming\FcSS11ibD3n4
2011-10-17 03:58:17 -------- d--h--w- C:\Users\Home\AppData\Roaming\NQJJdWW8fR9XCOv
2011-10-17 03:58:07 -------- d--h--w- C:\Users\Home\AppData\Roaming\nEEEK88fRZ9TXjU
2011-10-17 03:58:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\tTTTZqqhYCwkVrO
2011-10-17 03:56:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\NuuuvSS2ibF3nG
2011-10-17 03:55:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\UwOP0omHgXelzDo
2011-10-17 03:54:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\gRRLL9hhXzxS3Ga
2011-10-17 03:53:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\jFFF4JfZwIxoGW9
2011-10-17 03:53:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\ThhhYXXwkUVlOtz
2011-10-17 03:53:50 -------- d--h--w- C:\Users\Home\AppData\Roaming\B11DsR9XjF8qrAd
2011-10-17 03:53:41 -------- d--h--w- C:\Users\Home\AppData\Roaming\GTTZZCIVrlNtx0c
2011-10-17 03:53:37 -------- d--h--w- C:\Users\Home\AppData\Roaming\H77fLqkrxcv4HWd
2011-10-17 03:53:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\pIIIVrrzONtAuSi
2011-10-17 03:53:30 -------- d--h--w- C:\Users\Home\AppData\Roaming\vhhhTXXwjUCeIBz
2011-10-17 03:53:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\OBBBrzzON02ib3n
2011-10-17 03:53:15 -------- d--h--w- C:\Users\Home\AppData\Roaming\URLL99hTXjU
2011-10-17 03:53:03 -------- d--h--w- C:\Users\Home\AppData\Roaming\zsJ77fEEL8CwkVl
2011-10-17 03:53:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\kzONx02bF3n
2011-10-17 03:52:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\NOO0uSSbnGam6K
2011-10-17 03:52:48 -------- d--h--w- C:\Users\Home\AppData\Roaming\IYIIVVrlONtu
2011-10-17 03:52:34 -------- d--h--w- C:\Users\Home\AppData\Roaming\KDDD3oonF4am5sJ
2011-10-17 03:52:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\n4a6KfLgZjCkrOt
2011-10-17 03:52:19 -------- d--h--w- C:\Users\Home\AppData\Roaming\yJfLqCwkUO0
2011-10-17 03:52:17 -------- d--h--w- C:\Users\Home\AppData\Roaming\qTTXXqjUCekIOvn
2011-10-17 03:52:03 -------- d--h--w- C:\Users\Home\AppData\Roaming\CmGa68R9TqC
2011-10-17 03:52:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\mlBPyAiDoFm5Q7E
2011-10-17 03:50:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\HcAiDoFm5Q7
2011-10-17 03:49:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\kDD33pnnG4aKZI
2011-10-17 03:48:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\uSS33pnQdKf9TqC
2011-10-17 03:47:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\NyyycAA1ivD2nF
2011-10-17 03:46:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\Wuuc1b3Ga
2011-10-17 03:45:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\vJJJdE8XkUVeO
2011-10-17 03:44:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\ntxxxA0ucS2i
2011-10-17 03:43:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\qpmmmG5aQJ6dW8R
2011-10-17 03:42:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\VtttxPP0ucS1
2011-10-17 03:41:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\kNyyccA1uvD
2011-10-17 03:40:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\DVVrrlOOBtP0ySi
2011-10-17 03:39:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\DAA00ucS2ibD3n4
2011-10-17 03:38:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\WeellIBBrzNyx1v
2011-10-17 03:37:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\pTZZqqhYCwkUVlB
2011-10-17 03:36:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\lQQHH6KLqerxcDG
2011-10-17 03:35:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\tNcuDb4GQ6Kf9Tw
2011-10-17 03:34:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\oSS22ibbD3pG4Q6
2011-10-17 03:33:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\IxxPP0cS1iDnaH6
2011-10-17 03:32:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\ZOONNtxxP0uS1bo
2011-10-17 03:31:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\XkkkIBBrzONyA0v
2011-10-17 03:29:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\hXwwkUUVrOBtP0c
2011-10-17 03:29:19 -------- d--h--w- C:\Users\Home\AppData\Roaming\WDD22onF4pH5
2011-10-17 03:29:18 -------- d--h--w- C:\Users\Home\AppData\Roaming\a77EL8gTZqhYw
2011-10-17 03:29:18 -------- d-----w- C:\Users\Home\AppData\Roaming\xllOOBtxyc1iD3n
2011-10-17 03:29:13 -------- d--h--w- C:\Users\Home\AppData\Roaming\RNtxP0ucSiD
2011-10-17 03:29:13 -------- d--h--w- C:\Users\Home\AppData\Roaming\b4amH6sWJE8TqYw
2011-10-17 03:29:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\PdWK7fRL9TqYeIr
2011-10-17 03:29:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\mrzONtxA0c2b3
2011-10-17 03:29:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\kzONyxA0uSiFpGa
2011-10-17 03:29:11 -------- d--h--w- C:\Users\Home\AppData\Roaming\NTXqjUCekBz
2011-10-17 02:55:25 -------- d-----w- C:\Program Files (x86)\Common Files\Java(961)
2011-10-17 02:46:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\tSS22obF3p
2011-10-17 02:46:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\G99ggTZqjY
2011-10-17 02:46:30 -------- d-----w- C:\Users\Home\AppData\Roaming\AZqqhYYXwUVeOBz
2011-10-17 02:46:26 -------- d--h--w- C:\Users\Home\AppData\Roaming\tIBrzPNyx1
2011-10-17 02:44:17 -------- d--h--w- C:\Users\Home\AppData\Roaming\eFF44pmmG5s
2011-10-17 02:44:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\zeellOBBtzPyc1i
2011-10-17 02:44:11 -------- d--h--w- C:\Users\Home\AppData\Roaming\XvDD33onF4am5
2011-10-17 02:43:19 -------- d--h--w- C:\Users\Home\AppData\Roaming\ess66EEK8RZ9TwU
2011-10-17 02:43:19 -------- d-----w- C:\Users\Home\AppData\Roaming\KeellIBrzPyxA
2011-10-17 01:51:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\dkUrOx0c1DoFm5J
2011-10-17 01:51:01 -------- d-----w- C:\Users\Home\AppData\Roaming\dqXkeOt0c
2011-10-17 01:50:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\VkkkUVVrlOBxP0c
2011-10-17 01:50:55 -------- d-----w- C:\Users\Home\AppData\Roaming\yIIIVrrlONtx0uS
2011-10-17 01:50:54 -------- d--h--w- C:\Users\Home\AppData\Roaming\bppnnG44aQHsW7f
2011-10-16 23:51:08 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2011-10-16 23:47:57 -------- d-----we C:\Windows\system64
2011-10-14 23:50:25 -------- d-----w- C:\Program Files (x86)\Picaboo X
.
==================== Find3M ====================
.
2011-11-10 03:43:30 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-30 23:25:35 1147904 ----a-w- C:\Windows\System32\wininet.dll
2011-09-30 23:21:20 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2011-09-30 23:21:00 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-09-30 23:20:40 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2011-09-30 23:20:39 77312 ----a-w- C:\Windows\System32\iesetup.dll
2011-09-30 23:06:24 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-30 23:02:06 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-09-30 23:01:51 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-09-30 23:01:34 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2011-09-30 23:01:34 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-09-30 22:29:23 479232 ----a-w- C:\Windows\System32\html.iec
2011-09-30 22:07:25 385024 ----a-w- C:\Windows\SysWow64\html.iec
2011-09-30 21:48:19 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2011-09-30 21:47:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-30 21:29:54 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2011-09-30 21:28:36 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-30 00:54:44 1062984 ----a-w- C:\Users\Home\gotomypc_540.exe
2011-09-06 13:56:50 2764288 ----a-w- C:\Windows\System32\win32k.sys
2011-08-25 16:20:38 735744 ----a-w- C:\Windows\System32\UIAutomationCore.dll
2011-08-25 16:19:32 847360 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-25 16:19:32 332288 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-25 16:15:04 555520 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll
2011-08-25 16:14:01 563712 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-25 16:14:01 238080 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-25 13:54:14 4096 ----a-w- C:\Windows\System32\oleaccrc.dll
2011-08-25 13:31:01 4096 ----a-w- C:\Windows\SysWow64\oleaccrc.dll
.
============= FINISH: 20:08:53.27 ===============

#8 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 13 November 2011 - 04:01 AM

Please follow the instructions here to run ComboFix tool:
http://www.bleepingc...se-combofix#use

Finally, post the log.txt content.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#9 brecko8700

brecko8700

    New Member

  • Members
  • Pip
  • 14 posts

Posted 14 November 2011 - 12:01 AM

ComboFix 11-11-13.03 - Home 11/13/2011 20:40:24.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4486 [GMT -8:00]
Running from: c:\users\Home\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SelectRebates
c:\program files (x86)\SelectRebates\FFToolbar\install.rdf
c:\program files (x86)\SelectRebates\SelectRebatesA.dat
c:\users\Home\AppData\Roaming\AZqqhYYXwUVeOBz
c:\users\Home\AppData\Roaming\AZqqhYYXwUVeOBz\Cloud Protection.ico
c:\users\Home\AppData\Roaming\KeellIBrzPyxA
c:\users\Home\AppData\Roaming\KeellIBrzPyxA\Cloud Protection.ico
c:\users\Home\AppData\Roaming\lD2oonF4pm5sQ7E
c:\users\Home\AppData\Roaming\lD2oonF4pm5sQ7E\Cloud Protection.ico
c:\users\Home\AppData\Roaming\SddWWK77fR9gTqY
c:\users\Home\AppData\Roaming\SddWWK77fR9gTqY\Cloud Protection.ico
c:\users\Home\AppData\Roaming\xllOOBtxyc1iD3n
c:\users\Home\AppData\Roaming\xllOOBtxyc1iD3n\Cloud Protection.ico
c:\users\Home\gotomypc_540.exe
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 )))))))))))))))))))))))))))))))
.
.
2011-11-14 04:48 . 2011-11-14 04:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-12 01:15 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2649D9D-DB71-4623-99A0-8134EA8DDB41}\mpengine.dll
2011-11-10 04:55 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-10 04:54 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-10 04:54 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2011-11-10 04:54 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-10 04:08 . 2011-11-10 04:08 -------- d-----w- c:\users\Home\AppData\Roaming\FONyxA0uv2b3n5Q
2011-11-10 04:08 . 2011-11-10 04:18 -------- d-----w- c:\users\Home\AppData\Local\PMB Files
2011-11-10 04:08 . 2011-11-10 04:08 -------- d-----w- c:\users\Home\AppData\Roaming\dxA1uS2ob3m5Q6W
2011-11-10 04:07 . 2011-11-10 04:13 -------- d-----w- c:\users\Home\AppData\Roaming\LdEK8fRZ9TwUeI
2011-11-10 04:07 . 2011-11-10 04:07 -------- d-----w- c:\users\Home\AppData\Roaming\u4pmG5sQJ
2011-11-10 04:07 . 2011-11-10 04:07 -------- d-----w- c:\users\Home\AppData\Roaming\H4pmG5sQJdKfZhX
2011-11-10 04:07 . 2011-11-10 04:07 -------- d-----w- c:\users\Home\AppData\Roaming\YcA1ivD2oFpHsJd
2011-11-10 03:06 . 2011-11-10 03:06 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\TEXTBOX.JS
2011-11-10 03:06 . 2011-11-10 03:06 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\TILEBOX.JS
2011-11-10 03:06 . 2011-11-10 03:06 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\SAVEDUSER.JS
2011-11-10 03:06 . 2011-11-10 03:06 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\UICORE.JS
2011-11-10 03:06 . 2011-11-10 03:06 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\USERTILE.JS
2011-11-10 03:06 . 2011-11-10 03:06 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\TEXT.JS
2011-11-10 03:06 . 2011-11-10 03:06 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\UIRESOURCE.JS
2011-11-10 03:06 . 2011-11-10 03:06 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\QUERYSTRING.JS
2011-11-10 03:06 . 2011-11-10 03:06 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\NEWUSERCOMM.JS
2011-11-10 03:06 . 2011-11-10 03:06 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\LOCALIZATION.JS
2011-11-10 03:06 . 2011-11-10 03:06 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\IMAGE.JS
2011-11-10 03:06 . 2011-11-10 03:06 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\LINK.JS
2011-11-10 03:05 . 2011-11-10 03:05 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\EXTERNALWRAPPER.JS
2011-11-10 03:05 . 2011-11-10 03:05 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\DIVWRAPPER.JS
2011-11-10 03:05 . 2011-11-10 03:05 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\COMBOBOX.JS
2011-11-10 03:05 . 2011-11-10 03:05 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\CHECKBOX.JS
2011-11-10 03:05 . 2011-11-10 03:05 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\BUTTON.JS
2011-11-09 04:00 . 2011-11-09 04:35 -------- d-----w- c:\users\Home\AppData\Local\ID Vault
2011-11-09 04:00 . 2011-11-09 04:00 -------- d-----w- c:\programdata\IsolatedStorage
2011-11-09 04:00 . 2011-11-09 04:35 -------- d-----w- c:\users\Home\AppData\Roaming\ID Vault
2011-11-09 03:58 . 2011-11-09 03:58 -------- d-----w- c:\programdata\White Sky, Inc
2011-10-28 02:35 . 2011-11-10 04:26 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-10-27 00:29 . 2011-10-27 00:29 -------- d-----w- c:\windows\system32\Macromed
2011-10-26 23:12 . 2011-11-10 04:26 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2011-10-18 14:53 . 2011-11-12 03:33 -------- d--h--w- c:\users\Home\AppData\Local\CrashDumps
2011-10-18 03:37 . 2011-10-18 03:55 -------- d--h--w- c:\users\Home\AppData\Local\NPE
2011-10-18 01:27 . 2011-10-18 01:27 -------- d--h--w- c:\users\Home\AppData\Roaming\Malwarebytes
2011-10-18 01:26 . 2011-10-18 01:26 -------- d-----w- c:\programdata\Malwarebytes
2011-10-18 01:26 . 2011-11-10 04:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-18 01:26 . 2011-09-01 00:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-17 22:44 . 2011-10-17 22:44 -------- d--h--w- c:\users\Home\AppData\Roaming\okUUUVrlOBtP0cS
2011-10-17 22:42 . 2011-10-17 22:42 -------- d--h--w- c:\users\Home\AppData\Roaming\WcbnQWETYVN01nH
2011-10-17 22:38 . 2011-10-17 22:38 -------- d--h--w- c:\users\Home\AppData\Roaming\a36EjVx1Gs
2011-10-17 22:38 . 2011-10-17 22:38 -------- d--h--w- c:\users\Home\AppData\Roaming\EDDD2ooF4pmGsQ6
2011-10-17 22:36 . 2011-10-17 22:36 -------- d--h--w- c:\users\Home\AppData\Roaming\o2b3GaHdKR9
2011-10-17 22:34 . 2011-10-17 22:34 -------- d--h--w- c:\users\Home\AppData\Roaming\V68hjkzAipadRXC
2011-10-17 22:31 . 2011-10-17 22:31 -------- d--h--w- c:\users\Home\AppData\Roaming\FOOAiWYN3WjN3JC
2011-10-17 22:31 . 2011-10-17 22:31 -------- d--h--w- c:\users\Home\AppData\Roaming\uPoJ9UAmEwzvG6R
2011-10-17 22:30 . 2011-10-17 22:30 -------- d--h--w- c:\users\Home\AppData\Roaming\GFFF3pGaTV
2011-10-17 22:30 . 2011-10-17 22:30 -------- d--h--w- c:\users\Home\AppData\Roaming\OsJf147qeishB26
2011-10-17 22:30 . 2011-10-17 22:30 -------- d--h--w- c:\users\Home\AppData\Roaming\KGG4H66sWJ7ELgT
2011-10-17 22:30 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\x111ivvoaRV
2011-10-17 22:30 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\Z00ccS11ivDon4a
2011-10-17 22:29 . 2011-10-17 22:29 -------- d--h--w- c:\users\Home\AppData\Roaming\tbF33pG5aQ
2011-10-17 22:29 . 2011-10-17 22:29 -------- d--h--w- c:\users\Home\AppData\Roaming\bddVx0cibD3pG4Q
2011-10-17 22:29 . 2011-10-17 22:29 -------- d--h--w- c:\users\Home\AppData\Roaming\appmmHsKhjVelBz
2011-10-17 22:29 . 2011-10-17 22:29 -------- d--h--w- c:\users\Home\AppData\Roaming\qyAA1uuvS2ob
2011-10-17 22:29 . 2011-10-17 22:29 -------- d--h--w- c:\users\Home\AppData\Roaming\BLgTTZqhC3R04YN
2011-10-17 22:29 . 2011-10-17 22:29 -------- d--h--w- c:\users\Home\AppData\Roaming\TIIVVrlOtxP0UrO
2011-10-17 22:29 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\lvmQJJ7dEK8ZYvm
2011-10-17 22:28 . 2011-10-17 22:28 -------- d--h--w- c:\users\Home\AppData\Roaming\xXqUa6W7R9XjCks
2011-10-17 22:28 . 2011-10-17 22:28 -------- d--h--w- c:\users\Home\AppData\Roaming\O11uuvDD2o
2011-10-17 22:28 . 2011-10-17 22:28 -------- d--h--w- c:\users\Home\AppData\Roaming\FyyccA1ivD2n5Qu
2011-10-17 22:28 . 2011-10-17 22:28 -------- d--h--w- c:\users\Home\AppData\Roaming\bPP0ycA1ivD2n5
2011-10-17 22:28 . 2011-10-17 22:28 -------- d--h--w- c:\users\Home\AppData\Roaming\CllOBzzP0yc
2011-10-17 22:27 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\mtZd4PqaitwLHDz
2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\NzpfOoEjAGgrvJ9
2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\yZpXujFe6z71BO
2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\UztrBVrlBzNyxx0
2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\JjvqPADG42QpV7h
2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\DyK19vsI6JfheqQ
2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\D888gTTZqhYCkUr
2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\cmxJ2rmwbLr17Uv
2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\aiWYzpfOoE
2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\vzzOONyxAi2SF3m
2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\vzOONyxxAi2SF3m
2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\JBBBrzONNyAi2SF
2011-10-17 22:26 . 2011-10-17 22:26 -------- d--h--w- c:\users\Home\AppData\Roaming\vzzOONyyxvSib3p
2011-10-17 22:26 . 2011-10-17 22:26 -------- d--h--w- c:\users\Home\AppData\Roaming\vzzOONyxv2ibFpi
2011-10-17 22:26 . 2011-10-17 22:26 -------- d--h--w- c:\users\Home\AppData\Roaming\vzOONNyxv2ibFpi
2011-10-17 22:26 . 2011-10-17 22:26 -------- d--h--w- c:\users\Home\AppData\Roaming\vOOONNyxv2ibFpi
2011-10-17 22:25 . 2011-10-17 22:25 -------- d--h--w- c:\users\Home\AppData\Roaming\LH4jdeoa5EwdCI
2011-10-17 22:24 . 2011-10-17 22:24 -------- d--h--w- c:\users\Home\AppData\Roaming\pnnGG5aQH
2011-10-17 22:20 . 2011-10-17 22:20 -------- d--h--w- c:\users\Home\AppData\Roaming\gAA11vvD2on4pm5
2011-10-17 22:17 . 2011-10-17 22:17 -------- d--h--w- c:\users\Home\AppData\Roaming\vbbD33onG4wVr
2011-10-17 22:17 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\uiibD33onGwV
2011-10-17 22:16 . 2011-10-17 22:16 -------- d--h--w- c:\users\Home\AppData\Roaming\H1iibbD3onG
2011-10-17 22:15 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\QS11ibD3onG
2011-10-17 22:15 . 2011-10-17 22:15 -------- d--h--w- c:\users\Home\AppData\Roaming\Q111ibD3onG
2011-10-17 22:15 . 2011-10-17 22:19 -------- d--h--w- c:\users\Home\AppData\Roaming\H11iibDonG4
2011-10-17 22:15 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\QS1iibDonG4
2011-10-17 22:13 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\okIrrzOOxA0cSi
2011-10-17 22:12 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\o7kIrrzONxA0cS
2011-10-17 22:11 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\nDDD2o45JiJS
2011-10-17 22:10 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\nD22onnFALBz
2011-10-17 22:10 . 2011-10-17 22:10 -------- d--h--w- c:\users\Home\AppData\Roaming\mlOOBBtzPy1vDoF
2011-10-17 22:10 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\HOOttzPP0yA1iD2
2011-10-17 22:10 . 2011-10-17 22:10 -------- d--h--w- c:\users\Home\AppData\Roaming\UyccAA1ivD2oF4m
2011-10-17 22:09 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\HOOOttzP0ycAiv2
2011-10-17 22:09 . 2011-10-17 22:09 -------- d--h--w- c:\users\Home\AppData\Roaming\mlOOOBtzP0ycAiD
2011-10-17 22:09 . 2011-10-17 22:09 -------- d--h--w- c:\users\Home\AppData\Roaming\HOOOBBtzP0yc1iD
2011-10-17 22:07 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\SJJJ6ddERZ
2011-10-17 22:07 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\HjYYCwkIIVlONx
2011-10-17 22:07 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\AwwkIrOtPuSb3n4
2011-10-17 22:07 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\AtxxA00uc2bvZjC
2011-10-17 22:07 . 2011-10-17 22:14 -------- d--h--w- c:\users\Home\AppData\Roaming\U0uucc2ibvZqYwI
2011-10-17 22:07 . 2011-10-17 22:07 -------- d--h--w- c:\users\Home\AppData\Roaming\nbbZZqjYCwkI
2011-10-17 22:07 . 2011-10-17 22:07 -------- d--h--w- c:\users\Home\AppData\Roaming\nbbnZqjYCwkI
2011-10-17 22:07 . 2011-10-17 22:07 -------- d--h--w- c:\users\Home\AppData\Roaming\EOOONttxP0uc1iD
2011-10-17 22:07 . 2011-10-17 22:07 -------- d--h--w- c:\users\Home\AppData\Roaming\AwkIrOtPuSb3n4m
2011-10-17 22:07 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\cQQJJ6dEE
2011-10-17 22:05 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\yciibD3onGamfkZ
2011-10-17 22:04 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\ngggTXXqYCeIVzO
2011-10-17 22:03 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\rqqhhYXww
2011-10-17 22:02 . 2011-10-17 22:02 -------- d--h--w- c:\users\Home\AppData\Roaming\R2YYCCwkVrlOtPu
2011-10-17 22:01 . 2011-10-17 22:01 -------- d--h--w- c:\users\Home\AppData\Roaming\WK77fEEL9gTq
2011-10-17 22:00 . 2011-10-17 22:00 -------- d--h--w- c:\users\Home\AppData\Roaming\a3ppmG55aQ6dW
2011-10-17 21:58 . 2011-10-17 21:58 -------- d--h--w- c:\users\Home\AppData\Roaming\W6SrXs3xwEpAegW
2011-10-17 21:58 . 2011-10-17 21:58 -------- d--h--w- c:\users\Home\AppData\Roaming\cXHvlRaSrZs2Pj8
2011-10-17 21:58 . 2011-10-17 21:58 -------- d--h--w- c:\users\Home\AppData\Roaming\ymnovzzVrUV
2011-10-17 21:58 . 2011-10-17 21:58 -------- d--h--w- c:\users\Home\AppData\Roaming\vlIXLfLE7Q
2011-10-17 21:58 . 2011-10-17 21:58 -------- d--h--w- c:\users\Home\AppData\Roaming\UH2lYEyVR3xeEai
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-10 03:43 . 2011-06-24 01:23 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-30 23:25 . 2011-10-12 03:12 1147904 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:21 . 2011-10-12 03:12 56832 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:21 . 2011-10-12 03:12 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:20 . 2011-10-12 03:12 132096 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 23:20 . 2011-10-12 03:12 77312 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:06 . 2011-10-12 03:12 916480 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-30 23:02 . 2011-10-12 03:12 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-30 23:01 . 2011-10-12 03:12 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-30 23:01 . 2011-10-12 03:12 71680 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-30 23:01 . 2011-10-12 03:12 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-30 22:29 . 2011-10-12 03:12 479232 ----a-w- c:\windows\system32\html.iec
2011-09-30 22:07 . 2011-10-12 03:12 385024 ----a-w- c:\windows\SysWow64\html.iec
2011-09-30 21:48 . 2011-10-12 03:12 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:47 . 2011-10-12 03:12 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-30 21:29 . 2011-10-12 03:12 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-30 21:28 . 2011-10-12 03:12 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-06 13:56 . 2011-10-12 03:06 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-08-25 16:20 . 2011-10-12 03:05 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:19 . 2011-10-12 03:05 332288 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 16:19 . 2011-10-12 03:05 847360 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:15 . 2011-10-12 03:05 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-12 03:05 238080 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-08-25 16:14 . 2011-10-12 03:05 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-25 13:54 . 2011-10-12 03:05 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-25 13:31 . 2011-10-12 03:05 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-10 1328424]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-10 185640]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate1ca8fabaf33d630;Google Update Service (gupdate1ca8fabaf33d630);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 133104]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 133104]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 15:11]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 15:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 154648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 227352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 202264]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"combofix"="c:\combofix\CF3555.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\lgc4x2qq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-HPADVISOR - c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
Wow6432Node-HKCU-Run-s11iivDD3on4aH5 - c:\users\Home\AppData\Roaming\svhostu.exe
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
AddRemove-Coupon Printer for Windows4.0 - c:\program files (x86)\Coupons\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2011-11-13 20:57:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-14 04:57
.
Pre-Run: 467,832,479,744 bytes free
Post-Run: 469,182,660,608 bytes free
.
- - End Of File - - A417CA765F83970010CA87A244B31443

#10 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 14 November 2011 - 02:57 AM

Save the attached file to your desktop.

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

Posted Image

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.


In your next post here, please include ComboFix.txt and let me know how are things there.

Attached Files


My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#11 brecko8700

brecko8700

    New Member

  • Members
  • Pip
  • 14 posts

Posted 17 November 2011 - 11:13 PM

Performed the last step, computer works good, windows firewall works now, and no more problems with redirecting. Thank you for your help! There is one other issue still. When this all first happened, a ton of the files on my computer were changed to hidden files. They still are hidden, and show up as being transparent. Any idea on how to get them all changed back to non-hidden files, or should I start doing it manually?


Here's the log file:



ComboFix 11-11-17.03 - Home 11/17/2011 19:51:18.3.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4344 [GMT -8:00]
Running from: c:\users\Home\Desktop\ComboFix.exe
Command switches used :: c:\users\Home\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
J:\Autorun.inf
J:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-18 to 2011-11-18 )))))))))))))))))))))))))))))))
.
.
2011-11-18 03:57 . 2011-11-18 03:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-18 03:30 . 2011-11-18 03:30 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
2011-11-18 03:06 . 2011-11-18 03:09 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite
2011-11-15 18:58 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B5DD244-81F2-4566-9F36-86CAA1F3F8AA}\mpengine.dll
2011-11-15 18:26 . 2011-11-15 18:26 -------- d-----w- c:\users\AppData
2011-11-15 18:26 . 2011-11-15 18:26 -------- d-----w- c:\program files (x86)\Conduit
2011-11-15 18:26 . 2011-11-18 03:13 -------- d-----w- c:\users\Home\AppData\Local\Conduit
2011-11-10 04:55 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-10 04:54 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-10 04:54 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2011-11-10 04:54 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-10 04:08 . 2011-11-10 04:18 -------- d-----w- c:\users\Home\AppData\Local\PMB Files
2011-11-10 03:06 . 2011-11-10 03:06 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\TEXTBOX.JS
2011-11-10 03:06 . 2011-11-10 03:06 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\TILEBOX.JS
2011-11-10 03:06 . 2011-11-10 03:06 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\SAVEDUSER.JS
2011-11-10 03:06 . 2011-11-10 03:06 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\UICORE.JS
2011-11-10 03:06 . 2011-11-10 03:06 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\USERTILE.JS
2011-11-10 03:06 . 2011-11-10 03:06 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\TEXT.JS
2011-11-10 03:06 . 2011-11-10 03:06 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\UIRESOURCE.JS
2011-11-10 03:06 . 2011-11-10 03:06 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\QUERYSTRING.JS
2011-11-10 03:06 . 2011-11-10 03:06 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\NEWUSERCOMM.JS
2011-11-10 03:06 . 2011-11-10 03:06 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\LOCALIZATION.JS
2011-11-10 03:06 . 2011-11-10 03:06 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\IMAGE.JS
2011-11-10 03:06 . 2011-11-10 03:06 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\LINK.JS
2011-11-10 03:05 . 2011-11-10 03:05 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\EXTERNALWRAPPER.JS
2011-11-10 03:05 . 2011-11-10 03:05 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\DIVWRAPPER.JS
2011-11-10 03:05 . 2011-11-10 03:05 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\COMBOBOX.JS
2011-11-10 03:05 . 2011-11-10 03:05 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\CHECKBOX.JS
2011-11-10 03:05 . 2011-11-10 03:05 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\BUTTON.JS
2011-11-09 04:00 . 2011-11-18 03:08 -------- d-----w- c:\users\Home\AppData\Local\ID Vault
2011-11-09 04:00 . 2011-11-09 04:00 -------- d-----w- c:\programdata\IsolatedStorage
2011-11-09 04:00 . 2011-11-18 03:08 -------- d-----w- c:\users\Home\AppData\Roaming\ID Vault
2011-11-09 03:58 . 2011-11-09 03:58 -------- d-----w- c:\programdata\White Sky, Inc
2011-10-28 02:35 . 2011-11-10 04:26 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-10-27 00:29 . 2011-10-27 00:29 -------- d-----w- c:\windows\system32\Macromed
2011-10-26 23:12 . 2011-11-10 04:26 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-10 03:43 . 2011-06-24 01:23 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 13:06 . 2010-09-30 23:43 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-06 13:56 . 2011-10-12 03:06 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 00:00 . 2011-10-18 01:26 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 16:20 . 2011-10-12 03:05 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:19 . 2011-10-12 03:05 332288 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 16:19 . 2011-10-12 03:05 847360 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:15 . 2011-10-12 03:05 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-12 03:05 238080 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-08-25 16:14 . 2011-10-12 03:05 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-25 13:54 . 2011-10-12 03:05 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-25 13:31 . 2011-10-12 03:05 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-14_04.50.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-18 03:35 . 2011-11-18 03:35 76800 c:\windows\SysWOW64\SetIEInstalledDate.exe
+ 2011-11-18 03:35 . 2011-11-18 03:35 74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2011-11-18 03:35 . 2011-11-18 03:35 54272 c:\windows\SysWOW64\pngfilt.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 48640 c:\windows\SysWOW64\mshtmler.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 11776 c:\windows\SysWOW64\mshta.exe
+ 2011-11-18 03:35 . 2011-11-18 03:35 10752 c:\windows\SysWOW64\msfeedssync.exe
+ 2011-11-18 03:35 . 2011-11-18 03:35 41472 c:\windows\SysWOW64\msfeedsbs.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 98816 c:\windows\SysWOW64\mfps.dll
- 2009-09-09 23:55 . 2009-04-11 06:28 98816 c:\windows\SysWOW64\mfps.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 23552 c:\windows\SysWOW64\licmgr10.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 78848 c:\windows\SysWOW64\inseng.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 35840 c:\windows\SysWOW64\imgutil.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 86528 c:\windows\SysWOW64\iesysprep.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 74752 c:\windows\SysWOW64\iesetup.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 31744 c:\windows\SysWOW64\iernonce.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 74240 c:\windows\SysWOW64\ie4uinit.exe
+ 2011-11-18 03:35 . 2011-11-18 03:35 66048 c:\windows\SysWOW64\icardie.dll
+ 2011-10-20 16:10 . 2011-11-18 03:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-10-20 16:10 . 2011-10-27 16:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2008-01-21 03:20 . 2011-11-10 03:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-11-18 03:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-11-10 03:40 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-11-18 03:07 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-11-10 03:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2011-11-18 03:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2011-11-18 04:01 49230 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-11-18 04:01 75988 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2011-11-18 03:35 . 2011-11-18 03:35 91648 c:\windows\system32\SetIEInstalledDate.exe
+ 2011-11-18 03:35 . 2011-11-18 03:35 89088 c:\windows\system32\RegisterIEPKEYs.exe
+ 2011-11-18 03:30 . 2011-11-18 03:30 35840 c:\windows\system32\printfilterpipelineprxy.dll
- 2010-10-11 04:00 . 2009-09-16 23:49 35840 c:\windows\system32\printfilterpipelineprxy.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 65024 c:\windows\system32\pngfilt.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 48640 c:\windows\system32\mshtmler.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 96256 c:\windows\system32\mshtmled.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 12288 c:\windows\system32\mshta.exe
+ 2011-11-18 03:35 . 2011-11-18 03:35 10752 c:\windows\system32\msfeedssync.exe
+ 2011-11-18 03:35 . 2011-11-18 03:35 55296 c:\windows\system32\msfeedsbs.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2009-09-09 23:55 . 2009-04-11 07:10 34304 c:\windows\system32\mfpmp.exe
+ 2011-11-18 03:30 . 2011-11-18 03:30 34304 c:\windows\system32\mfpmp.exe
+ 2011-11-18 03:35 . 2011-11-18 03:35 30720 c:\windows\system32\licmgr10.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 85504 c:\windows\system32\jsproxy.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 49664 c:\windows\system32\imgutil.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 85504 c:\windows\system32\iesetup.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 39936 c:\windows\system32\iernonce.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 89088 c:\windows\system32\ie4uinit.exe
+ 2011-11-18 03:35 . 2011-11-18 03:35 82432 c:\windows\system32\icardie.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 47104 c:\windows\system32\cdd.dll
+ 2009-10-12 04:41 . 2011-11-18 03:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-12 04:41 . 2011-11-02 20:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-12 04:41 . 2011-11-02 20:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-12 04:41 . 2011-11-18 03:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-12 04:41 . 2011-11-02 20:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-12 04:41 . 2011-11-18 03:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-20 23:13 . 2011-11-18 03:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-20 23:13 . 2011-11-14 04:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-20 23:13 . 2011-11-14 04:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-20 23:13 . 2011-11-18 03:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-06 17:28 . 2011-11-18 03:09 5164 c:\windows\system32\WDI\ERCQueuedResolutions.dat
+ 2009-09-06 23:06 . 2011-11-18 04:01 6812 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2382803881-993425058-3415998572-1000_UserData.bin
+ 2011-11-18 03:59 . 2011-11-18 03:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-14 04:50 . 2011-11-14 04:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-18 03:59 . 2011-11-18 03:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-14 04:50 . 2011-11-14 04:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-10-11 04:02 . 2010-08-17 23:54 135680 c:\windows\SysWOW64\XpsRasterService.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 135680 c:\windows\SysWOW64\XpsRasterService.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 876032 c:\windows\SysWOW64\XpsPrint.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 288768 c:\windows\SysWOW64\XpsGdiConverter.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 258048 c:\windows\SysWOW64\winspool.drv
- 2010-10-11 04:00 . 2009-09-24 22:54 258048 c:\windows\SysWOW64\winspool.drv
+ 2011-11-18 03:35 . 2011-11-18 03:35 152064 c:\windows\SysWOW64\wextract.exe
+ 2011-11-18 03:35 . 2011-11-18 03:35 203776 c:\windows\SysWOW64\webcheck.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 420864 c:\windows\SysWOW64\vbscript.dll
- 2011-04-13 19:34 . 2011-02-17 06:23 420864 c:\windows\SysWOW64\vbscript.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 231936 c:\windows\SysWOW64\url.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 586240 c:\windows\SysWOW64\stobject.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 847360 c:\windows\SysWOW64\OpcServices.dll
- 2010-10-11 04:00 . 2009-09-25 01:38 847360 c:\windows\SysWOW64\OpcServices.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 123392 c:\windows\SysWOW64\occache.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 162304 c:\windows\SysWOW64\msrating.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 161792 c:\windows\SysWOW64\msls31.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 580608 c:\windows\SysWOW64\msfeeds.dll
- 2010-10-11 04:02 . 2010-08-17 23:51 261632 c:\windows\SysWOW64\mfreadwrite.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 261632 c:\windows\SysWOW64\mfreadwrite.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 209920 c:\windows\SysWOW64\mfplat.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 302592 c:\windows\SysWOW64\mfmp4src.dll
- 2010-10-11 04:02 . 2010-08-17 23:51 302592 c:\windows\SysWOW64\mfmp4src.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 357376 c:\windows\SysWOW64\MFHEAACdec.dll
- 2010-10-11 04:02 . 2010-08-17 23:51 357376 c:\windows\SysWOW64\MFHEAACdec.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-11-18 03:21 . 2011-10-03 13:06 157472 c:\windows\SysWOW64\javaws.exe
- 2011-10-17 02:54 . 2011-05-04 11:52 157472 c:\windows\SysWOW64\javaws.exe
+ 2011-11-18 03:21 . 2011-10-03 13:06 145184 c:\windows\SysWOW64\javaw.exe
- 2011-10-17 02:54 . 2011-05-04 11:52 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-11-18 03:21 . 2011-10-03 13:06 145184 c:\windows\SysWOW64\java.exe
- 2011-10-17 02:54 . 2011-05-04 11:52 145184 c:\windows\SysWOW64\java.exe
+ 2011-11-18 03:35 . 2011-11-18 03:35 150528 c:\windows\SysWOW64\iexpress.exe
+ 2011-11-18 03:35 . 2011-11-18 03:35 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2011-11-18 03:35 . 2011-11-18 03:35 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 118784 c:\windows\SysWOW64\iepeers.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 353584 c:\windows\SysWOW64\iedkcs32.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 434176 c:\windows\SysWOW64\ieapfltr.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 163840 c:\windows\SysWOW64\ieakui.dll
- 2009-09-20 23:27 . 2009-03-08 11:32 163840 c:\windows\SysWOW64\ieakui.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 227840 c:\windows\SysWOW64\ieaksie.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 130560 c:\windows\SysWOW64\ieakeng.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 110592 c:\windows\SysWOW64\IEAdvpack.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 223232 c:\windows\SysWOW64\dxtrans.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 353792 c:\windows\SysWOW64\dxtmsft.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 478720 c:\windows\SysWOW64\dxgi.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 486400 c:\windows\SysWOW64\d3d10level9.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 189952 c:\windows\SysWOW64\d3d10core.dll
- 2010-10-11 04:02 . 2010-08-17 23:48 219648 c:\windows\SysWOW64\d3d10_1core.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 219648 c:\windows\SysWOW64\d3d10_1core.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 160768 c:\windows\SysWOW64\d3d10_1.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 683008 c:\windows\SysWOW64\d2d1.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 114176 c:\windows\SysWOW64\advpack.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 101888 c:\windows\SysWOW64\admparse.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 231936 c:\windows\system32\XpsRasterService.dll
- 2010-10-11 04:02 . 2010-08-17 23:58 231936 c:\windows\system32\XpsRasterService.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 479744 c:\windows\system32\XpsGdiConverter.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 366592 c:\windows\system32\winspool.drv
+ 2011-11-18 03:35 . 2011-11-18 03:35 160256 c:\windows\system32\wextract.exe
+ 2011-11-18 03:35 . 2011-11-18 03:35 249344 c:\windows\system32\webcheck.dll
+ 2009-09-16 21:07 . 2011-11-16 15:11 254388 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-11-18 03:35 . 2011-11-18 03:35 603648 c:\windows\system32\vbscript.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 237056 c:\windows\system32\url.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 748544 c:\windows\system32\stobject.dll
- 2009-09-18 10:56 . 2009-04-11 07:11 748544 c:\windows\system32\stobject.dll
- 2006-11-02 12:46 . 2011-11-14 04:27 663486 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-11-18 03:45 663486 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-11-14 04:27 128906 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2011-11-18 03:45 128906 c:\windows\system32\perfc009.dat
+ 2011-11-18 03:35 . 2011-11-18 03:35 149504 c:\windows\system32\occache.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 197120 c:\windows\system32\msrating.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 222208 c:\windows\system32\msls31.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 697344 c:\windows\system32\msfeeds.dll
- 2010-10-11 04:02 . 2010-08-17 23:54 345088 c:\windows\system32\mfreadwrite.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 345088 c:\windows\system32\mfreadwrite.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 195072 c:\windows\system32\mfps.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 278528 c:\windows\system32\mfplat.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 377344 c:\windows\system32\mfmp4src.dll
- 2010-10-11 04:02 . 2010-08-17 23:55 428544 c:\windows\system32\MFHEAACdec.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 428544 c:\windows\system32\MFHEAACdec.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 818176 c:\windows\system32\jscript.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 103936 c:\windows\system32\inseng.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 165888 c:\windows\system32\iexpress.exe
+ 2011-11-18 03:35 . 2011-11-18 03:35 173056 c:\windows\system32\ieUnatt.exe
+ 2011-11-18 03:35 . 2011-11-18 03:35 248320 c:\windows\system32\ieui.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 111616 c:\windows\system32\iesysprep.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 145920 c:\windows\system32\iepeers.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 403248 c:\windows\system32\iedkcs32.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 534528 c:\windows\system32\ieapfltr.dll
- 2009-09-20 23:27 . 2009-03-08 11:39 163840 c:\windows\system32\ieakui.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 163840 c:\windows\system32\ieakui.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 267776 c:\windows\system32\ieaksie.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 160256 c:\windows\system32\ieakeng.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 135168 c:\windows\system32\IEAdvpack.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 282112 c:\windows\system32\dxtrans.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 452608 c:\windows\system32\dxtmsft.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 625152 c:\windows\system32\dxgi.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 900480 c:\windows\system32\drivers\dxgkrnl.sys
- 2010-10-11 04:00 . 2009-09-25 01:32 566272 c:\windows\system32\d3d10level9.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 566272 c:\windows\system32\d3d10level9.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 287232 c:\windows\system32\d3d10core.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 327680 c:\windows\system32\d3d10_1core.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 196096 c:\windows\system32\d3d10_1.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 834048 c:\windows\system32\d2d1.dll
- 2009-09-20 23:34 . 2011-11-14 04:24 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-09-20 23:34 . 2011-11-18 03:42 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-09-06 23:05 . 2011-11-14 04:21 491520 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-06 23:05 . 2011-11-18 03:42 491520 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-18 03:35 . 2011-11-18 03:35 136192 c:\windows\system32\advpack.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 114176 c:\windows\system32\admparse.dll
- 2010-10-15 00:11 . 2010-10-26 22:43 752644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-10-15 00:11 . 2011-11-18 03:57 752644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-10-11 04:00 . 2009-09-25 01:49 1554432 c:\windows\SysWOW64\xpsservices.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 1554432 c:\windows\SysWOW64\xpsservices.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 1126912 c:\windows\SysWOW64\wininet.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 1102848 c:\windows\SysWOW64\urlmon.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 1075712 c:\windows\SysWOW64\shdocvw.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 2873344 c:\windows\SysWOW64\mf.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 1798144 c:\windows\SysWOW64\jscript9.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 1791488 c:\windows\SysWOW64\iertutil.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 9704960 c:\windows\SysWOW64\ieframe.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 3695416 c:\windows\SysWOW64\ieapfltr.dat
+ 2011-11-18 03:30 . 2011-11-18 03:30 1068544 c:\windows\SysWOW64\DWrite.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 1172480 c:\windows\SysWOW64\d3d10warp.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 1029120 c:\windows\SysWOW64\d3d10.dll
- 2010-10-11 04:00 . 2009-09-25 02:00 3068416 c:\windows\system32\xpsservices.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 3068416 c:\windows\system32\xpsservices.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 1653760 c:\windows\system32\XpsPrint.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 1389056 c:\windows\system32\wininet.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 1344512 c:\windows\system32\urlmon.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 1204224 c:\windows\system32\shdocvw.dll
- 2010-10-11 04:00 . 2009-09-16 23:49 1032192 c:\windows\system32\printfilterpipelinesvc.exe
+ 2011-11-18 03:30 . 2011-11-18 03:30 1032192 c:\windows\system32\printfilterpipelinesvc.exe
+ 2011-11-18 03:30 . 2011-11-18 03:30 1461760 c:\windows\system32\OpcServices.dll
- 2010-10-11 04:00 . 2009-09-25 01:40 1461760 c:\windows\system32\OpcServices.dll
- 2010-10-11 04:02 . 2010-08-17 23:56 1257984 c:\windows\system32\MFH264Dec.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 1257984 c:\windows\system32\MFH264Dec.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 3548672 c:\windows\system32\mf.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 2309120 c:\windows\system32\jscript9.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 2143744 c:\windows\system32\iertutil.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 3695416 c:\windows\system32\ieapfltr.dat
+ 2011-11-18 03:30 . 2011-11-18 03:30 1147904 c:\windows\system32\FntCache.dll
- 2010-10-11 04:02 . 2010-08-17 23:51 1147904 c:\windows\system32\FntCache.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 1555968 c:\windows\system32\DWrite.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 2002944 c:\windows\system32\d3d10warp.dll
+ 2011-11-18 03:30 . 2011-11-18 03:30 1268224 c:\windows\system32\d3d10.dll
- 2009-09-06 23:05 . 2011-11-14 04:27 6176768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-06 23:05 . 2011-11-18 03:42 6176768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-06 23:05 . 2011-11-18 03:42 4374528 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-06 23:05 . 2011-11-14 04:27 4374528 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 15:22 . 2011-01-12 11:00 4537193 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2006-11-02 15:22 . 2011-11-18 03:39 4537193 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2009-04-28 09:53 . 2011-11-18 03:57 3491936 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-04-28 09:53 . 2011-11-14 04:48 3491936 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-10-15 00:11 . 2011-11-18 03:57 8449816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2382803881-993425058-3415998572-1000-8192.dat
+ 2011-11-18 03:35 . 2011-11-18 03:35 12275200 c:\windows\SysWOW64\mshtml.dll
+ 2006-11-02 12:33 . 2011-11-18 03:58 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2006-11-02 12:33 . 2011-11-13 04:18 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-11-18 03:35 . 2011-11-18 03:35 17781760 c:\windows\system32\mshtml.dll
+ 2011-11-18 03:35 . 2011-11-18 03:35 10886144 c:\windows\system32\ieframe.dll
+ 2011-11-18 03:50 . 2011-11-18 03:50 10956800 c:\windows\ERDNT\Hiv-backup\schema.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-10 1328424]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-10 185640]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate1ca8fabaf33d630;Google Update Service (gupdate1ca8fabaf33d630);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 133104]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 133104]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 15:11]
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 15:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 154648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 227352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 202264]
"SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [BU]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\lgc4x2qq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Coupons.com Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{37153479-1976-43c3-a1ee-557513977b64} - (no file)
WebBrowser-{37153479-1976-43C3-A1EE-557513977B64} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2011-11-17 20:05:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-18 04:05
ComboFix2.txt 2011-11-18 02:52
ComboFix3.txt 2011-11-14 04:57
.
Pre-Run: 465,383,206,912 bytes free
Post-Run: 465,274,146,816 bytes free
.
- - End Of File - - CAB961F3C6BD500574D375485C41D3BA

#12 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 18 November 2011 - 03:17 AM

Previously, we have some more work here and having to work a finish will move to another problem.

Manually delete your copy of ComboFix, download a new fresh one and then:

Open Notepad and copy and paste the text in the code box below into it:

Folder::
c:\program files (x86)\Conduit
c:\users\Home\AppData\Local\Conduit

FireFox::
FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\lgc4x2qq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Coupons.com Customized Web Search

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

Posted Image

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.


In your next post here, please include ComboFix.txt .
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#13 brecko8700

brecko8700

    New Member

  • Members
  • Pip
  • 14 posts

Posted 18 November 2011 - 11:10 PM

ComboFix 11-11-18.02 - Home 11/18/2011 18:31:57.4.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4311 [GMT -8:00]
Running from: c:\users\Home\Desktop\ComboFix.exe
Command switches used :: c:\users\Home\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Conduit
c:\program files (x86)\Conduit\Community Alerts\Alert.dll
c:\users\Home\AppData\Local\Conduit
.
.
((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))
.
.
2011-11-19 02:38 . 2011-11-19 02:38 -------- d-----w- c:\users\Home\AppData\Local\temp
2011-11-19 02:38 . 2011-11-19 02:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-18 05:49 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DBAF0C29-DC35-4981-AC4B-1762690059A6}\mpengine.dll
2011-11-18 03:30 . 2011-11-18 03:30 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
2011-11-18 03:06 . 2011-11-18 03:09 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite
2011-11-15 18:26 . 2011-11-15 18:26 -------- d-----w- c:\users\AppData
2011-11-10 04:55 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-10 04:54 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-10 04:54 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2011-11-10 04:54 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-10 04:08 . 2011-11-10 04:18 -------- d-----w- c:\users\Home\AppData\Local\PMB Files
2011-11-10 03:06 . 2011-11-10 03:06 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\TEXTBOX.JS
2011-11-10 03:06 . 2011-11-10 03:06 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\TILEBOX.JS
2011-11-10 03:06 . 2011-11-10 03:06 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\SAVEDUSER.JS
2011-11-10 03:06 . 2011-11-10 03:06 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\UICORE.JS
2011-11-10 03:06 . 2011-11-10 03:06 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\USERTILE.JS
2011-11-10 03:06 . 2011-11-10 03:06 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\TEXT.JS
2011-11-10 03:06 . 2011-11-10 03:06 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\UIRESOURCE.JS
2011-11-10 03:06 . 2011-11-10 03:06 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\QUERYSTRING.JS
2011-11-10 03:06 . 2011-11-10 03:06 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\NEWUSERCOMM.JS
2011-11-10 03:06 . 2011-11-10 03:06 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\LOCALIZATION.JS
2011-11-10 03:06 . 2011-11-10 03:06 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\IMAGE.JS
2011-11-10 03:06 . 2011-11-10 03:06 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\LINK.JS
2011-11-10 03:05 . 2011-11-10 03:05 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\EXTERNALWRAPPER.JS
2011-11-10 03:05 . 2011-11-10 03:05 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\DIVWRAPPER.JS
2011-11-10 03:05 . 2011-11-10 03:05 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\COMBOBOX.JS
2011-11-10 03:05 . 2011-11-10 03:05 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\CHECKBOX.JS
2011-11-10 03:05 . 2011-11-10 03:05 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\BUTTON.JS
2011-11-09 04:00 . 2011-11-18 03:08 -------- d-----w- c:\users\Home\AppData\Local\ID Vault
2011-11-09 04:00 . 2011-11-09 04:00 -------- d-----w- c:\programdata\IsolatedStorage
2011-11-09 04:00 . 2011-11-18 03:08 -------- d-----w- c:\users\Home\AppData\Roaming\ID Vault
2011-11-09 03:58 . 2011-11-09 03:58 -------- d-----w- c:\programdata\White Sky, Inc
2011-10-28 02:35 . 2011-11-10 04:26 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-10-27 00:29 . 2011-10-27 00:29 -------- d-----w- c:\windows\system32\Macromed
2011-10-26 23:12 . 2011-11-10 04:26 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-10 03:43 . 2011-06-24 01:23 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 13:06 . 2010-09-30 23:43 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-06 13:56 . 2011-10-12 03:06 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 00:00 . 2011-10-18 01:26 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 16:20 . 2011-10-12 03:05 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:19 . 2011-10-12 03:05 332288 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 16:19 . 2011-10-12 03:05 847360 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-25 16:15 . 2011-10-12 03:05 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-12 03:05 238080 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-08-25 16:14 . 2011-10-12 03:05 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-25 13:54 . 2011-10-12 03:05 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-25 13:31 . 2011-10-12 03:05 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-18_03.59.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 15:45 . 2011-11-18 23:39 75996 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-09-06 23:06 . 2011-11-18 23:39 7028 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2382803881-993425058-3415998572-1000_UserData.bin
- 2011-11-18 03:59 . 2011-11-18 03:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-18 03:59 . 2011-11-18 23:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-18 03:59 . 2011-11-18 03:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-18 03:59 . 2011-11-18 23:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 12:46 . 2011-11-18 23:43 663486 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-11-18 03:45 663486 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-11-18 23:43 128906 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2011-11-18 03:45 128906 c:\windows\system32\perfc009.dat
+ 2009-09-20 23:34 . 2011-11-18 23:40 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-09-20 23:34 . 2011-11-18 03:42 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-09-06 23:05 . 2011-11-18 23:40 491520 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-06 23:05 . 2011-11-18 03:42 491520 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-06 23:05 . 2011-11-18 03:42 6176768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-06 23:05 . 2011-11-18 23:40 6176768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-06 23:05 . 2011-11-18 23:40 4374528 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-06 23:05 . 2011-11-18 03:42 4374528 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-10 1328424]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-10 185640]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate1ca8fabaf33d630;Google Update Service (gupdate1ca8fabaf33d630);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 133104]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 133104]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 15:11]
.
2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 15:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 154648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 227352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 202264]
"SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [BU]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\lgc4x2qq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-11-18 18:40:20
ComboFix-quarantined-files.txt 2011-11-19 02:40
ComboFix2.txt 2011-11-18 04:05
ComboFix3.txt 2011-11-18 02:52
ComboFix4.txt 2011-11-14 04:57
.
Pre-Run: 465,791,361,024 bytes free
Post-Run: 465,783,963,648 bytes free
.
- - End Of File - - 43C9844E2FBAFB26D1F66F2E47B4CCED

#14 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 19 November 2011 - 03:50 AM

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


Step 2

  • Please run a free online scan with the ESET Online Scanner

    Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


In your next reply, please post the following log files:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#15 brecko8700

brecko8700

    New Member

  • Members
  • Pip
  • 14 posts

Posted 22 November 2011 - 12:20 AM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8212

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

11/21/2011 6:19:22 PM
mbam-log-2011-11-21 (18-19-22).txt

Scan type: Quick scan
Objects scanned: 190172
Time elapsed: 2 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251

#16 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 22 November 2011 - 04:39 AM

Is this entire ESET Online Scanner log?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#17 brecko8700

brecko8700

    New Member

  • Members
  • Pip
  • 14 posts

Posted 28 November 2011 - 11:19 PM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - delete file error:Access is denied.

OnlineScanner.ocx - copy file error :The process cannot access the file because it is being used by another process.

OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

#18 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 29 November 2011 - 05:00 AM

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#19 brecko8700

brecko8700

    New Member

  • Members
  • Pip
  • 14 posts

Posted 01 December 2011 - 09:45 PM

Status: Deleted (events: 5)
11/30/2011 8:32:23 PM Deleted Trojan program Trojan-Downloader.Win32.Agent.gyal C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\000000cf.@.vir High
11/30/2011 8:32:24 PM Deleted Trojan program Backdoor.Win64.ZAccess.n C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\80000000.@.vir High
11/30/2011 8:32:24 PM Deleted Trojan program Backdoor.Win64.ZAccess.o C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\800000c0.@.vir High
11/30/2011 8:37:39 PM Deleted Trojan program Backdoor.Win32.ZAccess.aty C:\Windows\assembly\GAC_32\Desktop.ini High
11/30/2011 8:42:57 PM Deleted Trojan program Backdoor.Win64.ZAccess.s C:\Windows\System32\consrv.dll High

Attached Files



#20 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 02 December 2011 - 05:03 PM

How are things there?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users