brecko8700

Windows Firewall Problem

29 posts in this topic

Hi, I have been having issues with malware and search engine redirecting. "Cloud Protection" and "Privacy Protection" had both infected my computer but I have been able to get both of them removed. The windows firewall is disabled and is unable to restart. I have ran malware bytes and removed quite a few problems. Windows firewall will not start. It's ability to run depends on the base filtering engine, which is working properly and running, and the "windows firewall authorization driver". In device manager, after showing hidden objects, the "windows firewall authorization driver" has a yellow exclamation point next to it, and when opened, it states "This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)".

Any help with this issue would be greatly appreciated.

Share this post


Link to post
Share on other sites

Hello brecko8700! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Please make sure you follow the instructions here:

http://forums.malwarebytes.org/index.php?showtopic=97530

http://forums.malwarebytes.org/index.php?showtopic=99247

Once finished, please post the log file from Malwarebytes' Anti-Malware.

Share this post


Link to post
Share on other sites

So there were 87 items found during this scan. I removed all of them. I forgot to mention in my first post, but there are a couple of other things going on. I am having an issue with websites being redirected from google, and also my web browser opens by itself and goes to the same "redirect" site. And lastly, about half of the icons on my desktop are transparent, like they are hidden files. Heres the log from the scan:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8129

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19154

11/11/2011 8:09:18 PM

mbam-log-2011-11-11 (20-09-18).txt

Scan type: Quick scan

Objects scanned: 173223

Time elapsed: 5 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 79

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ZYXwwkUVelOB8234A (Trojan.FakeAlert.CLGen) -> Value: ZYXwwkUVelOB8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aYXwwkUVelOBP8234A (Trojan.FakeAlert.CLGen) -> Value: aYXwwkUVelOBP8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QYXwwkUVelOBPy8234A (Trojan.FakeAlert.CLGen) -> Value: QYXwwkUVelOBPy8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gWJJ7fEL8gTZhC8234A (Trojan.FakeAlert.CLGen) -> Value: gWJJ7fEL8gTZhC8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lnm6WJ7fEL8TZhC8234A (Trojan.FakeAlert.CLGen) -> Value: lnm6WJ7fEL8TZhC8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DzNS2iibD3pG4Lr8234A (Trojan.FakeAlert.CLGen) -> Value: DzNS2iibD3pG4Lr8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bhZNeF23C1e8234A (Trojan.FakeAlert.CLGen) -> Value: bhZNeF23C1e8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bVmsWWfgxmr8234A (Trojan.FakeAlert.CLGen) -> Value: bVmsWWfgxmr8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FwjjUCCel8234A (Trojan.FakeAlert.CLGen) -> Value: FwjjUCCel8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KwjjUCCelIBzPNx8234A (Trojan.FakeAlert.CLGen) -> Value: KwjjUCCelIBzPNx8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bwjjUCCelIBzPyx8234A (Trojan.FakeAlert.CLGen) -> Value: bwjjUCCelIBzPyx8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Fl3PCsNeo8234A (Trojan.FakeAlert.CLGen) -> Value: Fl3PCsNeo8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\j3PCsNeoW98234A (Trojan.FakeAlert.CLGen) -> Value: j3PCsNeoW98234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\r1l3PCsNeoK98234A (Trojan.FakeAlert.CLGen) -> Value: r1l3PCsNeoK98234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1l3PCsNeoK98234A (Trojan.FakeAlert.CLGen) -> Value: l1l3PCsNeoK98234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\K3PCsNeoW9HCO8234A (Trojan.FakeAlert.CLGen) -> Value: K3PCsNeoW9HCO8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LlddiiVNtxAucS8234A (Trojan.FakeAlert.CLGen) -> Value: LlddiiVNtxAucS8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kl3PCsNeoK9HCOm8234A (Trojan.FakeAlert.CLGen) -> Value: Kl3PCsNeoK9HCOm8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bl3PCsNeoK9HCOm8234A (Trojan.FakeAlert.CLGen) -> Value: bl3PCsNeoK9HCOm8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ul3PCsNeoW9HCOm8234A (Trojan.FakeAlert.CLGen) -> Value: Ul3PCsNeoW9HCOm8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ye3PCsNeoW9HCOm8234A (Trojan.FakeAlert.CLGen) -> Value: ye3PCsNeoW9HCOm8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Wl3PCsNeoK9HCOm8234A (Trojan.FakeAlert.CLGen) -> Value: Wl3PCsNeoK9HCOm8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DbwjkXVOmSj7Pdj8234A (Trojan.FakeAlert.CLGen) -> Value: DbwjkXVOmSj7Pdj8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GFPxw8fVYX8234A (Trojan.FakeAlert.CLGen) -> Value: GFPxw8fVYX8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Nxw8fVYXwkUVeOt8234A (Trojan.FakeAlert.CLGen) -> Value: Nxw8fVYXwkUVeOt8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\G7trmJbVm68234A (Trojan.FakeAlert.CLGen) -> Value: G7trmJbVm68234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mtUmJbVm6sW7fL88234A (Trojan.FakeAlert.CLGen) -> Value: mtUmJbVm6sW7fL88234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WfffELL8gTZqYwU8234A (Trojan.FakeAlert.CLGen) -> Value: WfffELL8gTZqYwU8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cyyyeF5sJ7dE8234A (Trojan.FakeAlert.CLGen) -> Value: cyyyeF5sJ7dE8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HTTTZqqhYCw8234A (Trojan.FakeAlert.CLGen) -> Value: HTTTZqqhYCw8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uEoJTTZqhYCw8234A (Trojan.FakeAlert.CLGen) -> Value: uEoJTTZqhYCw8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uTTTZqqhYCwk8234A (Trojan.FakeAlert.CLGen) -> Value: uTTTZqqhYCwk8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SEoJTTZqhYCwU8234A (Trojan.FakeAlert.CLGen) -> Value: SEoJTTZqhYCwU8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dtcSS1ivD34mHsW8234A (Trojan.FakeAlert.CLGen) -> Value: dtcSS1ivD34mHsW8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Vl1ibD33on4HZCk8234A (Trojan.FakeAlert.CLGen) -> Value: Vl1ibD33on4HZCk8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ql1ibD33on4HZCk8234A (Trojan.FakeAlert.CLGen) -> Value: ql1ibD33on4HZCk8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\v1iibD3oon4HZCk8234A (Trojan.FakeAlert.CLGen) -> Value: v1iibD3oon4HZCk8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ohhhTXwwjUC8234A (Trojan.FakeAlert.CLGen) -> Value: ohhhTXwwjUC8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TktxxP0uu8234A (Trojan.FakeAlert.CLGen) -> Value: TktxxP0uu8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aktxxP0uuS8234A (Trojan.FakeAlert.CLGen) -> Value: aktxxP0uuS8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\owtxxP0uuS18234A (Trojan.FakeAlert.CLGen) -> Value: owtxxP0uuS18234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VtxxPP0ucS1iD3n8234A (Trojan.FakeAlert.CLGen) -> Value: VtxxPP0ucS1iD3n8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qiiivDD3o8234A (Trojan.FakeAlert.CLGen) -> Value: qiiivDD3o8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\P11iivD33nF4aHs8234A (Trojan.FakeAlert.CLGen) -> Value: P11iivD33nF4aHs8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\k1ivvD2nF4p8234A (Trojan.FakeAlert.CLGen) -> Value: k1ivvD2nF4p8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vJJ7dEKzeyxA18234A (Trojan.FakeAlert.CLGen) -> Value: vJJ7dEKzeyxA18234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QCLgZYCIVrltP0c8234A (Trojan.FakeAlert.CLGen) -> Value: QCLgZYCIVrltP0c8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FLgZYCIIVrltP0c8234A (Trojan.FakeAlert.CLGen) -> Value: FLgZYCIIVrltP0c8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Av7BPNyyx8234A (Trojan.FakeAlert.CLGen) -> Value: Av7BPNyyx8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\y334hhTwjUelBNv8234A (Trojan.FakeAlert.CLGen) -> Value: y334hhTwjUelBNv8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IrrOBttxPyc18234A (Trojan.FakeAlert.CLGen) -> Value: IrrOBttxPyc18234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Q17BPNyyxAuvSqe8234A (Trojan.FakeAlert.CLGen) -> Value: Q17BPNyyxAuvSqe8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xD7BPNyyxAuvSqe8234A (Trojan.FakeAlert.CLGen) -> Value: xD7BPNyyxAuvSqe8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\L7BPPyyxA1uSqeF8234A (Trojan.FakeAlert.CLGen) -> Value: L7BPPyyxA1uSqeF8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WNxxA00uS2b3p5Q8234A (Trojan.FakeAlert.CLGen) -> Value: WNxxA00uS2b3p5Q8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WWpn6KK7fRLgTXj8234A (Trojan.FakeAlert.CLGen) -> Value: WWpn6KK7fRLgTXj8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Wdpn6KK7fRLgTXj8234A (Trojan.FakeAlert.CLGen) -> Value: Wdpn6KK7fRLgTXj8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PGGG5zWfRL98234A (Trojan.FakeAlert.CLGen) -> Value: PGGG5zWfRL98234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qGGG5zWfRL9h8234A (Trojan.FakeAlert.CLGen) -> Value: qGGG5zWfRL9h8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Q2tGG5zWfRL9XqC8234A (Trojan.FakeAlert.CLGen) -> Value: Q2tGG5zWfRL9XqC8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gGG5zWffRLhXqUk8234A (Trojan.FakeAlert.CLGen) -> Value: gGG5zWffRLhXqUk8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KSbF3pm5QJ8234A (Trojan.FakeAlert.CLGen) -> Value: KSbF3pm5QJ8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NbFF3pmGQJdKLT8234A (Trojan.FakeAlert.CLGen) -> Value: NbFF3pmGQJdKLT8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UPbF3pmGQJdKLTq8234A (Trojan.FakeAlert.CLGen) -> Value: UPbF3pmGQJdKLTq8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UPbF3pm5QJdKLTq8234A (Trojan.FakeAlert.CLGen) -> Value: UPbF3pm5QJdKLTq8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kl044m5sQ7dK8zS8234A (Trojan.FakeAlert.CLGen) -> Value: kl044m5sQ7dK8zS8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\j044pm5sQ7dK8zS8234A (Trojan.FakeAlert.CLGen) -> Value: j044pm5sQ7dK8zS8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FS22FnGa6dWK8234A (Trojan.FakeAlert.CLGen) -> Value: FS22FnGa6dWK8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RnnG5a6ddK7fL98234A (Trojan.FakeAlert.CLGen) -> Value: RnnG5a6ddK7fL98234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aZ22onnF4pHQ7E88234A (Trojan.FakeAlert.CLGen) -> Value: aZ22onnF4pHQ7E88234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qJn4pmH5sQJ78234A (Trojan.FakeAlert.CLGen) -> Value: qJn4pmH5sQJ78234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\F9hhYXwUe8234A (Trojan.FakeAlert.CLGen) -> Value: F9hhYXwUe8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a89hhXwUelBzN138234A (Trojan.FakeAlert.CLGen) -> Value: a89hhXwUelBzN138234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OjIxi7WdqV8234A (Trojan.FakeAlert.CLGen) -> Value: OjIxi7WdqV8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NjIxi7WdqVt8234A (Trojan.FakeAlert.CLGen) -> Value: NjIxi7WdqVt8234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\H23Yzu35dqVtF238234A (Trojan.FakeAlert.CLGen) -> Value: H23Yzu35dqVtF238234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SjIxi7WdqVtF2358234A (Trojan.FakeAlert.CLGen) -> Value: SjIxi7WdqVtF2358234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DjIxi7WdqVtF2358234A (Trojan.FakeAlert.CLGen) -> Value: DjIxi7WdqVtF2358234A -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PddqkBN2FGJ8Xt8234A (Trojan.FakeAlert.CLGen) -> Value: PddqkBN2FGJ8Xt8234A -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Home\AppData\Local\Temp\wpbt0.dll (Exploit.Drop) -> Quarantined and deleted successfully.

c:\Users\Home\AppData\Local\Temp\0.28225748762686875.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

c:\Users\Home\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\winupd.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.

Share this post


Link to post
Share on other sites

Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 5/16/2009 8:56:23 AM

System Uptime: 11/12/2011 7:59:19 PM (1 hours ago)

.

Motherboard: PEGATRON CORPORATION | | Benicia

Processor: Pentium® Dual-Core CPU E5200 @ 2.50GHz | CPU 1 | 2500/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 582 GiB total, 436.283 GiB free.

D: is FIXED (NTFS) - 14 GiB total, 1.931 GiB free.

E: is CDROM (UDF)

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.6

Combat Arms

Compatibility Pack for the 2007 Office system

Coupon Printer for Windows

CyberLink DVD Suite Deluxe

DirectX for Managed Code Update (Summer 2004)

DJ_SF_03_D1500_Software_Min

Feedback Tool

Google Earth

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Customer Experience Enhancements

HP Games

HP MediaSmart Demo

HP MediaSmart DVD

HP MediaSmart Music/Photo/Video

HP Odometer

HP Picasso Media Center Add-In

HP Recovery Manager RSS

HP Support Information

HP Total Care Setup

HP Update

HPAsset component for HP Active Support Library

Java Auto Updater

Java 6 Update 26

LabelPrint

LightScribe System Software

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2572067)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft Default Manager

Microsoft Live Search Toolbar

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Web Publishing Wizard 1.52

Microsoft Works

Mozilla Firefox (3.6.24)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

My Disney Kitchen

Octoshape add-in for Adobe Flash Player

Picaboo X

PictureMover

Python 2.6.1

QuickTime

Realtek High Definition Audio Driver

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553074)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office Excel 2007 (KB2553073)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

The Print Shop 23

Toolbox

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office OneNote 2007 (KB980729)

Windows Media Player Firefox Plugin

.

==== Event Viewer Messages From Past Week ========

.

11/9/2011 8:16:22 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.115.1237.0 Loading engine version: 1.1.7702.0

11/9/2011 8:11:55 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

11/9/2011 8:07:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate1ca8fabaf33d630) service to connect.

11/9/2011 8:07:55 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate1ca8fabaf33d630) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/9/2011 7:46:35 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.115.1237.0 Loading engine version: 1.1.7801.0

11/9/2011 6:29:49 PM, Error: Service Control Manager [7001] - The Windows Event Collector service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.

11/8/2011 8:00:11 PM, Error: Service Control Manager [7030] - The CGPS Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

11/8/2011 7:24:22 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 002100E1DA1F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

11/8/2011 6:57:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt spldr Wanarpv6

11/8/2011 6:57:56 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

11/8/2011 6:57:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

11/8/2011 6:57:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

11/8/2011 6:57:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

11/8/2011 6:57:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/8/2011 6:57:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

11/8/2011 12:36:28 PM, Error: netbt [4321] - The name "WORKGROUP :0" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer.

11/8/2011 12:36:20 PM, Error: netbt [4321] - The name "WORKGROUP :0" could not be registered on the interface with IP address 192.168.1.5. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer.

11/8/2011 12:36:19 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 002100E1DA1F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

11/7/2011 3:10:31 PM, Error: EventLog [6008] - The previous system shutdown at 9:46:14 PM on 11/6/2011 was unexpected.

11/12/2011 8:01:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt

11/12/2011 8:01:20 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.

11/12/2011 8:01:20 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.

11/11/2011 8:10:36 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 002100E1DA1F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

11/11/2011 5:32:07 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 002100E1DA1F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

11/10/2011 11:15:23 AM, Error: netbt [4321] - The name "WORKGROUP :0" could not be registered on the interface with IP address 192.168.1.2. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer.

.

==== End Of File ===========================

DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_26

Run by Home at 20:06:35 on 2011-11-12

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.3825 [GMT -8:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\LSI SoftModem\agr64svc.exe

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\igfxsrvc.exe

C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

"C:\Windows\system32\svchost.exe"

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File

uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY

uRun: [s11iivDD3on4aH5] C:\Users\Home\AppData\Roaming\svhostu.exe

mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun: [updateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos1.walmart.com/WalmartActivia.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{659A2472-CCCC-43E3-864C-023B39AB7739} : DhcpNameServer = 192.168.1.1

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB-X64: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File

mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun-x64: [updateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun-x64: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun-x64: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

mRun-x64: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

mRun-x64: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\lgc4x2qq.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

.

============= SERVICES / DRIVERS ===============

.

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-17 366152]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S2 gupdate1ca8fabaf33d630;Google Update Service (gupdate1ca8fabaf33d630);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-7 133104]

S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-18 89920]

S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-7 133104]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2011-11-13 03:59:39 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A2649D9D-DB71-4623-99A0-8134EA8DDB41}\offreg.dll

2011-11-12 01:15:06 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A2649D9D-DB71-4623-99A0-8134EA8DDB41}\mpengine.dll

2011-11-10 04:55:58 1426304 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-11-10 04:54:41 893440 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2011-11-10 04:54:41 707584 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2011-11-10 04:54:41 50688 ----a-w- C:\Program Files\Windows Mail\wabimp.dll

2011-11-10 04:08:14 -------- d-----w- C:\Users\Home\AppData\Roaming\FONyxA0uv2b3n5Q

2011-11-10 04:08:13 -------- d-----w- C:\Users\Home\AppData\Local\PMB Files

2011-11-10 04:08:09 -------- d-----w- C:\Users\Home\AppData\Roaming\dxA1uS2ob3m5Q6W

2011-11-10 04:07:54 -------- d-----w- C:\Users\Home\AppData\Roaming\LdEK8fRZ9TwUeI

2011-11-10 04:07:53 -------- d-----w- C:\Users\Home\AppData\Roaming\u4pmG5sQJ

2011-11-10 04:07:53 -------- d-----w- C:\Users\Home\AppData\Roaming\H4pmG5sQJdKfZhX

2011-11-10 04:07:48 -------- d-----w- C:\Users\Home\AppData\Roaming\YcA1ivD2oFpHsJd

2011-11-09 04:00:27 -------- d-----w- C:\Users\Home\AppData\Local\ID Vault

2011-11-09 04:00:27 -------- d-----w- C:\ProgramData\IsolatedStorage

2011-11-09 04:00:00 -------- d-----w- C:\Users\Home\AppData\Roaming\ID Vault

2011-11-09 03:58:59 -------- d-----w- C:\ProgramData\White Sky, Inc

2011-10-28 02:35:33 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe(960)

2011-10-26 23:12:34 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2011-10-18 14:53:50 -------- d--h--w- C:\Users\Home\AppData\Local\CrashDumps

2011-10-18 03:37:51 -------- d--h--w- C:\Users\Home\AppData\Local\NPE

2011-10-18 01:27:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\Malwarebytes

2011-10-18 01:26:40 -------- d-----w- C:\ProgramData\Malwarebytes

2011-10-18 01:26:37 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-10-18 01:26:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-10-17 22:44:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\okUUUVrlOBtP0cS

2011-10-17 22:42:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\WcbnQWETYVN01nH

2011-10-17 22:38:40 -------- d--h--w- C:\Users\Home\AppData\Roaming\a36EjVx1Gs

2011-10-17 22:38:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\EDDD2ooF4pmGsQ6

2011-10-17 22:36:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\o2b3GaHdKR9

2011-10-17 22:34:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\V68hjkzAipadRXC

2011-10-17 22:31:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\FOOAiWYN3WjN3JC

2011-10-17 22:31:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\uPoJ9UAmEwzvG6R

2011-10-17 22:30:24 -------- d--h--w- C:\Users\Home\AppData\Roaming\GFFF3pGaTV

2011-10-17 22:30:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\OsJf147qeishB26

2011-10-17 22:30:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\KGG4H66sWJ7ELgT

2011-10-17 22:30:19 -------- d--h--w- C:\Users\Home\AppData\Roaming\x111ivvoaRV

2011-10-17 22:30:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\Z00ccS11ivDon4a

2011-10-17 22:29:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\tbF33pG5aQ

2011-10-17 22:29:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\bddVx0cibD3pG4Q

2011-10-17 22:29:30 -------- d--h--w- C:\Users\Home\AppData\Roaming\appmmHsKhjVelBz

2011-10-17 22:29:17 -------- d--h--w- C:\Users\Home\AppData\Roaming\qyAA1uuvS2ob

2011-10-17 22:29:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\BLgTTZqhC3R04YN

2011-10-17 22:29:09 -------- d--h--w- C:\Users\Home\AppData\Roaming\TIIVVrlOtxP0UrO

2011-10-17 22:29:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\lvmQJJ7dEK8ZYvm

2011-10-17 22:28:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\xXqUa6W7R9XjCks

2011-10-17 22:28:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\O11uuvDD2o

2011-10-17 22:28:24 -------- d--h--w- C:\Users\Home\AppData\Roaming\ZPPPuccS1

2011-10-17 22:28:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\FyyccA1ivD2n5Qu

2011-10-17 22:28:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\bPP0ycA1ivD2n5

2011-10-17 22:28:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\CllOBzzP0yc

2011-10-17 22:27:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\NzpfOoEjAGgrvJ9

2011-10-17 22:27:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\mtZd4PqaitwLHDz

2011-10-17 22:27:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\yZpXujFe6z71BO

2011-10-17 22:27:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\UztrBVrlBzNyxx0

2011-10-17 22:27:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\JjvqPADG42QpV7h

2011-10-17 22:27:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\DyK19vsI6JfheqQ

2011-10-17 22:27:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\D888gTTZqhYCkUr

2011-10-17 22:27:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\cmxJ2rmwbLr17Uv

2011-10-17 22:27:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\aiWYzpfOoE

2011-10-17 22:27:41 -------- d--h--w- C:\Users\Home\AppData\Roaming\vzzOONyxAi2SF3m

2011-10-17 22:27:41 -------- d--h--w- C:\Users\Home\AppData\Roaming\vzOONyxxAi2SF3m

2011-10-17 22:27:40 -------- d--h--w- C:\Users\Home\AppData\Roaming\JBBBrzONNyAi2SF

2011-10-17 22:26:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\vzzOONyyxvSib3p

2011-10-17 22:26:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\vzzOONyxv2ibFpi

2011-10-17 22:26:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\vzOONNyxv2ibFpi

2011-10-17 22:26:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\vOOONNyxv2ibFpi

2011-10-17 22:25:37 -------- d--h--w- C:\Users\Home\AppData\Roaming\LH4jdeoa5EwdCI

2011-10-17 22:24:11 -------- d--h--w- C:\Users\Home\AppData\Roaming\pnnGG5aQH

2011-10-17 22:20:44 -------- d--h--w- C:\Users\Home\AppData\Roaming\gAA11vvD2on4pm5

2011-10-17 22:17:39 -------- d--h--w- C:\Users\Home\AppData\Roaming\vbbD33onG4wVr

2011-10-17 22:17:26 -------- d--h--w- C:\Users\Home\AppData\Roaming\uiibD33onGwV

2011-10-17 22:16:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\H1iibbD3onG

2011-10-17 22:15:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\QS11ibD3onG

2011-10-17 22:15:50 -------- d--h--w- C:\Users\Home\AppData\Roaming\Q111ibD3onG

2011-10-17 22:15:32 -------- d--h--w- C:\Users\Home\AppData\Roaming\H11iibDonG4

2011-10-17 22:15:29 -------- d--h--w- C:\Users\Home\AppData\Roaming\QS1iibDonG4

2011-10-17 22:13:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\okIrrzOOxA0cSi

2011-10-17 22:12:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\o7kIrrzONxA0cS

2011-10-17 22:11:35 -------- d--h--w- C:\Users\Home\AppData\Roaming\nDDD2o45JiJS

2011-10-17 22:10:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\nD22onnFALBz

2011-10-17 22:10:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\mlOOBBtzPy1vDoF

2011-10-17 22:10:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\HOOttzPP0yA1iD2

2011-10-17 22:10:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\UyccAA1ivD2oF4m

2011-10-17 22:09:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\HOOOttzP0ycAiv2

2011-10-17 22:09:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\ZVeelOOBtPy1vDo

2011-10-17 22:09:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\mlOOOBtzP0ycAiD

2011-10-17 22:09:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\HOOOBBtzP0yc1iD

2011-10-17 22:07:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\U0uucc2ibvZqYwI

2011-10-17 22:07:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\SJJJ6ddERZ

2011-10-17 22:07:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\nbbZZqjYCwkI

2011-10-17 22:07:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\nbbnZqjYCwkI

2011-10-17 22:07:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\HjYYCwkIIVlONx

2011-10-17 22:07:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\EOOONttxP0uc1iD

2011-10-17 22:07:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\AwwkIrOtPuSb3n4

2011-10-17 22:07:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\AwkIrOtPuSb3n4m

2011-10-17 22:07:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\AtxxA00uc2bvZjC

2011-10-17 22:07:42 -------- d--h--w- C:\Users\Home\AppData\Roaming\cQQJJ6dEE

2011-10-17 22:05:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\YhebFT8SVr

2011-10-17 22:04:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\ngggTXXqYekIrzN

2011-10-17 22:03:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\rqqhhYXww

2011-10-17 22:02:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\R2YYCCwkVrlOtPu

2011-10-17 22:01:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\WK77fEEL9gTq

2011-10-17 22:00:11 -------- d--h--w- C:\Users\Home\AppData\Roaming\a3ppmG55aQ6dW

2011-10-17 21:58:39 -------- d--h--w- C:\Users\Home\AppData\Roaming\W6SrXs3xwEpAegW

2011-10-17 21:58:36 -------- d--h--w- C:\Users\Home\AppData\Roaming\cXHvlRaSrZs2Pj8

2011-10-17 21:58:35 -------- d--h--w- C:\Users\Home\AppData\Roaming\ymnovzzVrUV

2011-10-17 21:58:35 -------- d--h--w- C:\Users\Home\AppData\Roaming\vlIXLfLE7Q

2011-10-17 21:58:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\UH2lYEyVR3xeEai

2011-10-17 21:58:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\pJdsJWffEL865Gn

2011-10-17 21:57:51 -------- d--h--w- C:\Users\Home\AppData\Roaming\JQov1yNAVYhhgXW

2011-10-17 21:57:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\mqX9JJ55Q6D1SPA

2011-10-17 21:57:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\rov1NPykYhhg

2011-10-17 21:57:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\CmbSAP0BUeCjLf

2011-10-17 21:57:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\OzITZFcUh330tUY

2011-10-17 21:56:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\dW1BXAIdTrTdDxk

2011-10-17 21:56:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\fHH66sWJJ7EL8TZ

2011-10-17 21:56:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\nxeLHtXKpuB5Sxr

2011-10-17 21:56:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\cPUh8dGaJDAA

2011-10-17 21:56:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\USlZQ2PURabCJnc

2011-10-17 21:56:41 -------- d--h--w- C:\Users\Home\AppData\Roaming\hdDxwE4Al

2011-10-17 21:56:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\A85SkfQD0qQ2PCG

2011-10-17 21:56:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\SLHFbF0VVUJ420x

2011-10-17 21:56:21 -------- d--h--w- C:\Users\Home\AppData\Roaming\CPj8Gx94Sqv

2011-10-17 21:56:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\qHm3i1xBIYqLHFb

2011-10-17 21:56:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\dqJoPjfFNT6btwE

2011-10-17 21:55:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\KzXdFyCLaSl9d2r

2011-10-17 21:55:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\nOrq8pSxr

2011-10-17 21:54:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\p9soOXnxw

2011-10-17 21:54:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\YKTezv5QZO45H

2011-10-17 21:54:36 -------- d--h--w- C:\Users\Home\AppData\Roaming\lb3mqpjVlzc2mvK

2011-10-17 21:54:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\vSib3mqpjVlzc

2011-10-17 21:54:27 -------- d--h--w- C:\Users\Home\AppData\Roaming\Q000uS1b3oG

2011-10-17 21:54:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\TOzje9ncPUq985p

2011-10-17 21:54:06 -------- d--h--w- C:\Users\Home\AppData\Roaming\HFAyVOfm2odZeov

2011-10-17 21:53:08 -------- d--h--w- C:\Users\Home\AppData\Roaming\RWS96nSVhEsuzj

2011-10-17 21:53:08 -------- d--h--w- C:\Users\Home\AppData\Roaming\kLHoACRaixURQ4S

2011-10-17 21:53:06 -------- d--h--w- C:\Users\Home\AppData\Roaming\mtXC9ncPUq

2011-10-17 21:53:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\nTWS9WGiO

2011-10-17 21:53:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\NsFvzU9LDtkdFyj

2011-10-17 21:53:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\bwEDlh6uCEnB9db

2011-10-17 21:53:02 -------- d--h--w- C:\Users\Home\AppData\Roaming\q11ivvn4amH5dgX

2011-10-17 21:53:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\cVycS11ivD3oFmH

2011-10-17 21:52:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\VNP1ivvn4

2011-10-17 21:52:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\ro1tXdapNYE4cUK

2011-10-17 21:51:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\SoBRGukEpuCd2

2011-10-17 21:51:27 -------- d--h--w- C:\Users\Home\AppData\Roaming\CKf9qCIVrhHijZ6

2011-10-17 21:50:54 -------- d--h--w- C:\Users\Home\AppData\Roaming\vhsvVnFF4pHsQEg

2011-10-17 21:50:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\PnxZayrRFpH5Qdg

2011-10-17 21:50:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\eCR4xqW4zpH5Qdg

2011-10-17 21:50:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\EEK88RhXUlrkgau

2011-10-17 21:50:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\dEK88RhXUlrkgau

2011-10-17 21:50:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\C66dK8fRhXUlxIX

2011-10-17 21:50:07 -------- d--h--w- C:\Users\Home\AppData\Roaming\AozC9QcrTHAj

2011-10-17 21:50:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\Z2PX6bOjsiOZ5Fy

2011-10-17 21:50:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\nRntqsoNwWFAILa

2011-10-17 21:48:40 -------- d--h--w- C:\Users\Home\AppData\Roaming\m4mBS47qkzv47

2011-10-17 21:48:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\liiibD33o

2011-10-17 21:48:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\hOttxPP0cS1ib3n

2011-10-17 21:48:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\X26ZObWhPn

2011-10-17 21:48:15 -------- d--h--w- C:\Users\Home\AppData\Roaming\tu49ViJYPndw0FR

2011-10-17 21:46:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\TF4a5JERe0D4H7g

2011-10-17 21:45:51 -------- d--h--w- C:\Users\Home\AppData\Roaming\q3oHWfEgy

2011-10-17 21:44:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\Azxv3567gCVNu2D

2011-10-17 21:44:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\rZXlcbJRU

2011-10-17 21:44:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\BrONx0c1b34msW7

2011-10-17 21:44:36 -------- d--h--w- C:\Users\Home\AppData\Roaming\gXjVlBzyAvbpGQ

2011-10-17 21:44:25 -------- d--h--w- C:\Users\Home\AppData\Roaming\Vgli5ZOvs9tD

2011-10-17 21:44:13 -------- d--h--w- C:\Users\Home\AppData\Roaming\U14QgjPDQhB2deS

2011-10-17 21:44:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\yPv47RwtAbs8XI

2011-10-17 21:43:17 -------- d--h--w- C:\Users\Home\AppData\Roaming\dBzyAuSiFn5HdKf

2011-10-17 21:43:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\RmRt49tbfzm9y5X

2011-10-17 21:42:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\wwwrOx0c1Do4m5W

2011-10-17 21:39:37 -------- d--h--w- C:\Users\Home\AppData\Roaming\errzzPNyyx1

2011-10-17 21:29:06 -------- d--h--w- C:\Users\Home\AppData\Roaming\CVelBzzPyA1u2b4

2011-10-17 21:29:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\gnnF4pmHsQ7dR9w

2011-10-17 21:28:40 -------- d--h--w- C:\Users\Home\AppData\Roaming\UnGG446WJ7ELgYC

2011-10-17 21:28:40 -------- d--h--w- C:\Users\Home\AppData\Roaming\A333onnG46WJEgY

2011-10-17 21:28:36 -------- d--h--w- C:\Users\Home\AppData\Roaming\oasETwOcomJgktA

2011-10-17 21:28:29 -------- d--h--w- C:\Users\Home\AppData\Roaming\sHsKLjkVlxS

2011-10-17 21:28:29 -------- d--h--w- C:\Users\Home\AppData\Roaming\lClzyAvoFG6W8hX

2011-10-17 21:28:29 -------- d--h--w- C:\Users\Home\AppData\Roaming\ExSGsgUy1D

2011-10-17 21:28:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\yYr0in45JgXBy2p

2011-10-17 21:28:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\xTqCrzNx0ci3n4

2011-10-17 21:23:27 -------- d--h--w- C:\Users\Home\AppData\Roaming\STqttxzlewRTR8k

2011-10-17 21:23:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\Y7RecyBCj9gfQd7

2011-10-17 21:23:07 -------- d--h--w- C:\Users\Home\AppData\Roaming\s9qlvbo0ytzCwZ

2011-10-17 21:22:48 -------- d--h--w- C:\Users\Home\AppData\Roaming\ht5ZCVz2G

2011-10-17 21:21:19 -------- d--h--w- C:\Users\Home\AppData\Roaming\XUUVellOBycAiv2

2011-10-17 21:21:18 -------- d--h--w- C:\Users\Home\AppData\Roaming\XxxPP0ycS1iD3n4

2011-10-17 21:21:18 -------- d--h--w- C:\Users\Home\AppData\Roaming\XxPP0ycS1ivDoF4

2011-10-17 21:20:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\P99hTTXqjUekIrO

2011-10-17 21:20:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\P99hhTXqjUCkIrO

2011-10-17 21:20:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\iwwkkUVelOBzPyA

2011-10-17 21:20:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\bwwkUUVelOtzPyA

2011-10-17 21:20:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\bwwkkUVelOBzPyA

2011-10-17 21:20:20 -------- d-----w- C:\Users\Home\AppData\Roaming\lD2oonF4pm5sQ7E

2011-10-17 21:07:21 -------- d--h--w- C:\Users\Home\AppData\Roaming\NyyxAA1vS2bFpm

2011-10-17 21:06:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\HfRRRL9hTXqjUeI

2011-10-17 21:06:54 -------- d--h--w- C:\Users\Home\AppData\Roaming\mTUkWnbu7tEHm

2011-10-17 21:06:54 -------- d--h--w- C:\Users\Home\AppData\Roaming\adRTUIf4bu7tEHH

2011-10-17 21:06:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\zT3dLXCsob

2011-10-17 21:06:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\SfDjmdLXCsobu7x

2011-10-17 21:06:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\OuTEojmdLqeWFbu

2011-10-17 21:06:50 -------- d--h--w- C:\Users\Home\AppData\Roaming\rp8UPImSyKFOgsS

2011-10-17 21:06:48 -------- d--h--w- C:\Users\Home\AppData\Roaming\o4KXzLWmSyKFOgs

2011-10-17 21:06:41 -------- d--h--w- C:\Users\Home\AppData\Roaming\zkeelOOBtzP0cAD

2011-10-17 21:06:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\rhYYXXwkUVelBtP

2011-10-17 21:06:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\rhhYYXXwkUVlOtz

2011-10-17 21:06:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\rhhYYXwwkUVlOtz

2011-10-17 21:06:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\o77ffEL88TZqhCk

2011-10-17 21:05:44 -------- d--h--w- C:\Users\Home\AppData\Roaming\uTTTtPpK7fCcr7b

2011-10-17 21:05:44 -------- d--h--w- C:\Users\Home\AppData\Roaming\RwiIIN855WJ7dLg

2011-10-17 21:05:44 -------- d--h--w- C:\Users\Home\AppData\Roaming\RTTTtPpK7fCcr7b

2011-10-17 21:05:44 -------- d--h--w- C:\Users\Home\AppData\Roaming\kXRK77fCcr7

2011-10-17 21:05:44 -------- d--h--w- C:\Users\Home\AppData\Roaming\koKiIN855WJ

2011-10-17 21:05:39 -------- d--h--w- C:\Users\Home\AppData\Roaming\k666dWWK8fR

2011-10-17 21:04:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\yXXXwjUCelIrzNx

2011-10-17 21:04:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\yXXXwjUCelIBzNx

2011-10-17 21:04:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\yXXXwjUCClIBzNx

2011-10-17 21:04:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\LHIq6HUb0DWrVh

2011-10-17 21:04:51 -------- d--h--w- C:\Users\Home\AppData\Roaming\yXwwwUUCelBrzNx

2011-10-17 21:04:51 -------- d--h--w- C:\Users\Home\AppData\Roaming\a99gTXXqjY

2011-10-17 21:04:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\DT1oZ9famH6XoBv

2011-10-17 21:04:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\eLo5qTfamH6XoB

2011-10-17 21:04:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\yeeekIIBrzOvtE4

2011-10-17 21:04:42 -------- d--h--w- C:\Users\Home\AppData\Roaming\qOONNyxxA0vS

2011-10-17 21:04:42 -------- d--h--w- C:\Users\Home\AppData\Roaming\qONNyyxA0uvS

2011-10-17 21:04:42 -------- d--h--w- C:\Users\Home\AppData\Roaming\jNNNyxxA0uv2i

2011-10-17 21:03:36 -------- d--h--w- C:\Users\Home\AppData\Roaming\mVb0D3rVhu4uUCi

2011-10-17 21:03:24 -------- d--h--w- C:\Users\Home\AppData\Roaming\m6HUb0D3rVhu4uU

2011-10-17 21:02:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\dkIq6HUb0

2011-10-17 21:02:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\ydVyNwOBm1LVWoJ

2011-10-17 21:01:41 -------- d--h--w- C:\Users\Home\AppData\Roaming\m9qxanbHoWooKUd

2011-10-17 21:00:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\jFFk4QQJ7e

2011-10-17 20:59:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\yBBBrzzONyx

2011-10-17 20:59:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\xrrzzONyyx0

2011-10-17 20:59:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\qOOONyyxA0uS

2011-10-17 20:59:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\qOONNyxxA0u2

2011-10-17 20:59:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\pekkIBBrz

2011-10-17 20:59:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\nkIIBrrzO

2011-10-17 20:59:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\GIBBrrzONy

2011-10-17 20:59:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\GBBBrzzONy

2011-10-17 20:59:31 -------- d-----w- C:\Users\Home\AppData\Roaming\yBBrrzOONyx

2011-10-17 20:59:30 -------- d--h--w- C:\Users\Home\AppData\Roaming\UVJo75cVUVci4x

2011-10-17 20:57:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\To9KesGy3

2011-10-17 20:57:25 -------- d--h--w- C:\Users\Home\AppData\Roaming\FJqadplavk9j

2011-10-17 20:56:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\CIfvJAITLkaLAVw

2011-10-17 20:56:29 -------- d--h--w- C:\Users\Home\AppData\Roaming\JBrrzzPEENVCPhT

2011-10-17 20:56:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\JBBBrzzEENVCPhT

2011-10-17 20:54:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\QdPCNlN3NbjDqH

2011-10-17 20:54:11 -------- d--h--w- C:\Users\Home\AppData\Roaming\uGswGX5sSgTFUUS

2011-10-17 20:53:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\p8CVW41EFbnxFye

2011-10-17 20:48:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\Hc6VdfRZTwjUlIr

2011-10-17 20:48:34 -------- d--h--w- C:\Users\Home\AppData\Roaming\mPPP0yycA1iDo

2011-10-17 20:46:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\xsssWWJ7fELqhC

2011-10-17 20:46:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\PCwwVWOyHVQX1W0

2011-10-17 20:46:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\iTwWsEbGQSHL8jR

2011-10-17 20:46:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\KZUDGFCOi9IkgRN

2011-10-17 20:46:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\j8X1UhWDDsBvQ31

2011-10-17 20:46:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\hH8X1UhWDDsBvQ3

2011-10-17 20:46:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\EqVclRFewYDfpEB

2011-10-17 20:41:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\wUUOBzA1iv2on4m

2011-10-17 20:39:10 -------- d--h--w- C:\Users\Home\AppData\Roaming\XvvDD2onF4pm5

2011-10-17 20:36:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\JOtPciDnLwVltP1

2011-10-17 20:36:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\ev9rvQzp7kmgkig

2011-10-17 20:36:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\bD46LZUtvsgUyns

2011-10-17 20:36:14 -------- d--h--w- C:\Users\Home\AppData\Roaming\vgqXkVlBPy

2011-10-17 20:35:54 -------- d--h--w- C:\Users\Home\AppData\Roaming\nTO1aTxDmZzD

2011-10-17 20:35:40 -------- d--h--w- C:\Users\Home\AppData\Roaming\vWKK7ffEL9gZqCk

2011-10-17 20:35:39 -------- d--h--w- C:\Users\Home\AppData\Roaming\h22oobFF4pm5

2011-10-17 20:35:39 -------- d--h--w- C:\Users\Home\AppData\Roaming\f999hhYXwjUVl

2011-10-17 20:34:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\AbFF335aQJ6dK8R

2011-10-17 20:34:19 -------- d--h--w- C:\Users\Home\AppData\Roaming\L6ZUBNubpaJdKf

2011-10-17 20:34:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\cOPvnmJgqkVl

2011-10-17 20:33:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\yTvguKPWkFq0JVA

2011-10-17 20:33:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\dWWJJ7fEE8gTqYw

2011-10-17 20:33:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\hyFHgYVyv

2011-10-17 20:31:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\gUBPy15TkOv6Yzu

2011-10-17 20:31:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\NRTzGdTI3sLqIif

2011-10-17 20:31:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\KhNmRrF8eS

2011-10-17 20:30:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\zlu5TNoWUNupLI0

2011-10-17 20:30:13 -------- d--h--w- C:\Users\Home\AppData\Roaming\ZdTkvFa9VAn7jkV

2011-10-17 20:30:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\Z8XIvpdRIADa

2011-10-17 20:29:27 -------- d--h--w- C:\Users\Home\AppData\Roaming\BuoGWTzS35fjIun

2011-10-17 20:28:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\s79CunaHW78Cyva

2011-10-17 20:27:36 -------- d--h--w- C:\Users\Home\AppData\Roaming\v8XOtPc1v45ZXUt

2011-10-17 20:27:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\p555aHdK7fLTqeD

2011-10-17 20:27:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\rhYYXXwyvDob

2011-10-17 20:26:32 -------- d--h--w- C:\Users\Home\AppData\Roaming\WKNiafCuLlig

2011-10-17 20:26:32 -------- d--h--w- C:\Users\Home\AppData\Roaming\TeGKTIGs7EgqYkV

2011-10-17 20:25:51 -------- d--h--w- C:\Users\Home\AppData\Roaming\E7ZVPyc1v3naHJd

2011-10-17 20:23:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\WUCCeekIBrzOyx0

2011-10-17 20:22:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\fnnGG5aQQH

2011-10-17 20:22:08 -------- d--h--w- C:\Users\Home\AppData\Roaming\UQRUuWqriRCNbEw

2011-10-17 20:20:15 -------- d--h--w- C:\Users\Home\AppData\Roaming\Bb3m5WfLkOu2b35

2011-10-17 20:20:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\l12FJRXeByup

2011-10-17 20:19:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\vn8tDH8OD58lvGR

2011-10-17 20:19:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\u4mWLZYt0coFpm5

2011-10-17 20:19:36 -------- d--h--w- C:\Users\Home\AppData\Roaming\ITTXXwjjUCeIzSJ

2011-10-17 20:19:26 -------- d--h--w- C:\Users\Home\AppData\Roaming\RjjUUCeBBrO

2011-10-17 20:19:26 -------- d--h--w- C:\Users\Home\AppData\Roaming\PiiivDD3onF

2011-10-17 20:19:10 -------- d--h--w- C:\Users\Home\AppData\Roaming\jVVBvJheNu5JW

2011-10-17 20:19:02 -------- d--h--w- C:\Users\Home\AppData\Roaming\PDomdXkeOPc

2011-10-17 20:17:35 -------- d--h--w- C:\Users\Home\AppData\Roaming\XyyyxAA0uvSibFp

2011-10-17 20:17:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\S7LgjkNA0ucib3n

2011-10-17 20:17:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\QQQH6WLgjVNA0ci

2011-10-17 20:17:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\ySS22obFF3mG5Q6

2011-10-17 20:17:19 -------- d--h--w- C:\Users\Home\AppData\Roaming\OJJJ6ddWK8

2011-10-17 20:11:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\VTXjYCekIrxu

2011-10-17 20:11:03 -------- d--h--w- C:\Users\Home\AppData\Roaming\ObF3pma68hqkrNx

2011-10-17 20:10:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\tSbnaKLTjkrt0i3

2011-10-17 18:07:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\zhhhYXwkUelOt

2011-10-17 18:07:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\vUVVrllOBtPy1v3

2011-10-17 18:07:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\piiiDoFmH

2011-10-17 18:07:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\gOBBttxPyc1vDn4

2011-10-17 18:07:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\d55ssWJJ7dE8gZq

2011-10-17 18:01:37 -------- d--h--w- C:\Users\Home\AppData\Roaming\mRXPvnEZz12Jg9t

2011-10-17 18:01:32 -------- d--h--w- C:\Users\Home\AppData\Roaming\d8USslD7lFfIr3h

2011-10-17 18:01:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\FwPvnEZz12Jg

2011-10-17 17:59:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\VZZqqjYYCwkVrON

2011-10-17 17:59:39 -------- d--h--w- C:\Users\Home\AppData\Roaming\rFF44pmmH

2011-10-17 17:59:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\ZAA11uvvD2bFpG5

2011-10-17 17:59:32 -------- d--h--w- C:\Users\Home\AppData\Roaming\D1nmH55JLqk

2011-10-17 17:59:30 -------- d--h--w- C:\Users\Home\AppData\Roaming\URL9TXqYCeIO2nG

2011-10-17 17:59:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\fUPubQK9XjCkBzN

2011-10-17 17:59:21 -------- d--h--w- C:\Users\Home\AppData\Roaming\V4gl1adXO

2011-10-17 17:59:11 -------- d--h--w- C:\Users\Home\AppData\Roaming\Ldk2KOaZtoJYOim

2011-10-17 17:59:10 -------- d--h--w- C:\Users\Home\AppData\Roaming\WKfRRL9hhTqjUeI

2011-10-17 17:59:10 -------- d--h--w- C:\Users\Home\AppData\Roaming\WKfRRL99hTqjUek

2011-10-17 17:59:09 -------- d--h--w- C:\Users\Home\AppData\Roaming\JkkUodEKKgRZ9Yw

2011-10-17 17:57:26 -------- d--h--w- C:\Users\Home\AppData\Roaming\fycc1aAKe3NqFwQ

2011-10-17 17:56:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\cXOPc7Auv

2011-10-17 17:56:03 -------- d--h--w- C:\Users\Home\AppData\Roaming\N000ycAA1iv2oF4

2011-10-17 17:56:03 -------- d--h--w- C:\Users\Home\AppData\Roaming\j555sQQJ7dK8RZh

2011-10-17 17:47:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\tssQQJ66dE8fR9h

2011-10-17 17:47:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\pIVVrrzONtxAuc2

2011-10-17 17:47:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\EE9hhXwUelBzN13

2011-10-17 17:47:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\DlBBzPN1WjIAD5d

2011-10-17 17:47:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\DlllIBBtzPNcAuv

2011-10-17 17:47:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\DlllIBBtzPNA1uD

2011-10-17 17:45:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\sOONNASibn4Q67f

2011-10-17 17:44:25 -------- d--h--w- C:\Users\Home\AppData\Roaming\sbD33nG4aQH

2011-10-17 17:44:21 -------- d--h--w- C:\Users\Home\AppData\Roaming\h6tibDD3p

2011-10-17 17:43:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\RiG6WJ7fEL8

2011-10-17 17:43:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\LiG6WJ7fEL8

2011-10-17 17:43:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\l6WJJfEL8gTZ

2011-10-17 17:43:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\Djm6WJ7fEL8TZh

2011-10-17 17:43:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\Db46WJ7fEL8TZh

2011-10-17 17:43:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\Cb46WJ7fEL8TZhC

2011-10-17 17:43:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\Ab46WJ7fEL8TZhC

2011-10-17 17:43:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\a7ffEL8gTZqhCwD

2011-10-17 17:43:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\KG6WJ7fEL8

2011-10-17 17:43:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\hEEKK8ffR

2011-10-17 17:43:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\cXXwwkUUVeOBtP0

2011-10-17 17:43:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\ayyyxAA1uvSobFp

2011-10-17 17:41:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\Ca6dWfjCkr0qwxR

2011-10-17 17:40:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\a9qVl1pdtcfVdP7

2011-10-17 17:40:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\nGas8ZeAbgkBbRL

2011-10-17 17:40:54 -------- d--h--w- C:\Users\Home\AppData\Roaming\bR9qVl1pdtcfVd

2011-10-17 17:40:51 -------- d--h--w- C:\Users\Home\AppData\Roaming\etGas8ZeAbgkBbR

2011-10-17 17:40:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\Zzvbm5ECNDEg

2011-10-17 17:40:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\GQCiVhjUCkIOFEe

2011-10-17 17:40:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\iONNtxPP0uc1i

2011-10-17 17:40:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\S00ucibD3pGaHsK

2011-10-17 17:39:51 -------- d--h--w- C:\Users\Home\AppData\Roaming\CZYwUrOtP0yS1vD

2011-10-17 17:39:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\xEELTqYUrOt0c1

2011-10-17 17:39:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\PhhYYXwwkUVlOt

2011-10-17 17:39:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\pF444amH5sJE8gh

2011-10-17 17:39:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\o88ghhYXwkU

2011-10-17 17:39:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\i6ilYJvz3iutCE5

2011-10-17 17:39:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\AL8TqwUrOt0c1vn

2011-10-17 17:38:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\f6fhXjerNAuSoFp

2011-10-17 17:37:24 -------- d--h--w- C:\Users\Home\AppData\Roaming\jjIy1opsdKRTwCI

2011-10-17 17:35:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\uJjAGhPpRzn9x4q

2011-10-17 17:35:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\SdU2WVb7r3EVv

2011-10-17 17:35:30 -------- d--h--w- C:\Users\Home\AppData\Roaming\LVvJjAGhPpRzn9x

2011-10-17 17:34:44 -------- d--h--w- C:\Users\Home\AppData\Roaming\LvBawvJLXrxZj2H

2011-10-17 17:31:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\QkUUVVrlOBtx0yS

2011-10-17 17:26:07 -------- d--h--w- C:\Users\Home\AppData\Roaming\CgsoyrjEHnAB9d5

2011-10-17 17:23:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\D666dEEK8fR

2011-10-17 17:22:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\kcccS22ibD3pGH

2011-10-17 17:22:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\tSn6LjrPi4WgwOc

2011-10-17 17:22:24 -------- d--h--w- C:\Users\Home\AppData\Roaming\CbbFF3p5aQd8R9T

2011-10-17 04:51:24 -------- d--h--w- C:\Users\Home\AppData\Roaming\ypppnrBBtxPyc1i

2011-10-17 04:51:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\TttxxP0uuc1ioaw

2011-10-17 04:51:13 -------- d--h--w- C:\Users\Home\AppData\Roaming\zuuucSS2ibD3nGa

2011-10-17 04:51:11 -------- d--h--w- C:\Users\Home\AppData\Roaming\Xuu2obbF4pm5sQ6

2011-10-17 04:51:07 -------- d--h--w- C:\Users\Home\AppData\Roaming\fTXXXqjUCekIBzN

2011-10-17 04:51:06 -------- d--h--w- C:\Users\Home\AppData\Roaming\SRRRZ99hXwjUelB

2011-10-17 04:51:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\zEKK88fRZ9hTX

2011-10-17 04:49:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\mSiivDD3onFam5s

2011-10-17 04:48:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\gS11iivD3on

2011-10-17 04:47:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\HnnG5QQKRL9

2011-10-17 04:46:26 -------- d--h--w- C:\Users\Home\AppData\Roaming\GTTTZqqjYCwkVrO

2011-10-17 04:46:24 -------- d--h--w- C:\Users\Home\AppData\Roaming\l555sQQJ6

2011-10-17 04:46:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\wEEEK88fRZ9hXwU

2011-10-17 04:45:34 -------- d--h--w- C:\Users\Home\AppData\Roaming\NbfGzxxAGhLgRq

2011-10-17 04:44:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\QDfr1JUy2KUIvmQ

2011-10-17 04:44:42 -------- d--h--w- C:\Users\Home\AppData\Roaming\vttPcDHEZEzcFKX

2011-10-17 04:44:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\KFpmmG5aaQ6dW8f

2011-10-17 04:44:25 -------- d--h--w- C:\Users\Home\AppData\Roaming\iaHdKfLgqYeIr

2011-10-17 04:43:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\WlPci2HE8YlDbFp

2011-10-17 04:43:40 -------- d--h--w- C:\Users\Home\AppData\Roaming\LK88LhTjUeIry2a

2011-10-17 04:43:26 -------- d--h--w- C:\Users\Home\AppData\Roaming\tYzYXwBcQE8fuF5

2011-10-17 04:43:10 -------- d--h--w- C:\Users\Home\AppData\Roaming\r22obFDnH6UVrJm

2011-10-17 04:40:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\HTTTXwwjUCe

2011-10-17 04:39:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\nWnFF9hTXn5LCHT

2011-10-17 04:37:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\sPPNNyxxA1uS2bF

2011-10-17 04:37:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\LyvlCgS76fv4tJv

2011-10-17 04:37:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\sUUCCelIBtzPNc1

2011-10-17 04:36:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\fQQQH66sWK7fL9T

2011-10-17 04:36:18 -------- d--h--w- C:\Users\Home\AppData\Roaming\seu5ZISQhzi6XOi

2011-10-17 04:36:11 -------- d--h--w- C:\Users\Home\AppData\Roaming\c2HTr1HWTOi5ZOv

2011-10-17 04:35:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\tXkc1ullOBUCeIB

2011-10-17 04:35:26 -------- d--h--w- C:\Users\Home\AppData\Roaming\whhhYXXwkUVlOtz

2011-10-17 04:35:17 -------- d--h--w- C:\Users\Home\AppData\Roaming\gVeellOBtzP0cAi

2011-10-17 04:35:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\suuuccS2ibD3nG

2011-10-17 04:33:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\xcccSS1ivD3oF4m

2011-10-17 04:32:50 -------- d--h--w- C:\Users\Home\AppData\Roaming\fmmGNJB2GdIZw

2011-10-17 04:32:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\a66ddEK8fRZ9hXj

2011-10-17 04:32:15 -------- d--h--w- C:\Users\Home\AppData\Roaming\LH66ddWK7fRLgTq

2011-10-17 04:31:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\sZUspFBsBuk0KLY

2011-10-17 04:31:44 -------- d--h--w- C:\Users\Home\AppData\Roaming\hBBDsvFQh

2011-10-17 04:31:30 -------- d--h--w- C:\Users\Home\AppData\Roaming\uItPyAu2b4m5Q6E

2011-10-17 04:31:18 -------- d--h--w- C:\Users\Home\AppData\Roaming\NHWW5IIVrzONxAr

2011-10-17 04:31:08 -------- d--h--w- C:\Users\Home\AppData\Roaming\bPNv2A2dN0c

2011-10-17 04:31:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\daaWJ7f4HdV7bEy

2011-10-17 04:30:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\qzzzPNNyxA1u

2011-10-17 04:30:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\K2zPb0rllOtxPuS

2011-10-17 04:30:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\FJ7dLgZhXkVOtPy

2011-10-17 04:29:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\GeeelIIBtzPyc1u

2011-10-17 04:26:03 -------- d--h--w- C:\Users\Home\AppData\Roaming\t0SDHELYOcnQ8RU

2011-10-17 04:25:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\uq2QKqcSa9C1Tky

2011-10-17 04:25:25 -------- d--h--w- C:\Users\Home\AppData\Roaming\eKK88fRRZ9h

2011-10-17 04:24:25 -------- d--h--w- C:\Users\Home\AppData\Roaming\ESS22ibbD3nG4

2011-10-17 04:23:37 -------- d--h--w- C:\Users\Home\AppData\Roaming\m88gV1vDFp

2011-10-17 04:23:35 -------- d--h--w- C:\Users\Home\AppData\Roaming\T3pmG5WhjNAn5d7

2011-10-17 04:23:27 -------- d--h--w- C:\Users\Home\AppData\Roaming\IXwwjjUVe

2011-10-17 04:23:27 -------- d--h--w- C:\Users\Home\AppData\Roaming\HwwwkkUVelOBz0

2011-10-17 04:23:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\DkrOBxv3oH5Jd8

2011-10-17 04:23:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\tJKTkzA0i3naHKf

2011-10-17 04:23:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\pJfTrtPc1v3oW7L

2011-10-17 04:23:10 -------- d--h--w- C:\Users\Home\AppData\Roaming\ZGGG5aaQ8

2011-10-17 04:23:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\SKK88gRRZ9hXwUV

2011-10-17 04:23:02 -------- d--h--w- C:\Users\Home\AppData\Roaming\Q77ddEL8gRZ

2011-10-17 04:22:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\d34m57ghkOPiDon

2011-10-17 04:22:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\UosRUzSG8TCezyv

2011-10-17 04:22:48 -------- d--h--w- C:\Users\Home\AppData\Roaming\OlOOBBtxP0ycSiD

2011-10-17 04:22:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\ePP00uucS1iD3nG

2011-10-17 04:22:39 -------- d--h--w- C:\Users\Home\AppData\Roaming\gJ7ETYUSvaH5WJ

2011-10-17 04:22:34 -------- d--h--w- C:\Users\Home\AppData\Roaming\LVVrtPySvFa5JEh

2011-10-17 04:22:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\HwwwkUUVrlOtx0y

2011-10-17 04:22:27 -------- d--h--w- C:\Users\Home\AppData\Roaming\mOONNtxPPucS1

2011-10-17 04:22:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\RbbbD33onG4aH6W

2011-10-17 04:22:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\cubsQQJ6dEK8RZh

2011-10-17 04:22:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\cVVVellOBtzPyc1

2011-10-17 04:22:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\VUUUVrrlOBtP0yS

2011-10-17 04:20:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\s77gXjCkrOtx0uS

2011-10-17 04:19:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\vlllONNtxP

2011-10-17 04:18:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\CCCwwkUUVrOBtP0

2011-10-17 04:17:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\wELL88gTZqhYw

2011-10-17 04:16:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\qxxPP0yycSiv

2011-10-17 04:15:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\T333ppnG4aQH

2011-10-17 04:14:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\CyyccS11ivDon4

2011-10-17 04:13:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\vQJJ7KgZhXjeItP

2011-10-17 04:12:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\YQQJJ6ddWK8RL

2011-10-17 04:11:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\XXXqqjYCCeIVrOt

2011-10-17 04:10:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\YkkkUVVrlO

2011-10-17 04:10:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\q888gRRZqhYwkVe

2011-10-17 04:10:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\X3pGWTaWqNxAuS3

2011-10-17 04:10:42 -------- d--h--w- C:\Users\Home\AppData\Roaming\yelrzPNxeu70iDQ

2011-10-17 04:10:35 -------- d--h--w- C:\Users\Home\AppData\Roaming\juvvvD2obF4pm

2011-10-17 04:10:35 -------- d--h--w- C:\Users\Home\AppData\Roaming\I0nppmH55sJ7dKg

2011-10-17 04:10:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\tCkxxuS4aW7TN

2011-10-17 04:10:24 -------- d--h--w- C:\Users\Home\AppData\Roaming\kWEZNi4J3o4m5dR

2011-10-17 04:10:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\NuuvvD22obFpm5s

2011-10-17 04:10:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\KuuuvvS2obF3mGa

2011-10-17 04:10:11 -------- d--h--w- C:\Users\Home\AppData\Roaming\EzPPc2md8ZhTX

2011-10-17 04:10:07 -------- d--h--w- C:\Users\Home\AppData\Roaming\LsVe95dTUvFGHW7

2011-10-17 04:10:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\Vam6sWWLhkySsky

2011-10-17 04:08:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\KYYYCwwkIVrONx0

2011-10-17 04:08:50 -------- d--h--w- C:\Users\Home\AppData\Roaming\O3ppnGG5aQH6WKf

2011-10-17 04:08:41 -------- d--h--w- C:\Users\Home\AppData\Roaming\eZqqjjYCwkIVlOt

2011-10-17 04:08:41 -------- d--h--w- C:\Users\Home\AppData\Roaming\aZZqqhYYCwUVrOB

2011-10-17 04:08:36 -------- d--h--w- C:\Users\Home\AppData\Roaming\EnnnG4TOtxP0cSi

2011-10-17 04:08:35 -------- d--h--w- C:\Users\Home\AppData\Roaming\xVFGKx50pG6XjY

2011-10-17 04:08:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\UhhhYXXwkUVeOBz

2011-10-17 04:08:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\KtttxPP0ycS1vDo

2011-10-17 04:08:17 -------- d--h--w- C:\Users\Home\AppData\Roaming\P11iv3amHJ7E8Rq

2011-10-17 04:08:15 -------- d--h--w- C:\Users\Home\AppData\Roaming\Ln4aTaEYkgZJ8R3

2011-10-17 04:08:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\KRRZZ9hhTXwUC

2011-10-17 04:08:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\rlIIBBtzP

2011-10-17 04:08:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\PttzzNypG5JEKR9

2011-10-17 04:06:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\tbQK7gjkIVrONxA

2011-10-17 04:05:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\OQdKgZhXjV

2011-10-17 04:04:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\iQQJJ6dWWKfRLhX

2011-10-17 04:03:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\ZzPdKTjBNy03n59

2011-10-17 04:03:50 -------- d--h--w- C:\Users\Home\AppData\Roaming\jffEEL8ggTqhYwU

2011-10-17 04:03:40 -------- d--h--w- C:\Users\Home\AppData\Roaming\JGWWJfLTwrBciDo

2011-10-17 04:03:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\ACzv6KTkS

2011-10-17 04:03:32 -------- d--h--w- C:\Users\Home\AppData\Roaming\VjjUUVeel

2011-10-17 04:03:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\PaaamHH5sWJdELg

2011-10-17 04:03:26 -------- d--h--w- C:\Users\Home\AppData\Roaming\P8CBS4JRZqYXwUe

2011-10-17 04:03:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\NhhXkPvdXymswBz

2011-10-17 04:03:17 -------- d--h--w- C:\Users\Home\AppData\Roaming\BD22mEVOBtzP0c1

2011-10-17 04:03:13 -------- d--h--w- C:\Users\Home\AppData\Roaming\iIIBtPcbdTPv2bW

2011-10-17 04:03:06 -------- d--h--w- C:\Users\Home\AppData\Roaming\wRRRZqqhYXwkV

2011-10-17 04:03:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\affEEL9ggTqjYwk

2011-10-17 04:01:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\rUOcFdqziFpmHs8

2011-10-17 04:00:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\QOONxP0u1YPOnHZ

2011-10-17 04:00:48 -------- d--h--w- C:\Users\Home\AppData\Roaming\CzzOONyxx0uvSi

2011-10-17 04:00:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\SQQJJ6ddEKfRZhT

2011-10-17 04:00:42 -------- d--h--w- C:\Users\Home\AppData\Roaming\pUUVVeBDo4m6dKf

2011-10-17 04:00:37 -------- d--h--w- C:\Users\Home\AppData\Roaming\JPPcSYevXuDbp5S

2011-10-17 04:00:29 -------- d--h--w- C:\Users\Home\AppData\Roaming\G555aQQH6dWKfR9

2011-10-17 04:00:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\UG55aaQJ6dWK8R9

2011-10-17 04:00:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\HbFF3pRXqerONx

2011-10-17 04:00:18 -------- d--h--w- C:\Users\Home\AppData\Roaming\wYvDniQudf

2011-10-17 04:00:10 -------- d--h--w- C:\Users\Home\AppData\Roaming\T999gTTXqjYC

2011-10-17 04:00:09 -------- d--h--w- C:\Users\Home\AppData\Roaming\JRRLL9ggTXqYCkI

2011-10-17 04:00:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\sfRRLL9gTXq

2011-10-17 04:00:02 -------- d--h--w- C:\Users\Home\AppData\Roaming\jioGV0vDPcA12

2011-10-17 03:59:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\laaamHH5sWJ7E8Z

2011-10-17 03:59:51 -------- d--h--w- C:\Users\Home\AppData\Roaming\GE9ggTZZqjYwk

2011-10-17 03:59:44 -------- d--h--w- C:\Users\Home\AppData\Roaming\YmHh1O5sJ8UG2

2011-10-17 03:59:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\k1nWTOtxc5kUOcn

2011-10-17 03:59:30 -------- d--h--w- C:\Users\Home\AppData\Roaming\LQHH66dWK7fR9gX

2011-10-17 03:59:30 -------- d--h--w- C:\Users\Home\AppData\Roaming\E88ffRL9hTXqj

2011-10-17 03:59:25 -------- d--h--w- C:\Users\Home\AppData\Roaming\EwwjUNumJ6dW8fL

2011-10-17 03:59:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\j0yycAivDgezUeB

2011-10-17 03:59:14 -------- d--h--w- C:\Users\Home\AppData\Roaming\uZZq0cAo4mH5sJd

2011-10-17 03:59:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\WRwBhQQJOfcSiGg

2011-10-17 03:59:02 -------- d--h--w- C:\Users\Home\AppData\Roaming\xfffELL8gTZhYwk

2011-10-17 03:59:02 -------- d--h--w- C:\Users\Home\AppData\Roaming\C7ffEEL9gTZqYCk

2011-10-17 03:58:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\KCCeIipnGHK7f

2011-10-17 03:58:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\uKKZu6IvoGavAu6

2011-10-17 03:58:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\JLL88gTTZqhCwUV

2011-10-17 03:58:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\aqjjYYCwkIVrl

2011-10-17 03:58:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\ZVrr3GaHsW7fL9T

2011-10-17 03:58:36 -------- d--h--w- C:\Users\Home\AppData\Roaming\cPyA2FpmDP5a6lB

2011-10-17 03:58:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\V9ggTTZqjYCwIVl

2011-10-17 03:58:24 -------- d--h--w- C:\Users\Home\AppData\Roaming\TammHH5sWJ7dE8R

2011-10-17 03:58:19 -------- d--h--w- C:\Users\Home\AppData\Roaming\FcSS11ibD3n4

2011-10-17 03:58:17 -------- d--h--w- C:\Users\Home\AppData\Roaming\NQJJdWW8fR9XCOv

2011-10-17 03:58:07 -------- d--h--w- C:\Users\Home\AppData\Roaming\nEEEK88fRZ9TXjU

2011-10-17 03:58:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\tTTTZqqhYCwkVrO

2011-10-17 03:56:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\NuuuvSS2ibF3nG

2011-10-17 03:55:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\UwOP0omHgXelzDo

2011-10-17 03:54:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\gRRLL9hhXzxS3Ga

2011-10-17 03:53:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\jFFF4JfZwIxoGW9

2011-10-17 03:53:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\ThhhYXXwkUVlOtz

2011-10-17 03:53:50 -------- d--h--w- C:\Users\Home\AppData\Roaming\B11DsR9XjF8qrAd

2011-10-17 03:53:41 -------- d--h--w- C:\Users\Home\AppData\Roaming\GTTZZCIVrlNtx0c

2011-10-17 03:53:37 -------- d--h--w- C:\Users\Home\AppData\Roaming\H77fLqkrxcv4HWd

2011-10-17 03:53:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\pIIIVrrzONtAuSi

2011-10-17 03:53:30 -------- d--h--w- C:\Users\Home\AppData\Roaming\vhhhTXXwjUCeIBz

2011-10-17 03:53:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\OBBBrzzON02ib3n

2011-10-17 03:53:15 -------- d--h--w- C:\Users\Home\AppData\Roaming\URLL99hTXjU

2011-10-17 03:53:03 -------- d--h--w- C:\Users\Home\AppData\Roaming\zsJ77fEEL8CwkVl

2011-10-17 03:53:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\kzONx02bF3n

2011-10-17 03:52:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\NOO0uSSbnGam6K

2011-10-17 03:52:48 -------- d--h--w- C:\Users\Home\AppData\Roaming\IYIIVVrlONtu

2011-10-17 03:52:34 -------- d--h--w- C:\Users\Home\AppData\Roaming\KDDD3oonF4am5sJ

2011-10-17 03:52:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\n4a6KfLgZjCkrOt

2011-10-17 03:52:19 -------- d--h--w- C:\Users\Home\AppData\Roaming\yJfLqCwkUO0

2011-10-17 03:52:17 -------- d--h--w- C:\Users\Home\AppData\Roaming\qTTXXqjUCekIOvn

2011-10-17 03:52:03 -------- d--h--w- C:\Users\Home\AppData\Roaming\CmGa68R9TqC

2011-10-17 03:52:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\mlBPyAiDoFm5Q7E

2011-10-17 03:50:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\HcAiDoFm5Q7

2011-10-17 03:49:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\kDD33pnnG4aKZI

2011-10-17 03:48:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\uSS33pnQdKf9TqC

2011-10-17 03:47:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\NyyycAA1ivD2nF

2011-10-17 03:46:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\Wuuc1b3Ga

2011-10-17 03:45:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\vJJJdE8XkUVeO

2011-10-17 03:44:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\ntxxxA0ucS2i

2011-10-17 03:43:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\qpmmmG5aQJ6dW8R

2011-10-17 03:42:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\VtttxPP0ucS1

2011-10-17 03:41:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\kNyyccA1uvD

2011-10-17 03:40:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\DVVrrlOOBtP0ySi

2011-10-17 03:39:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\DAA00ucS2ibD3n4

2011-10-17 03:38:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\WeellIBBrzNyx1v

2011-10-17 03:37:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\pTZZqqhYCwkUVlB

2011-10-17 03:36:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\lQQHH6KLqerxcDG

2011-10-17 03:35:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\tNcuDb4GQ6Kf9Tw

2011-10-17 03:34:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\oSS22ibbD3pG4Q6

2011-10-17 03:33:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\IxxPP0cS1iDnaH6

2011-10-17 03:32:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\ZOONNtxxP0uS1bo

2011-10-17 03:31:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\XkkkIBBrzONyA0v

2011-10-17 03:29:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\hXwwkUUVrOBtP0c

2011-10-17 03:29:19 -------- d--h--w- C:\Users\Home\AppData\Roaming\WDD22onF4pH5

2011-10-17 03:29:18 -------- d--h--w- C:\Users\Home\AppData\Roaming\a77EL8gTZqhYw

2011-10-17 03:29:18 -------- d-----w- C:\Users\Home\AppData\Roaming\xllOOBtxyc1iD3n

2011-10-17 03:29:13 -------- d--h--w- C:\Users\Home\AppData\Roaming\RNtxP0ucSiD

2011-10-17 03:29:13 -------- d--h--w- C:\Users\Home\AppData\Roaming\b4amH6sWJE8TqYw

2011-10-17 03:29:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\PdWK7fRL9TqYeIr

2011-10-17 03:29:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\mrzONtxA0c2b3

2011-10-17 03:29:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\kzONyxA0uSiFpGa

2011-10-17 03:29:11 -------- d--h--w- C:\Users\Home\AppData\Roaming\NTXqjUCekBz

2011-10-17 02:55:25 -------- d-----w- C:\Program Files (x86)\Common Files\Java(961)

2011-10-17 02:46:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\tSS22obF3p

2011-10-17 02:46:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\G99ggTZqjY

2011-10-17 02:46:30 -------- d-----w- C:\Users\Home\AppData\Roaming\AZqqhYYXwUVeOBz

2011-10-17 02:46:26 -------- d--h--w- C:\Users\Home\AppData\Roaming\tIBrzPNyx1

2011-10-17 02:44:17 -------- d--h--w- C:\Users\Home\AppData\Roaming\eFF44pmmG5s

2011-10-17 02:44:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\zeellOBBtzPyc1i

2011-10-17 02:44:11 -------- d--h--w- C:\Users\Home\AppData\Roaming\XvDD33onF4am5

2011-10-17 02:43:19 -------- d--h--w- C:\Users\Home\AppData\Roaming\ess66EEK8RZ9TwU

2011-10-17 02:43:19 -------- d-----w- C:\Users\Home\AppData\Roaming\KeellIBrzPyxA

2011-10-17 01:51:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\dkUrOx0c1DoFm5J

2011-10-17 01:51:01 -------- d-----w- C:\Users\Home\AppData\Roaming\dqXkeOt0c

2011-10-17 01:50:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\VkkkUVVrlOBxP0c

2011-10-17 01:50:55 -------- d-----w- C:\Users\Home\AppData\Roaming\yIIIVrrlONtx0uS

2011-10-17 01:50:54 -------- d--h--w- C:\Users\Home\AppData\Roaming\bppnnG44aQHsW7f

2011-10-16 23:51:08 -------- d-sh--w- C:\Windows\System32\%APPDATA%

2011-10-16 23:47:57 -------- d-----we C:\Windows\system64

2011-10-14 23:50:25 -------- d-----w- C:\Program Files (x86)\Picaboo X

.

==================== Find3M ====================

.

2011-11-10 03:43:30 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-30 23:25:35 1147904 ----a-w- C:\Windows\System32\wininet.dll

2011-09-30 23:21:20 56832 ----a-w- C:\Windows\System32\licmgr10.dll

2011-09-30 23:21:00 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-09-30 23:20:40 132096 ----a-w- C:\Windows\System32\iesysprep.dll

2011-09-30 23:20:39 77312 ----a-w- C:\Windows\System32\iesetup.dll

2011-09-30 23:06:24 916480 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-09-30 23:02:06 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-09-30 23:01:51 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-09-30 23:01:34 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll

2011-09-30 23:01:34 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2011-09-30 22:29:23 479232 ----a-w- C:\Windows\System32\html.iec

2011-09-30 22:07:25 385024 ----a-w- C:\Windows\SysWow64\html.iec

2011-09-30 21:48:19 162816 ----a-w- C:\Windows\System32\ieUnatt.exe

2011-09-30 21:47:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-09-30 21:29:54 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2011-09-30 21:28:36 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-09-30 00:54:44 1062984 ----a-w- C:\Users\Home\gotomypc_540.exe

2011-09-06 13:56:50 2764288 ----a-w- C:\Windows\System32\win32k.sys

2011-08-25 16:20:38 735744 ----a-w- C:\Windows\System32\UIAutomationCore.dll

2011-08-25 16:19:32 847360 ----a-w- C:\Windows\System32\oleaut32.dll

2011-08-25 16:19:32 332288 ----a-w- C:\Windows\System32\oleacc.dll

2011-08-25 16:15:04 555520 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll

2011-08-25 16:14:01 563712 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-08-25 16:14:01 238080 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-08-25 13:54:14 4096 ----a-w- C:\Windows\System32\oleaccrc.dll

2011-08-25 13:31:01 4096 ----a-w- C:\Windows\SysWow64\oleaccrc.dll

.

============= FINISH: 20:08:53.27 ===============

Share this post


Link to post
Share on other sites

ComboFix 11-11-13.03 - Home 11/13/2011 20:40:24.1.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4486 [GMT -8:00]

Running from: c:\users\Home\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\SelectRebates

c:\program files (x86)\SelectRebates\FFToolbar\install.rdf

c:\program files (x86)\SelectRebates\SelectRebatesA.dat

c:\users\Home\AppData\Roaming\AZqqhYYXwUVeOBz

c:\users\Home\AppData\Roaming\AZqqhYYXwUVeOBz\Cloud Protection.ico

c:\users\Home\AppData\Roaming\KeellIBrzPyxA

c:\users\Home\AppData\Roaming\KeellIBrzPyxA\Cloud Protection.ico

c:\users\Home\AppData\Roaming\lD2oonF4pm5sQ7E

c:\users\Home\AppData\Roaming\lD2oonF4pm5sQ7E\Cloud Protection.ico

c:\users\Home\AppData\Roaming\SddWWK77fR9gTqY

c:\users\Home\AppData\Roaming\SddWWK77fR9gTqY\Cloud Protection.ico

c:\users\Home\AppData\Roaming\xllOOBtxyc1iD3n

c:\users\Home\AppData\Roaming\xllOOBtxyc1iD3n\Cloud Protection.ico

c:\users\Home\gotomypc_540.exe

c:\windows\assembly\tmp\U

c:\windows\assembly\tmp\U\000000c0.@

c:\windows\assembly\tmp\U\000000cb.@

c:\windows\assembly\tmp\U\000000cf.@

c:\windows\assembly\tmp\U\80000000.@

c:\windows\assembly\tmp\U\800000c0.@

c:\windows\assembly\tmp\U\800000cb.@

c:\windows\assembly\tmp\U\800000cf.@

c:\windows\System64

.

.

((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 )))))))))))))))))))))))))))))))

.

.

2011-11-14 04:48 . 2011-11-14 04:48 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-12 01:15 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2649D9D-DB71-4623-99A0-8134EA8DDB41}\mpengine.dll

2011-11-10 04:55 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-10 04:54 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-11-10 04:54 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll

2011-11-10 04:54 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll

2011-11-10 04:08 . 2011-11-10 04:08 -------- d-----w- c:\users\Home\AppData\Roaming\FONyxA0uv2b3n5Q

2011-11-10 04:08 . 2011-11-10 04:18 -------- d-----w- c:\users\Home\AppData\Local\PMB Files

2011-11-10 04:08 . 2011-11-10 04:08 -------- d-----w- c:\users\Home\AppData\Roaming\dxA1uS2ob3m5Q6W

2011-11-10 04:07 . 2011-11-10 04:13 -------- d-----w- c:\users\Home\AppData\Roaming\LdEK8fRZ9TwUeI

2011-11-10 04:07 . 2011-11-10 04:07 -------- d-----w- c:\users\Home\AppData\Roaming\u4pmG5sQJ

2011-11-10 04:07 . 2011-11-10 04:07 -------- d-----w- c:\users\Home\AppData\Roaming\H4pmG5sQJdKfZhX

2011-11-10 04:07 . 2011-11-10 04:07 -------- d-----w- c:\users\Home\AppData\Roaming\YcA1ivD2oFpHsJd

2011-11-10 03:06 . 2011-11-10 03:06 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\TEXTBOX.JS

2011-11-10 03:06 . 2011-11-10 03:06 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\TILEBOX.JS

2011-11-10 03:06 . 2011-11-10 03:06 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\SAVEDUSER.JS

2011-11-10 03:06 . 2011-11-10 03:06 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\UICORE.JS

2011-11-10 03:06 . 2011-11-10 03:06 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\USERTILE.JS

2011-11-10 03:06 . 2011-11-10 03:06 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\TEXT.JS

2011-11-10 03:06 . 2011-11-10 03:06 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\UIRESOURCE.JS

2011-11-10 03:06 . 2011-11-10 03:06 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\QUERYSTRING.JS

2011-11-10 03:06 . 2011-11-10 03:06 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\NEWUSERCOMM.JS

2011-11-10 03:06 . 2011-11-10 03:06 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\LOCALIZATION.JS

2011-11-10 03:06 . 2011-11-10 03:06 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\IMAGE.JS

2011-11-10 03:06 . 2011-11-10 03:06 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\LINK.JS

2011-11-10 03:05 . 2011-11-10 03:05 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\EXTERNALWRAPPER.JS

2011-11-10 03:05 . 2011-11-10 03:05 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\DIVWRAPPER.JS

2011-11-10 03:05 . 2011-11-10 03:05 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\COMBOBOX.JS

2011-11-10 03:05 . 2011-11-10 03:05 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\CHECKBOX.JS

2011-11-10 03:05 . 2011-11-10 03:05 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\BUTTON.JS

2011-11-09 04:00 . 2011-11-09 04:35 -------- d-----w- c:\users\Home\AppData\Local\ID Vault

2011-11-09 04:00 . 2011-11-09 04:00 -------- d-----w- c:\programdata\IsolatedStorage

2011-11-09 04:00 . 2011-11-09 04:35 -------- d-----w- c:\users\Home\AppData\Roaming\ID Vault

2011-11-09 03:58 . 2011-11-09 03:58 -------- d-----w- c:\programdata\White Sky, Inc

2011-10-28 02:35 . 2011-11-10 04:26 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2011-10-27 00:29 . 2011-10-27 00:29 -------- d-----w- c:\windows\system32\Macromed

2011-10-26 23:12 . 2011-11-10 04:26 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2011-10-18 14:53 . 2011-11-12 03:33 -------- d--h--w- c:\users\Home\AppData\Local\CrashDumps

2011-10-18 03:37 . 2011-10-18 03:55 -------- d--h--w- c:\users\Home\AppData\Local\NPE

2011-10-18 01:27 . 2011-10-18 01:27 -------- d--h--w- c:\users\Home\AppData\Roaming\Malwarebytes

2011-10-18 01:26 . 2011-10-18 01:26 -------- d-----w- c:\programdata\Malwarebytes

2011-10-18 01:26 . 2011-11-10 04:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-10-18 01:26 . 2011-09-01 00:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-17 22:44 . 2011-10-17 22:44 -------- d--h--w- c:\users\Home\AppData\Roaming\okUUUVrlOBtP0cS

2011-10-17 22:42 . 2011-10-17 22:42 -------- d--h--w- c:\users\Home\AppData\Roaming\WcbnQWETYVN01nH

2011-10-17 22:38 . 2011-10-17 22:38 -------- d--h--w- c:\users\Home\AppData\Roaming\a36EjVx1Gs

2011-10-17 22:38 . 2011-10-17 22:38 -------- d--h--w- c:\users\Home\AppData\Roaming\EDDD2ooF4pmGsQ6

2011-10-17 22:36 . 2011-10-17 22:36 -------- d--h--w- c:\users\Home\AppData\Roaming\o2b3GaHdKR9

2011-10-17 22:34 . 2011-10-17 22:34 -------- d--h--w- c:\users\Home\AppData\Roaming\V68hjkzAipadRXC

2011-10-17 22:31 . 2011-10-17 22:31 -------- d--h--w- c:\users\Home\AppData\Roaming\FOOAiWYN3WjN3JC

2011-10-17 22:31 . 2011-10-17 22:31 -------- d--h--w- c:\users\Home\AppData\Roaming\uPoJ9UAmEwzvG6R

2011-10-17 22:30 . 2011-10-17 22:30 -------- d--h--w- c:\users\Home\AppData\Roaming\GFFF3pGaTV

2011-10-17 22:30 . 2011-10-17 22:30 -------- d--h--w- c:\users\Home\AppData\Roaming\OsJf147qeishB26

2011-10-17 22:30 . 2011-10-17 22:30 -------- d--h--w- c:\users\Home\AppData\Roaming\KGG4H66sWJ7ELgT

2011-10-17 22:30 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\x111ivvoaRV

2011-10-17 22:30 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\Z00ccS11ivDon4a

2011-10-17 22:29 . 2011-10-17 22:29 -------- d--h--w- c:\users\Home\AppData\Roaming\tbF33pG5aQ

2011-10-17 22:29 . 2011-10-17 22:29 -------- d--h--w- c:\users\Home\AppData\Roaming\bddVx0cibD3pG4Q

2011-10-17 22:29 . 2011-10-17 22:29 -------- d--h--w- c:\users\Home\AppData\Roaming\appmmHsKhjVelBz

2011-10-17 22:29 . 2011-10-17 22:29 -------- d--h--w- c:\users\Home\AppData\Roaming\qyAA1uuvS2ob

2011-10-17 22:29 . 2011-10-17 22:29 -------- d--h--w- c:\users\Home\AppData\Roaming\BLgTTZqhC3R04YN

2011-10-17 22:29 . 2011-10-17 22:29 -------- d--h--w- c:\users\Home\AppData\Roaming\TIIVVrlOtxP0UrO

2011-10-17 22:29 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\lvmQJJ7dEK8ZYvm

2011-10-17 22:28 . 2011-10-17 22:28 -------- d--h--w- c:\users\Home\AppData\Roaming\xXqUa6W7R9XjCks

2011-10-17 22:28 . 2011-10-17 22:28 -------- d--h--w- c:\users\Home\AppData\Roaming\O11uuvDD2o

2011-10-17 22:28 . 2011-10-17 22:28 -------- d--h--w- c:\users\Home\AppData\Roaming\FyyccA1ivD2n5Qu

2011-10-17 22:28 . 2011-10-17 22:28 -------- d--h--w- c:\users\Home\AppData\Roaming\bPP0ycA1ivD2n5

2011-10-17 22:28 . 2011-10-17 22:28 -------- d--h--w- c:\users\Home\AppData\Roaming\CllOBzzP0yc

2011-10-17 22:27 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\mtZd4PqaitwLHDz

2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\NzpfOoEjAGgrvJ9

2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\yZpXujFe6z71BO

2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\UztrBVrlBzNyxx0

2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\JjvqPADG42QpV7h

2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\DyK19vsI6JfheqQ

2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\D888gTTZqhYCkUr

2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\cmxJ2rmwbLr17Uv

2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\aiWYzpfOoE

2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\vzzOONyxAi2SF3m

2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\vzOONyxxAi2SF3m

2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\JBBBrzONNyAi2SF

2011-10-17 22:26 . 2011-10-17 22:26 -------- d--h--w- c:\users\Home\AppData\Roaming\vzzOONyyxvSib3p

2011-10-17 22:26 . 2011-10-17 22:26 -------- d--h--w- c:\users\Home\AppData\Roaming\vzzOONyxv2ibFpi

2011-10-17 22:26 . 2011-10-17 22:26 -------- d--h--w- c:\users\Home\AppData\Roaming\vzOONNyxv2ibFpi

2011-10-17 22:26 . 2011-10-17 22:26 -------- d--h--w- c:\users\Home\AppData\Roaming\vOOONNyxv2ibFpi

2011-10-17 22:25 . 2011-10-17 22:25 -------- d--h--w- c:\users\Home\AppData\Roaming\LH4jdeoa5EwdCI

2011-10-17 22:24 . 2011-10-17 22:24 -------- d--h--w- c:\users\Home\AppData\Roaming\pnnGG5aQH

2011-10-17 22:20 . 2011-10-17 22:20 -------- d--h--w- c:\users\Home\AppData\Roaming\gAA11vvD2on4pm5

2011-10-17 22:17 . 2011-10-17 22:17 -------- d--h--w- c:\users\Home\AppData\Roaming\vbbD33onG4wVr

2011-10-17 22:17 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\uiibD33onGwV

2011-10-17 22:16 . 2011-10-17 22:16 -------- d--h--w- c:\users\Home\AppData\Roaming\H1iibbD3onG

2011-10-17 22:15 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\QS11ibD3onG

2011-10-17 22:15 . 2011-10-17 22:15 -------- d--h--w- c:\users\Home\AppData\Roaming\Q111ibD3onG

2011-10-17 22:15 . 2011-10-17 22:19 -------- d--h--w- c:\users\Home\AppData\Roaming\H11iibDonG4

2011-10-17 22:15 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\QS1iibDonG4

2011-10-17 22:13 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\okIrrzOOxA0cSi

2011-10-17 22:12 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\o7kIrrzONxA0cS

2011-10-17 22:11 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\nDDD2o45JiJS

2011-10-17 22:10 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\nD22onnFALBz

2011-10-17 22:10 . 2011-10-17 22:10 -------- d--h--w- c:\users\Home\AppData\Roaming\mlOOBBtzPy1vDoF

2011-10-17 22:10 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\HOOttzPP0yA1iD2

2011-10-17 22:10 . 2011-10-17 22:10 -------- d--h--w- c:\users\Home\AppData\Roaming\UyccAA1ivD2oF4m

2011-10-17 22:09 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\HOOOttzP0ycAiv2

2011-10-17 22:09 . 2011-10-17 22:09 -------- d--h--w- c:\users\Home\AppData\Roaming\mlOOOBtzP0ycAiD

2011-10-17 22:09 . 2011-10-17 22:09 -------- d--h--w- c:\users\Home\AppData\Roaming\HOOOBBtzP0yc1iD

2011-10-17 22:07 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\SJJJ6ddERZ

2011-10-17 22:07 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\HjYYCwkIIVlONx

2011-10-17 22:07 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\AwwkIrOtPuSb3n4

2011-10-17 22:07 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\AtxxA00uc2bvZjC

2011-10-17 22:07 . 2011-10-17 22:14 -------- d--h--w- c:\users\Home\AppData\Roaming\U0uucc2ibvZqYwI

2011-10-17 22:07 . 2011-10-17 22:07 -------- d--h--w- c:\users\Home\AppData\Roaming\nbbZZqjYCwkI

2011-10-17 22:07 . 2011-10-17 22:07 -------- d--h--w- c:\users\Home\AppData\Roaming\nbbnZqjYCwkI

2011-10-17 22:07 . 2011-10-17 22:07 -------- d--h--w- c:\users\Home\AppData\Roaming\EOOONttxP0uc1iD

2011-10-17 22:07 . 2011-10-17 22:07 -------- d--h--w- c:\users\Home\AppData\Roaming\AwkIrOtPuSb3n4m

2011-10-17 22:07 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\cQQJJ6dEE

2011-10-17 22:05 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\yciibD3onGamfkZ

2011-10-17 22:04 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\ngggTXXqYCeIVzO

2011-10-17 22:03 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\rqqhhYXww

2011-10-17 22:02 . 2011-10-17 22:02 -------- d--h--w- c:\users\Home\AppData\Roaming\R2YYCCwkVrlOtPu

2011-10-17 22:01 . 2011-10-17 22:01 -------- d--h--w- c:\users\Home\AppData\Roaming\WK77fEEL9gTq

2011-10-17 22:00 . 2011-10-17 22:00 -------- d--h--w- c:\users\Home\AppData\Roaming\a3ppmG55aQ6dW

2011-10-17 21:58 . 2011-10-17 21:58 -------- d--h--w- c:\users\Home\AppData\Roaming\W6SrXs3xwEpAegW

2011-10-17 21:58 . 2011-10-17 21:58 -------- d--h--w- c:\users\Home\AppData\Roaming\cXHvlRaSrZs2Pj8

2011-10-17 21:58 . 2011-10-17 21:58 -------- d--h--w- c:\users\Home\AppData\Roaming\ymnovzzVrUV

2011-10-17 21:58 . 2011-10-17 21:58 -------- d--h--w- c:\users\Home\AppData\Roaming\vlIXLfLE7Q

2011-10-17 21:58 . 2011-10-17 21:58 -------- d--h--w- c:\users\Home\AppData\Roaming\UH2lYEyVR3xeEai

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-10 03:43 . 2011-06-24 01:23 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-30 23:25 . 2011-10-12 03:12 1147904 ----a-w- c:\windows\system32\wininet.dll

2011-09-30 23:21 . 2011-10-12 03:12 56832 ----a-w- c:\windows\system32\licmgr10.dll

2011-09-30 23:21 . 2011-10-12 03:12 1538560 ----a-w- c:\windows\system32\inetcpl.cpl

2011-09-30 23:20 . 2011-10-12 03:12 132096 ----a-w- c:\windows\system32\iesysprep.dll

2011-09-30 23:20 . 2011-10-12 03:12 77312 ----a-w- c:\windows\system32\iesetup.dll

2011-09-30 23:06 . 2011-10-12 03:12 916480 ----a-w- c:\windows\SysWow64\wininet.dll

2011-09-30 23:02 . 2011-10-12 03:12 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-09-30 23:01 . 2011-10-12 03:12 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-09-30 23:01 . 2011-10-12 03:12 71680 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-09-30 23:01 . 2011-10-12 03:12 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-09-30 22:29 . 2011-10-12 03:12 479232 ----a-w- c:\windows\system32\html.iec

2011-09-30 22:07 . 2011-10-12 03:12 385024 ----a-w- c:\windows\SysWow64\html.iec

2011-09-30 21:48 . 2011-10-12 03:12 162816 ----a-w- c:\windows\system32\ieUnatt.exe

2011-09-30 21:47 . 2011-10-12 03:12 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-09-30 21:29 . 2011-10-12 03:12 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-09-30 21:28 . 2011-10-12 03:12 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-09-06 13:56 . 2011-10-12 03:06 2764288 ----a-w- c:\windows\system32\win32k.sys

2011-08-25 16:20 . 2011-10-12 03:05 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-08-25 16:19 . 2011-10-12 03:05 332288 ----a-w- c:\windows\system32\oleacc.dll

2011-08-25 16:19 . 2011-10-12 03:05 847360 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-25 16:15 . 2011-10-12 03:05 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll

2011-08-25 16:14 . 2011-10-12 03:05 238080 ----a-w- c:\windows\SysWow64\oleacc.dll

2011-08-25 16:14 . 2011-10-12 03:05 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-08-25 13:54 . 2011-10-12 03:05 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2011-08-25 13:31 . 2011-10-12 03:05 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]

"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]

"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-10 1328424]

"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-10 185640]

"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 gupdate1ca8fabaf33d630;Google Update Service (gupdate1ca8fabaf33d630);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 133104]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 133104]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 15:11]

.

2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 15:11]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 154648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 227352]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 202264]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]

"combofix"="c:\combofix\CF3555.3XE" [2008-01-21 363008]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\lgc4x2qq.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-HPADVISOR - c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

Wow6432Node-HKCU-Run-s11iivDD3on4aH5 - c:\users\Home\AppData\Roaming\svhostu.exe

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe

HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

AddRemove-Coupon Printer for Windows4.0 - c:\program files (x86)\Coupons\uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

.

**************************************************************************

.

Completion time: 2011-11-13 20:57:09 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-14 04:57

.

Pre-Run: 467,832,479,744 bytes free

Post-Run: 469,182,660,608 bytes free

.

- - End Of File - - A417CA765F83970010CA87A244B31443

Share this post


Link to post
Share on other sites

Save the attached file to your desktop.

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

In your next post here, please include ComboFix.txt and let me know how are things there.

CFScript.txt

Share this post


Link to post
Share on other sites

Performed the last step, computer works good, windows firewall works now, and no more problems with redirecting. Thank you for your help! There is one other issue still. When this all first happened, a ton of the files on my computer were changed to hidden files. They still are hidden, and show up as being transparent. Any idea on how to get them all changed back to non-hidden files, or should I start doing it manually?

Here's the log file:

ComboFix 11-11-17.03 - Home 11/17/2011 19:51:18.3.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4344 [GMT -8:00]

Running from: c:\users\Home\Desktop\ComboFix.exe

Command switches used :: c:\users\Home\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

J:\Autorun.inf

J:\Setup.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-10-18 to 2011-11-18 )))))))))))))))))))))))))))))))

.

.

2011-11-18 03:57 . 2011-11-18 03:57 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-18 03:30 . 2011-11-18 03:30 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll

2011-11-18 03:06 . 2011-11-18 03:09 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite

2011-11-15 18:58 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B5DD244-81F2-4566-9F36-86CAA1F3F8AA}\mpengine.dll

2011-11-15 18:26 . 2011-11-15 18:26 -------- d-----w- c:\users\AppData

2011-11-15 18:26 . 2011-11-15 18:26 -------- d-----w- c:\program files (x86)\Conduit

2011-11-15 18:26 . 2011-11-18 03:13 -------- d-----w- c:\users\Home\AppData\Local\Conduit

2011-11-10 04:55 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-10 04:54 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-11-10 04:54 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll

2011-11-10 04:54 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll

2011-11-10 04:08 . 2011-11-10 04:18 -------- d-----w- c:\users\Home\AppData\Local\PMB Files

2011-11-10 03:06 . 2011-11-10 03:06 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\TEXTBOX.JS

2011-11-10 03:06 . 2011-11-10 03:06 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\TILEBOX.JS

2011-11-10 03:06 . 2011-11-10 03:06 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\SAVEDUSER.JS

2011-11-10 03:06 . 2011-11-10 03:06 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\UICORE.JS

2011-11-10 03:06 . 2011-11-10 03:06 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\USERTILE.JS

2011-11-10 03:06 . 2011-11-10 03:06 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\TEXT.JS

2011-11-10 03:06 . 2011-11-10 03:06 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\UIRESOURCE.JS

2011-11-10 03:06 . 2011-11-10 03:06 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\QUERYSTRING.JS

2011-11-10 03:06 . 2011-11-10 03:06 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\NEWUSERCOMM.JS

2011-11-10 03:06 . 2011-11-10 03:06 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\LOCALIZATION.JS

2011-11-10 03:06 . 2011-11-10 03:06 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\IMAGE.JS

2011-11-10 03:06 . 2011-11-10 03:06 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\LINK.JS

2011-11-10 03:05 . 2011-11-10 03:05 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\EXTERNALWRAPPER.JS

2011-11-10 03:05 . 2011-11-10 03:05 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\DIVWRAPPER.JS

2011-11-10 03:05 . 2011-11-10 03:05 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\COMBOBOX.JS

2011-11-10 03:05 . 2011-11-10 03:05 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\CHECKBOX.JS

2011-11-10 03:05 . 2011-11-10 03:05 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\BUTTON.JS

2011-11-09 04:00 . 2011-11-18 03:08 -------- d-----w- c:\users\Home\AppData\Local\ID Vault

2011-11-09 04:00 . 2011-11-09 04:00 -------- d-----w- c:\programdata\IsolatedStorage

2011-11-09 04:00 . 2011-11-18 03:08 -------- d-----w- c:\users\Home\AppData\Roaming\ID Vault

2011-11-09 03:58 . 2011-11-09 03:58 -------- d-----w- c:\programdata\White Sky, Inc

2011-10-28 02:35 . 2011-11-10 04:26 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2011-10-27 00:29 . 2011-10-27 00:29 -------- d-----w- c:\windows\system32\Macromed

2011-10-26 23:12 . 2011-11-10 04:26 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-10 03:43 . 2011-06-24 01:23 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-03 13:06 . 2010-09-30 23:43 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-09-06 13:56 . 2011-10-12 03:06 2764288 ----a-w- c:\windows\system32\win32k.sys

2011-09-01 00:00 . 2011-10-18 01:26 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-25 16:20 . 2011-10-12 03:05 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-08-25 16:19 . 2011-10-12 03:05 332288 ----a-w- c:\windows\system32\oleacc.dll

2011-08-25 16:19 . 2011-10-12 03:05 847360 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-25 16:15 . 2011-10-12 03:05 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll

2011-08-25 16:14 . 2011-10-12 03:05 238080 ----a-w- c:\windows\SysWow64\oleacc.dll

2011-08-25 16:14 . 2011-10-12 03:05 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-08-25 13:54 . 2011-10-12 03:05 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2011-08-25 13:31 . 2011-10-12 03:05 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-14_04.50.52 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-11-18 03:35 . 2011-11-18 03:35 76800 c:\windows\SysWOW64\SetIEInstalledDate.exe

+ 2011-11-18 03:35 . 2011-11-18 03:35 74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe

+ 2011-11-18 03:35 . 2011-11-18 03:35 54272 c:\windows\SysWOW64\pngfilt.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 48640 c:\windows\SysWOW64\mshtmler.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 72704 c:\windows\SysWOW64\mshtmled.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 11776 c:\windows\SysWOW64\mshta.exe

+ 2011-11-18 03:35 . 2011-11-18 03:35 10752 c:\windows\SysWOW64\msfeedssync.exe

+ 2011-11-18 03:35 . 2011-11-18 03:35 41472 c:\windows\SysWOW64\msfeedsbs.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 98816 c:\windows\SysWOW64\mfps.dll

- 2009-09-09 23:55 . 2009-04-11 06:28 98816 c:\windows\SysWOW64\mfps.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 23552 c:\windows\SysWOW64\licmgr10.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 65024 c:\windows\SysWOW64\jsproxy.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 78848 c:\windows\SysWOW64\inseng.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 35840 c:\windows\SysWOW64\imgutil.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 86528 c:\windows\SysWOW64\iesysprep.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 74752 c:\windows\SysWOW64\iesetup.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 31744 c:\windows\SysWOW64\iernonce.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 74240 c:\windows\SysWOW64\ie4uinit.exe

+ 2011-11-18 03:35 . 2011-11-18 03:35 66048 c:\windows\SysWOW64\icardie.dll

+ 2011-10-20 16:10 . 2011-11-18 03:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2011-10-20 16:10 . 2011-10-27 16:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2008-01-21 03:20 . 2011-11-10 03:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-01-21 03:20 . 2011-11-18 03:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-01-21 03:20 . 2011-11-10 03:40 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-01-21 03:20 . 2011-11-18 03:07 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-01-21 03:20 . 2011-11-10 03:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-01-21 03:20 . 2011-11-18 03:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-01-21 02:23 . 2011-11-18 04:01 49230 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 15:45 . 2011-11-18 04:01 75988 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2011-11-18 03:35 . 2011-11-18 03:35 91648 c:\windows\system32\SetIEInstalledDate.exe

+ 2011-11-18 03:35 . 2011-11-18 03:35 89088 c:\windows\system32\RegisterIEPKEYs.exe

+ 2011-11-18 03:30 . 2011-11-18 03:30 35840 c:\windows\system32\printfilterpipelineprxy.dll

- 2010-10-11 04:00 . 2009-09-16 23:49 35840 c:\windows\system32\printfilterpipelineprxy.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 65024 c:\windows\system32\pngfilt.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 48640 c:\windows\system32\mshtmler.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 96256 c:\windows\system32\mshtmled.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 12288 c:\windows\system32\mshta.exe

+ 2011-11-18 03:35 . 2011-11-18 03:35 10752 c:\windows\system32\msfeedssync.exe

+ 2011-11-18 03:35 . 2011-11-18 03:35 55296 c:\windows\system32\msfeedsbs.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 86528 c:\windows\system32\migration\WininetPlugin.dll

- 2009-09-09 23:55 . 2009-04-11 07:10 34304 c:\windows\system32\mfpmp.exe

+ 2011-11-18 03:30 . 2011-11-18 03:30 34304 c:\windows\system32\mfpmp.exe

+ 2011-11-18 03:35 . 2011-11-18 03:35 30720 c:\windows\system32\licmgr10.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 85504 c:\windows\system32\jsproxy.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 49664 c:\windows\system32\imgutil.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 85504 c:\windows\system32\iesetup.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 39936 c:\windows\system32\iernonce.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 89088 c:\windows\system32\ie4uinit.exe

+ 2011-11-18 03:35 . 2011-11-18 03:35 82432 c:\windows\system32\icardie.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 47104 c:\windows\system32\cdd.dll

+ 2009-10-12 04:41 . 2011-11-18 03:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-10-12 04:41 . 2011-11-02 20:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-10-12 04:41 . 2011-11-02 20:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-10-12 04:41 . 2011-11-18 03:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-10-12 04:41 . 2011-11-02 20:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-10-12 04:41 . 2011-11-18 03:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-09-20 23:13 . 2011-11-18 03:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-09-20 23:13 . 2011-11-14 04:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-09-20 23:13 . 2011-11-14 04:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-09-20 23:13 . 2011-11-18 03:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-12-06 17:28 . 2011-11-18 03:09 5164 c:\windows\system32\WDI\ERCQueuedResolutions.dat

+ 2009-09-06 23:06 . 2011-11-18 04:01 6812 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2382803881-993425058-3415998572-1000_UserData.bin

+ 2011-11-18 03:59 . 2011-11-18 03:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-11-14 04:50 . 2011-11-14 04:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-11-18 03:59 . 2011-11-18 03:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-11-14 04:50 . 2011-11-14 04:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2010-10-11 04:02 . 2010-08-17 23:54 135680 c:\windows\SysWOW64\XpsRasterService.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 135680 c:\windows\SysWOW64\XpsRasterService.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 876032 c:\windows\SysWOW64\XpsPrint.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 288768 c:\windows\SysWOW64\XpsGdiConverter.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 258048 c:\windows\SysWOW64\winspool.drv

- 2010-10-11 04:00 . 2009-09-24 22:54 258048 c:\windows\SysWOW64\winspool.drv

+ 2011-11-18 03:35 . 2011-11-18 03:35 152064 c:\windows\SysWOW64\wextract.exe

+ 2011-11-18 03:35 . 2011-11-18 03:35 203776 c:\windows\SysWOW64\webcheck.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 420864 c:\windows\SysWOW64\vbscript.dll

- 2011-04-13 19:34 . 2011-02-17 06:23 420864 c:\windows\SysWOW64\vbscript.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 231936 c:\windows\SysWOW64\url.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 586240 c:\windows\SysWOW64\stobject.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 847360 c:\windows\SysWOW64\OpcServices.dll

- 2010-10-11 04:00 . 2009-09-25 01:38 847360 c:\windows\SysWOW64\OpcServices.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 123392 c:\windows\SysWOW64\occache.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 162304 c:\windows\SysWOW64\msrating.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 161792 c:\windows\SysWOW64\msls31.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 580608 c:\windows\SysWOW64\msfeeds.dll

- 2010-10-11 04:02 . 2010-08-17 23:51 261632 c:\windows\SysWOW64\mfreadwrite.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 261632 c:\windows\SysWOW64\mfreadwrite.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 209920 c:\windows\SysWOW64\mfplat.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 302592 c:\windows\SysWOW64\mfmp4src.dll

- 2010-10-11 04:02 . 2010-08-17 23:51 302592 c:\windows\SysWOW64\mfmp4src.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 357376 c:\windows\SysWOW64\MFHEAACdec.dll

- 2010-10-11 04:02 . 2010-08-17 23:51 357376 c:\windows\SysWOW64\MFHEAACdec.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 716800 c:\windows\SysWOW64\jscript.dll

+ 2011-11-18 03:21 . 2011-10-03 13:06 157472 c:\windows\SysWOW64\javaws.exe

- 2011-10-17 02:54 . 2011-05-04 11:52 157472 c:\windows\SysWOW64\javaws.exe

+ 2011-11-18 03:21 . 2011-10-03 13:06 145184 c:\windows\SysWOW64\javaw.exe

- 2011-10-17 02:54 . 2011-05-04 11:52 145184 c:\windows\SysWOW64\javaw.exe

+ 2011-11-18 03:21 . 2011-10-03 13:06 145184 c:\windows\SysWOW64\java.exe

- 2011-10-17 02:54 . 2011-05-04 11:52 145184 c:\windows\SysWOW64\java.exe

+ 2011-11-18 03:35 . 2011-11-18 03:35 150528 c:\windows\SysWOW64\iexpress.exe

+ 2011-11-18 03:35 . 2011-11-18 03:35 142848 c:\windows\SysWOW64\ieUnatt.exe

+ 2011-11-18 03:35 . 2011-11-18 03:35 176640 c:\windows\SysWOW64\ieui.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 118784 c:\windows\SysWOW64\iepeers.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 353584 c:\windows\SysWOW64\iedkcs32.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 434176 c:\windows\SysWOW64\ieapfltr.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 163840 c:\windows\SysWOW64\ieakui.dll

- 2009-09-20 23:27 . 2009-03-08 11:32 163840 c:\windows\SysWOW64\ieakui.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 227840 c:\windows\SysWOW64\ieaksie.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 130560 c:\windows\SysWOW64\ieakeng.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 110592 c:\windows\SysWOW64\IEAdvpack.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 223232 c:\windows\SysWOW64\dxtrans.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 353792 c:\windows\SysWOW64\dxtmsft.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 478720 c:\windows\SysWOW64\dxgi.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 486400 c:\windows\SysWOW64\d3d10level9.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 189952 c:\windows\SysWOW64\d3d10core.dll

- 2010-10-11 04:02 . 2010-08-17 23:48 219648 c:\windows\SysWOW64\d3d10_1core.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 219648 c:\windows\SysWOW64\d3d10_1core.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 160768 c:\windows\SysWOW64\d3d10_1.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 683008 c:\windows\SysWOW64\d2d1.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 114176 c:\windows\SysWOW64\advpack.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 101888 c:\windows\SysWOW64\admparse.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 231936 c:\windows\system32\XpsRasterService.dll

- 2010-10-11 04:02 . 2010-08-17 23:58 231936 c:\windows\system32\XpsRasterService.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 479744 c:\windows\system32\XpsGdiConverter.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 366592 c:\windows\system32\winspool.drv

+ 2011-11-18 03:35 . 2011-11-18 03:35 160256 c:\windows\system32\wextract.exe

+ 2011-11-18 03:35 . 2011-11-18 03:35 249344 c:\windows\system32\webcheck.dll

+ 2009-09-16 21:07 . 2011-11-16 15:11 254388 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2011-11-18 03:35 . 2011-11-18 03:35 603648 c:\windows\system32\vbscript.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 237056 c:\windows\system32\url.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 748544 c:\windows\system32\stobject.dll

- 2009-09-18 10:56 . 2009-04-11 07:11 748544 c:\windows\system32\stobject.dll

- 2006-11-02 12:46 . 2011-11-14 04:27 663486 c:\windows\system32\perfh009.dat

+ 2006-11-02 12:46 . 2011-11-18 03:45 663486 c:\windows\system32\perfh009.dat

- 2006-11-02 12:46 . 2011-11-14 04:27 128906 c:\windows\system32\perfc009.dat

+ 2006-11-02 12:46 . 2011-11-18 03:45 128906 c:\windows\system32\perfc009.dat

+ 2011-11-18 03:35 . 2011-11-18 03:35 149504 c:\windows\system32\occache.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 197120 c:\windows\system32\msrating.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 222208 c:\windows\system32\msls31.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 697344 c:\windows\system32\msfeeds.dll

- 2010-10-11 04:02 . 2010-08-17 23:54 345088 c:\windows\system32\mfreadwrite.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 345088 c:\windows\system32\mfreadwrite.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 195072 c:\windows\system32\mfps.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 278528 c:\windows\system32\mfplat.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 377344 c:\windows\system32\mfmp4src.dll

- 2010-10-11 04:02 . 2010-08-17 23:55 428544 c:\windows\system32\MFHEAACdec.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 428544 c:\windows\system32\MFHEAACdec.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 818176 c:\windows\system32\jscript.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 103936 c:\windows\system32\inseng.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 165888 c:\windows\system32\iexpress.exe

+ 2011-11-18 03:35 . 2011-11-18 03:35 173056 c:\windows\system32\ieUnatt.exe

+ 2011-11-18 03:35 . 2011-11-18 03:35 248320 c:\windows\system32\ieui.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 111616 c:\windows\system32\iesysprep.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 145920 c:\windows\system32\iepeers.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 403248 c:\windows\system32\iedkcs32.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 534528 c:\windows\system32\ieapfltr.dll

- 2009-09-20 23:27 . 2009-03-08 11:39 163840 c:\windows\system32\ieakui.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 163840 c:\windows\system32\ieakui.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 267776 c:\windows\system32\ieaksie.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 160256 c:\windows\system32\ieakeng.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 135168 c:\windows\system32\IEAdvpack.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 282112 c:\windows\system32\dxtrans.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 452608 c:\windows\system32\dxtmsft.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 625152 c:\windows\system32\dxgi.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 900480 c:\windows\system32\drivers\dxgkrnl.sys

- 2010-10-11 04:00 . 2009-09-25 01:32 566272 c:\windows\system32\d3d10level9.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 566272 c:\windows\system32\d3d10level9.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 287232 c:\windows\system32\d3d10core.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 327680 c:\windows\system32\d3d10_1core.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 196096 c:\windows\system32\d3d10_1.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 834048 c:\windows\system32\d2d1.dll

- 2009-09-20 23:34 . 2011-11-14 04:24 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-09-20 23:34 . 2011-11-18 03:42 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-09-06 23:05 . 2011-11-14 04:21 491520 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-09-06 23:05 . 2011-11-18 03:42 491520 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-11-18 03:35 . 2011-11-18 03:35 136192 c:\windows\system32\advpack.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 114176 c:\windows\system32\admparse.dll

- 2010-10-15 00:11 . 2010-10-26 22:43 752644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-10-15 00:11 . 2011-11-18 03:57 752644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2010-10-11 04:00 . 2009-09-25 01:49 1554432 c:\windows\SysWOW64\xpsservices.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 1554432 c:\windows\SysWOW64\xpsservices.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 1126912 c:\windows\SysWOW64\wininet.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 1102848 c:\windows\SysWOW64\urlmon.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 1075712 c:\windows\SysWOW64\shdocvw.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 2873344 c:\windows\SysWOW64\mf.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 1798144 c:\windows\SysWOW64\jscript9.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 1791488 c:\windows\SysWOW64\iertutil.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 9704960 c:\windows\SysWOW64\ieframe.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 3695416 c:\windows\SysWOW64\ieapfltr.dat

+ 2011-11-18 03:30 . 2011-11-18 03:30 1068544 c:\windows\SysWOW64\DWrite.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 1172480 c:\windows\SysWOW64\d3d10warp.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 1029120 c:\windows\SysWOW64\d3d10.dll

- 2010-10-11 04:00 . 2009-09-25 02:00 3068416 c:\windows\system32\xpsservices.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 3068416 c:\windows\system32\xpsservices.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 1653760 c:\windows\system32\XpsPrint.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 1389056 c:\windows\system32\wininet.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 1344512 c:\windows\system32\urlmon.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 1204224 c:\windows\system32\shdocvw.dll

- 2010-10-11 04:00 . 2009-09-16 23:49 1032192 c:\windows\system32\printfilterpipelinesvc.exe

+ 2011-11-18 03:30 . 2011-11-18 03:30 1032192 c:\windows\system32\printfilterpipelinesvc.exe

+ 2011-11-18 03:30 . 2011-11-18 03:30 1461760 c:\windows\system32\OpcServices.dll

- 2010-10-11 04:00 . 2009-09-25 01:40 1461760 c:\windows\system32\OpcServices.dll

- 2010-10-11 04:02 . 2010-08-17 23:56 1257984 c:\windows\system32\MFH264Dec.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 1257984 c:\windows\system32\MFH264Dec.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 3548672 c:\windows\system32\mf.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 2309120 c:\windows\system32\jscript9.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 2143744 c:\windows\system32\iertutil.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 3695416 c:\windows\system32\ieapfltr.dat

+ 2011-11-18 03:30 . 2011-11-18 03:30 1147904 c:\windows\system32\FntCache.dll

- 2010-10-11 04:02 . 2010-08-17 23:51 1147904 c:\windows\system32\FntCache.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 1555968 c:\windows\system32\DWrite.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 2002944 c:\windows\system32\d3d10warp.dll

+ 2011-11-18 03:30 . 2011-11-18 03:30 1268224 c:\windows\system32\d3d10.dll

- 2009-09-06 23:05 . 2011-11-14 04:27 6176768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-09-06 23:05 . 2011-11-18 03:42 6176768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-09-06 23:05 . 2011-11-18 03:42 4374528 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-09-06 23:05 . 2011-11-14 04:27 4374528 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2006-11-02 15:22 . 2011-01-12 11:00 4537193 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat

+ 2006-11-02 15:22 . 2011-11-18 03:39 4537193 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat

+ 2009-04-28 09:53 . 2011-11-18 03:57 3491936 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2009-04-28 09:53 . 2011-11-14 04:48 3491936 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2010-10-15 00:11 . 2011-11-18 03:57 8449816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2382803881-993425058-3415998572-1000-8192.dat

+ 2011-11-18 03:35 . 2011-11-18 03:35 12275200 c:\windows\SysWOW64\mshtml.dll

+ 2006-11-02 12:33 . 2011-11-18 03:58 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat

- 2006-11-02 12:33 . 2011-11-13 04:18 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2011-11-18 03:35 . 2011-11-18 03:35 17781760 c:\windows\system32\mshtml.dll

+ 2011-11-18 03:35 . 2011-11-18 03:35 10886144 c:\windows\system32\ieframe.dll

+ 2011-11-18 03:50 . 2011-11-18 03:50 10956800 c:\windows\ERDNT\Hiv-backup\schema.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]

"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]

"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-10 1328424]

"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-10 185640]

"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 gupdate1ca8fabaf33d630;Google Update Service (gupdate1ca8fabaf33d630);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 133104]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 133104]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 15:11]

.

2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 15:11]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 154648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 227352]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 202264]

"SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [bU]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\lgc4x2qq.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Coupons.com Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{37153479-1976-43c3-a1ee-557513977b64} - (no file)

WebBrowser-{37153479-1976-43C3-A1EE-557513977B64} - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

.

**************************************************************************

.

Completion time: 2011-11-17 20:05:41 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-18 04:05

ComboFix2.txt 2011-11-18 02:52

ComboFix3.txt 2011-11-14 04:57

.

Pre-Run: 465,383,206,912 bytes free

Post-Run: 465,274,146,816 bytes free

.

- - End Of File - - CAB961F3C6BD500574D375485C41D3BA

Share this post


Link to post
Share on other sites

Previously, we have some more work here and having to work a finish will move to another problem.

Manually delete your copy of ComboFix, download a new fresh one and then:

Open Notepad and copy and paste the text in the code box below into it:

Folder::
c:\program files (x86)\Conduit
c:\users\Home\AppData\Local\Conduit

FireFox::
FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\lgc4x2qq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Coupons.com Customized Web Search

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

In your next post here, please include ComboFix.txt .

Share this post


Link to post
Share on other sites

ComboFix 11-11-18.02 - Home 11/18/2011 18:31:57.4.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4311 [GMT -8:00]

Running from: c:\users\Home\Desktop\ComboFix.exe

Command switches used :: c:\users\Home\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Conduit

c:\program files (x86)\Conduit\Community Alerts\Alert.dll

c:\users\Home\AppData\Local\Conduit

.

.

((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))

.

.

2011-11-19 02:38 . 2011-11-19 02:38 -------- d-----w- c:\users\Home\AppData\Local\temp

2011-11-19 02:38 . 2011-11-19 02:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-18 05:49 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DBAF0C29-DC35-4981-AC4B-1762690059A6}\mpengine.dll

2011-11-18 03:30 . 2011-11-18 03:30 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll

2011-11-18 03:06 . 2011-11-18 03:09 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite

2011-11-15 18:26 . 2011-11-15 18:26 -------- d-----w- c:\users\AppData

2011-11-10 04:55 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-10 04:54 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-11-10 04:54 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll

2011-11-10 04:54 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll

2011-11-10 04:08 . 2011-11-10 04:18 -------- d-----w- c:\users\Home\AppData\Local\PMB Files

2011-11-10 03:06 . 2011-11-10 03:06 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\TEXTBOX.JS

2011-11-10 03:06 . 2011-11-10 03:06 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\TILEBOX.JS

2011-11-10 03:06 . 2011-11-10 03:06 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\SAVEDUSER.JS

2011-11-10 03:06 . 2011-11-10 03:06 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\UICORE.JS

2011-11-10 03:06 . 2011-11-10 03:06 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\USERTILE.JS

2011-11-10 03:06 . 2011-11-10 03:06 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\TEXT.JS

2011-11-10 03:06 . 2011-11-10 03:06 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\UIRESOURCE.JS

2011-11-10 03:06 . 2011-11-10 03:06 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\QUERYSTRING.JS

2011-11-10 03:06 . 2011-11-10 03:06 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\NEWUSERCOMM.JS

2011-11-10 03:06 . 2011-11-10 03:06 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\LOCALIZATION.JS

2011-11-10 03:06 . 2011-11-10 03:06 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\IMAGE.JS

2011-11-10 03:06 . 2011-11-10 03:06 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\LINK.JS

2011-11-10 03:05 . 2011-11-10 03:05 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\EXTERNALWRAPPER.JS

2011-11-10 03:05 . 2011-11-10 03:05 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\DIVWRAPPER.JS

2011-11-10 03:05 . 2011-11-10 03:05 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\COMBOBOX.JS

2011-11-10 03:05 . 2011-11-10 03:05 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\CHECKBOX.JS

2011-11-10 03:05 . 2011-11-10 03:05 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\BUTTON.JS

2011-11-09 04:00 . 2011-11-18 03:08 -------- d-----w- c:\users\Home\AppData\Local\ID Vault

2011-11-09 04:00 . 2011-11-09 04:00 -------- d-----w- c:\programdata\IsolatedStorage

2011-11-09 04:00 . 2011-11-18 03:08 -------- d-----w- c:\users\Home\AppData\Roaming\ID Vault

2011-11-09 03:58 . 2011-11-09 03:58 -------- d-----w- c:\programdata\White Sky, Inc

2011-10-28 02:35 . 2011-11-10 04:26 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2011-10-27 00:29 . 2011-10-27 00:29 -------- d-----w- c:\windows\system32\Macromed

2011-10-26 23:12 . 2011-11-10 04:26 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-10 03:43 . 2011-06-24 01:23 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-03 13:06 . 2010-09-30 23:43 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-09-06 13:56 . 2011-10-12 03:06 2764288 ----a-w- c:\windows\system32\win32k.sys

2011-09-01 00:00 . 2011-10-18 01:26 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-25 16:20 . 2011-10-12 03:05 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-08-25 16:19 . 2011-10-12 03:05 332288 ----a-w- c:\windows\system32\oleacc.dll

2011-08-25 16:19 . 2011-10-12 03:05 847360 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-25 16:15 . 2011-10-12 03:05 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll

2011-08-25 16:14 . 2011-10-12 03:05 238080 ----a-w- c:\windows\SysWow64\oleacc.dll

2011-08-25 16:14 . 2011-10-12 03:05 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-08-25 13:54 . 2011-10-12 03:05 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2011-08-25 13:31 . 2011-10-12 03:05 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2011-11-18_03.59.49 )))))))))))))))))))))))))))))))))))))))))

.

+ 2006-11-02 15:45 . 2011-11-18 23:39 75996 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-09-06 23:06 . 2011-11-18 23:39 7028 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2382803881-993425058-3415998572-1000_UserData.bin

- 2011-11-18 03:59 . 2011-11-18 03:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-11-18 03:59 . 2011-11-18 23:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-11-18 03:59 . 2011-11-18 03:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-11-18 03:59 . 2011-11-18 23:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2006-11-02 12:46 . 2011-11-18 23:43 663486 c:\windows\system32\perfh009.dat

- 2006-11-02 12:46 . 2011-11-18 03:45 663486 c:\windows\system32\perfh009.dat

+ 2006-11-02 12:46 . 2011-11-18 23:43 128906 c:\windows\system32\perfc009.dat

- 2006-11-02 12:46 . 2011-11-18 03:45 128906 c:\windows\system32\perfc009.dat

+ 2009-09-20 23:34 . 2011-11-18 23:40 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-09-20 23:34 . 2011-11-18 03:42 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-09-06 23:05 . 2011-11-18 23:40 491520 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-09-06 23:05 . 2011-11-18 03:42 491520 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-09-06 23:05 . 2011-11-18 03:42 6176768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-09-06 23:05 . 2011-11-18 23:40 6176768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-09-06 23:05 . 2011-11-18 23:40 4374528 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-09-06 23:05 . 2011-11-18 03:42 4374528 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]

"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]

"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-10 1328424]

"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-10 185640]

"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 gupdate1ca8fabaf33d630;Google Update Service (gupdate1ca8fabaf33d630);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 133104]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 133104]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 15:11]

.

2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 15:11]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 154648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 227352]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 202264]

"SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [bU]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\lgc4x2qq.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Completion time: 2011-11-18 18:40:20

ComboFix-quarantined-files.txt 2011-11-19 02:40

ComboFix2.txt 2011-11-18 04:05

ComboFix3.txt 2011-11-18 02:52

ComboFix4.txt 2011-11-14 04:57

.

Pre-Run: 465,791,361,024 bytes free

Post-Run: 465,783,963,648 bytes free

.

- - End Of File - - 43C9844E2FBAFB26D1F66F2E47B4CCED

Share this post


Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

  1. Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
  2. Tick the box next to YES, I accept the Terms of Use
  3. Click Start
  4. When asked, allow the ActiveX control to install
  5. Click Start
  6. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  7. Click Scan (This scan can take several hours, so please be patient)
  8. Once the scan is completed, you may close the window
  9. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  10. Copy and paste that log as a reply to this topic

In your next reply, please post the following log files:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Share this post


Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8212

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

11/21/2011 6:19:22 PM

mbam-log-2011-11-21 (18-19-22).txt

Scan type: Quick scan

Objects scanned: 190172

Time elapsed: 2 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

Share this post


Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - delete file error:Access is denied.

OnlineScanner.ocx - copy file error :The process cannot access the file because it is being used by another process.

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

Share this post


Link to post
Share on other sites

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and attach to your next post

Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

AVPAnalysis.gif

On completion click the link to locate the zip file to upload and attach to your next post

AVPZiplocation.gif

Share this post


Link to post
Share on other sites

Status: Deleted (events: 5)

11/30/2011 8:32:23 PM Deleted Trojan program Trojan-Downloader.Win32.Agent.gyal C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\000000cf.@.vir High

11/30/2011 8:32:24 PM Deleted Trojan program Backdoor.Win64.ZAccess.n C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\80000000.@.vir High

11/30/2011 8:32:24 PM Deleted Trojan program Backdoor.Win64.ZAccess.o C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\800000c0.@.vir High

11/30/2011 8:37:39 PM Deleted Trojan program Backdoor.Win32.ZAccess.aty C:\Windows\assembly\GAC_32\Desktop.ini High

11/30/2011 8:42:57 PM Deleted Trojan program Backdoor.Win64.ZAccess.s C:\Windows\System32\consrv.dll High

avptool_sysinfo.zip

Share this post


Link to post
Share on other sites

Everything seems to be going good now. The only thing I notice is that a lot of my files at folders are still set as hidden files. You can see what I am talking about in the attached screen shot. It is not isolated to just the desktop. Should I just manually change the properties of them back to not hidden?

post-99499-0-25824700-1322883990.png

Share this post


Link to post
Share on other sites

Yep everything seems to be working great. What would you recommend I do to keep this from happening again?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.