brecko8700
Members-
Posts
14 -
Joined
-
Last visited
Reputation
0 Neutral-
Will do,thanks again
-
Yep everything seems to be working great. What would you recommend I do to keep this from happening again?
-
That worked perfect. Thank you for your help.
-
Everything seems to be going good now. The only thing I notice is that a lot of my files at folders are still set as hidden files. You can see what I am talking about in the attached screen shot. It is not isolated to just the desktop. Should I just manually change the properties of them back to not hidden?
-
Status: Deleted (events: 5) 11/30/2011 8:32:23 PM Deleted Trojan program Trojan-Downloader.Win32.Agent.gyal C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\000000cf.@.vir High 11/30/2011 8:32:24 PM Deleted Trojan program Backdoor.Win64.ZAccess.n C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\80000000.@.vir High 11/30/2011 8:32:24 PM Deleted Trojan program Backdoor.Win64.ZAccess.o C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\800000c0.@.vir High 11/30/2011 8:37:39 PM Deleted Trojan program Backdoor.Win32.ZAccess.aty C:\Windows\assembly\GAC_32\Desktop.ini High 11/30/2011 8:42:57 PM Deleted Trojan program Backdoor.Win64.ZAccess.s C:\Windows\System32\consrv.dll High avptool_sysinfo.zip
-
ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - delete file error:Access is denied. OnlineScanner.ocx - copy file error :The process cannot access the file because it is being used by another process. OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK
-
Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8212 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 11/21/2011 6:19:22 PM mbam-log-2011-11-21 (18-19-22).txt Scan type: Quick scan Objects scanned: 190172 Time elapsed: 2 minute(s), 35 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=53251
-
ComboFix 11-11-18.02 - Home 11/18/2011 18:31:57.4.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4311 [GMT -8:00] Running from: c:\users\Home\Desktop\ComboFix.exe Command switches used :: c:\users\Home\Desktop\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Conduit c:\program files (x86)\Conduit\Community Alerts\Alert.dll c:\users\Home\AppData\Local\Conduit . . ((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 ))))))))))))))))))))))))))))))) . . 2011-11-19 02:38 . 2011-11-19 02:38 -------- d-----w- c:\users\Home\AppData\Local\temp 2011-11-19 02:38 . 2011-11-19 02:38 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-18 05:49 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DBAF0C29-DC35-4981-AC4B-1762690059A6}\mpengine.dll 2011-11-18 03:30 . 2011-11-18 03:30 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll 2011-11-18 03:06 . 2011-11-18 03:09 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite 2011-11-15 18:26 . 2011-11-15 18:26 -------- d-----w- c:\users\AppData 2011-11-10 04:55 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-10 04:54 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-10 04:54 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll 2011-11-10 04:54 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-10 04:08 . 2011-11-10 04:18 -------- d-----w- c:\users\Home\AppData\Local\PMB Files 2011-11-10 03:06 . 2011-11-10 03:06 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\TEXTBOX.JS 2011-11-10 03:06 . 2011-11-10 03:06 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\TILEBOX.JS 2011-11-10 03:06 . 2011-11-10 03:06 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\SAVEDUSER.JS 2011-11-10 03:06 . 2011-11-10 03:06 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\UICORE.JS 2011-11-10 03:06 . 2011-11-10 03:06 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\USERTILE.JS 2011-11-10 03:06 . 2011-11-10 03:06 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\TEXT.JS 2011-11-10 03:06 . 2011-11-10 03:06 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\UIRESOURCE.JS 2011-11-10 03:06 . 2011-11-10 03:06 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\QUERYSTRING.JS 2011-11-10 03:06 . 2011-11-10 03:06 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\NEWUSERCOMM.JS 2011-11-10 03:06 . 2011-11-10 03:06 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\LOCALIZATION.JS 2011-11-10 03:06 . 2011-11-10 03:06 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\IMAGE.JS 2011-11-10 03:06 . 2011-11-10 03:06 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\LINK.JS 2011-11-10 03:05 . 2011-11-10 03:05 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\EXTERNALWRAPPER.JS 2011-11-10 03:05 . 2011-11-10 03:05 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\DIVWRAPPER.JS 2011-11-10 03:05 . 2011-11-10 03:05 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\COMBOBOX.JS 2011-11-10 03:05 . 2011-11-10 03:05 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\CHECKBOX.JS 2011-11-10 03:05 . 2011-11-10 03:05 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\BUTTON.JS 2011-11-09 04:00 . 2011-11-18 03:08 -------- d-----w- c:\users\Home\AppData\Local\ID Vault 2011-11-09 04:00 . 2011-11-09 04:00 -------- d-----w- c:\programdata\IsolatedStorage 2011-11-09 04:00 . 2011-11-18 03:08 -------- d-----w- c:\users\Home\AppData\Roaming\ID Vault 2011-11-09 03:58 . 2011-11-09 03:58 -------- d-----w- c:\programdata\White Sky, Inc 2011-10-28 02:35 . 2011-11-10 04:26 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2011-10-27 00:29 . 2011-10-27 00:29 -------- d-----w- c:\windows\system32\Macromed 2011-10-26 23:12 . 2011-11-10 04:26 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-10 03:43 . 2011-06-24 01:23 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-03 13:06 . 2010-09-30 23:43 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-09-06 13:56 . 2011-10-12 03:06 2764288 ----a-w- c:\windows\system32\win32k.sys 2011-09-01 00:00 . 2011-10-18 01:26 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-25 16:20 . 2011-10-12 03:05 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll 2011-08-25 16:19 . 2011-10-12 03:05 332288 ----a-w- c:\windows\system32\oleacc.dll 2011-08-25 16:19 . 2011-10-12 03:05 847360 ----a-w- c:\windows\system32\oleaut32.dll 2011-08-25 16:15 . 2011-10-12 03:05 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll 2011-08-25 16:14 . 2011-10-12 03:05 238080 ----a-w- c:\windows\SysWow64\oleacc.dll 2011-08-25 16:14 . 2011-10-12 03:05 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-08-25 13:54 . 2011-10-12 03:05 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2011-08-25 13:31 . 2011-10-12 03:05 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll . . ((((((((((((((((((((((((((((( SnapShot_2011-11-18_03.59.49 ))))))))))))))))))))))))))))))))))))))))) . + 2006-11-02 15:45 . 2011-11-18 23:39 75996 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-09-06 23:06 . 2011-11-18 23:39 7028 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2382803881-993425058-3415998572-1000_UserData.bin - 2011-11-18 03:59 . 2011-11-18 03:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-11-18 03:59 . 2011-11-18 23:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-11-18 03:59 . 2011-11-18 03:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-11-18 03:59 . 2011-11-18 23:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2006-11-02 12:46 . 2011-11-18 23:43 663486 c:\windows\system32\perfh009.dat - 2006-11-02 12:46 . 2011-11-18 03:45 663486 c:\windows\system32\perfh009.dat + 2006-11-02 12:46 . 2011-11-18 23:43 128906 c:\windows\system32\perfc009.dat - 2006-11-02 12:46 . 2011-11-18 03:45 128906 c:\windows\system32\perfc009.dat + 2009-09-20 23:34 . 2011-11-18 23:40 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-09-20 23:34 . 2011-11-18 03:42 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-09-06 23:05 . 2011-11-18 23:40 491520 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-09-06 23:05 . 2011-11-18 03:42 491520 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-09-06 23:05 . 2011-11-18 03:42 6176768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-09-06 23:05 . 2011-11-18 23:40 6176768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-09-06 23:05 . 2011-11-18 23:40 4374528 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-09-06 23:05 . 2011-11-18 03:42 4374528 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016] "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216] "TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-10 1328424] "CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-10 185640] "DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . R2 gupdate1ca8fabaf33d630;Google Update Service (gupdate1ca8fabaf33d630);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 133104] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 133104] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 15:11] . 2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 15:11] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 154648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 227352] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 202264] "SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [bU] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\lgc4x2qq.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} . - - - - ORPHANS REMOVED - - - - . ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2011-11-18 18:40:20 ComboFix-quarantined-files.txt 2011-11-19 02:40 ComboFix2.txt 2011-11-18 04:05 ComboFix3.txt 2011-11-18 02:52 ComboFix4.txt 2011-11-14 04:57 . Pre-Run: 465,791,361,024 bytes free Post-Run: 465,783,963,648 bytes free . - - End Of File - - 43C9844E2FBAFB26D1F66F2E47B4CCED
-
Performed the last step, computer works good, windows firewall works now, and no more problems with redirecting. Thank you for your help! There is one other issue still. When this all first happened, a ton of the files on my computer were changed to hidden files. They still are hidden, and show up as being transparent. Any idea on how to get them all changed back to non-hidden files, or should I start doing it manually? Here's the log file: ComboFix 11-11-17.03 - Home 11/17/2011 19:51:18.3.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4344 [GMT -8:00] Running from: c:\users\Home\Desktop\ComboFix.exe Command switches used :: c:\users\Home\Desktop\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . J:\Autorun.inf J:\Setup.exe . . ((((((((((((((((((((((((( Files Created from 2011-10-18 to 2011-11-18 ))))))))))))))))))))))))))))))) . . 2011-11-18 03:57 . 2011-11-18 03:57 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-18 03:30 . 2011-11-18 03:30 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll 2011-11-18 03:06 . 2011-11-18 03:09 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite 2011-11-15 18:58 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B5DD244-81F2-4566-9F36-86CAA1F3F8AA}\mpengine.dll 2011-11-15 18:26 . 2011-11-15 18:26 -------- d-----w- c:\users\AppData 2011-11-15 18:26 . 2011-11-15 18:26 -------- d-----w- c:\program files (x86)\Conduit 2011-11-15 18:26 . 2011-11-18 03:13 -------- d-----w- c:\users\Home\AppData\Local\Conduit 2011-11-10 04:55 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-10 04:54 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-10 04:54 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll 2011-11-10 04:54 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-10 04:08 . 2011-11-10 04:18 -------- d-----w- c:\users\Home\AppData\Local\PMB Files 2011-11-10 03:06 . 2011-11-10 03:06 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\TEXTBOX.JS 2011-11-10 03:06 . 2011-11-10 03:06 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\TILEBOX.JS 2011-11-10 03:06 . 2011-11-10 03:06 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\SAVEDUSER.JS 2011-11-10 03:06 . 2011-11-10 03:06 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\UICORE.JS 2011-11-10 03:06 . 2011-11-10 03:06 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\USERTILE.JS 2011-11-10 03:06 . 2011-11-10 03:06 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\TEXT.JS 2011-11-10 03:06 . 2011-11-10 03:06 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\UIRESOURCE.JS 2011-11-10 03:06 . 2011-11-10 03:06 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\QUERYSTRING.JS 2011-11-10 03:06 . 2011-11-10 03:06 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\NEWUSERCOMM.JS 2011-11-10 03:06 . 2011-11-10 03:06 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\LOCALIZATION.JS 2011-11-10 03:06 . 2011-11-10 03:06 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\IMAGE.JS 2011-11-10 03:06 . 2011-11-10 03:06 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\LINK.JS 2011-11-10 03:05 . 2011-11-10 03:05 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\EXTERNALWRAPPER.JS 2011-11-10 03:05 . 2011-11-10 03:05 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\DIVWRAPPER.JS 2011-11-10 03:05 . 2011-11-10 03:05 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\COMBOBOX.JS 2011-11-10 03:05 . 2011-11-10 03:05 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\CHECKBOX.JS 2011-11-10 03:05 . 2011-11-10 03:05 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\BUTTON.JS 2011-11-09 04:00 . 2011-11-18 03:08 -------- d-----w- c:\users\Home\AppData\Local\ID Vault 2011-11-09 04:00 . 2011-11-09 04:00 -------- d-----w- c:\programdata\IsolatedStorage 2011-11-09 04:00 . 2011-11-18 03:08 -------- d-----w- c:\users\Home\AppData\Roaming\ID Vault 2011-11-09 03:58 . 2011-11-09 03:58 -------- d-----w- c:\programdata\White Sky, Inc 2011-10-28 02:35 . 2011-11-10 04:26 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2011-10-27 00:29 . 2011-10-27 00:29 -------- d-----w- c:\windows\system32\Macromed 2011-10-26 23:12 . 2011-11-10 04:26 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-10 03:43 . 2011-06-24 01:23 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-03 13:06 . 2010-09-30 23:43 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-09-06 13:56 . 2011-10-12 03:06 2764288 ----a-w- c:\windows\system32\win32k.sys 2011-09-01 00:00 . 2011-10-18 01:26 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-25 16:20 . 2011-10-12 03:05 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll 2011-08-25 16:19 . 2011-10-12 03:05 332288 ----a-w- c:\windows\system32\oleacc.dll 2011-08-25 16:19 . 2011-10-12 03:05 847360 ----a-w- c:\windows\system32\oleaut32.dll 2011-08-25 16:15 . 2011-10-12 03:05 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll 2011-08-25 16:14 . 2011-10-12 03:05 238080 ----a-w- c:\windows\SysWow64\oleacc.dll 2011-08-25 16:14 . 2011-10-12 03:05 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-08-25 13:54 . 2011-10-12 03:05 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2011-08-25 13:31 . 2011-10-12 03:05 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-11-14_04.50.52 ))))))))))))))))))))))))))))))))))))))))) . + 2011-11-18 03:35 . 2011-11-18 03:35 76800 c:\windows\SysWOW64\SetIEInstalledDate.exe + 2011-11-18 03:35 . 2011-11-18 03:35 74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe + 2011-11-18 03:35 . 2011-11-18 03:35 54272 c:\windows\SysWOW64\pngfilt.dll + 2011-11-18 03:35 . 2011-11-18 03:35 48640 c:\windows\SysWOW64\mshtmler.dll + 2011-11-18 03:35 . 2011-11-18 03:35 72704 c:\windows\SysWOW64\mshtmled.dll + 2011-11-18 03:35 . 2011-11-18 03:35 11776 c:\windows\SysWOW64\mshta.exe + 2011-11-18 03:35 . 2011-11-18 03:35 10752 c:\windows\SysWOW64\msfeedssync.exe + 2011-11-18 03:35 . 2011-11-18 03:35 41472 c:\windows\SysWOW64\msfeedsbs.dll + 2011-11-18 03:35 . 2011-11-18 03:35 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll + 2011-11-18 03:30 . 2011-11-18 03:30 98816 c:\windows\SysWOW64\mfps.dll - 2009-09-09 23:55 . 2009-04-11 06:28 98816 c:\windows\SysWOW64\mfps.dll + 2011-11-18 03:35 . 2011-11-18 03:35 23552 c:\windows\SysWOW64\licmgr10.dll + 2011-11-18 03:35 . 2011-11-18 03:35 65024 c:\windows\SysWOW64\jsproxy.dll + 2011-11-18 03:35 . 2011-11-18 03:35 78848 c:\windows\SysWOW64\inseng.dll + 2011-11-18 03:35 . 2011-11-18 03:35 35840 c:\windows\SysWOW64\imgutil.dll + 2011-11-18 03:35 . 2011-11-18 03:35 86528 c:\windows\SysWOW64\iesysprep.dll + 2011-11-18 03:35 . 2011-11-18 03:35 74752 c:\windows\SysWOW64\iesetup.dll + 2011-11-18 03:35 . 2011-11-18 03:35 31744 c:\windows\SysWOW64\iernonce.dll + 2011-11-18 03:35 . 2011-11-18 03:35 74240 c:\windows\SysWOW64\ie4uinit.exe + 2011-11-18 03:35 . 2011-11-18 03:35 66048 c:\windows\SysWOW64\icardie.dll + 2011-10-20 16:10 . 2011-11-18 03:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2011-10-20 16:10 . 2011-10-27 16:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2008-01-21 03:20 . 2011-11-10 03:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-01-21 03:20 . 2011-11-18 03:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-01-21 03:20 . 2011-11-10 03:40 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-01-21 03:20 . 2011-11-18 03:07 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-01-21 03:20 . 2011-11-10 03:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-01-21 03:20 . 2011-11-18 03:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-01-21 02:23 . 2011-11-18 04:01 49230 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 15:45 . 2011-11-18 04:01 75988 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2011-11-18 03:35 . 2011-11-18 03:35 91648 c:\windows\system32\SetIEInstalledDate.exe + 2011-11-18 03:35 . 2011-11-18 03:35 89088 c:\windows\system32\RegisterIEPKEYs.exe + 2011-11-18 03:30 . 2011-11-18 03:30 35840 c:\windows\system32\printfilterpipelineprxy.dll - 2010-10-11 04:00 . 2009-09-16 23:49 35840 c:\windows\system32\printfilterpipelineprxy.dll + 2011-11-18 03:35 . 2011-11-18 03:35 65024 c:\windows\system32\pngfilt.dll + 2011-11-18 03:35 . 2011-11-18 03:35 48640 c:\windows\system32\mshtmler.dll + 2011-11-18 03:35 . 2011-11-18 03:35 96256 c:\windows\system32\mshtmled.dll + 2011-11-18 03:35 . 2011-11-18 03:35 12288 c:\windows\system32\mshta.exe + 2011-11-18 03:35 . 2011-11-18 03:35 10752 c:\windows\system32\msfeedssync.exe + 2011-11-18 03:35 . 2011-11-18 03:35 55296 c:\windows\system32\msfeedsbs.dll + 2011-11-18 03:35 . 2011-11-18 03:35 86528 c:\windows\system32\migration\WininetPlugin.dll - 2009-09-09 23:55 . 2009-04-11 07:10 34304 c:\windows\system32\mfpmp.exe + 2011-11-18 03:30 . 2011-11-18 03:30 34304 c:\windows\system32\mfpmp.exe + 2011-11-18 03:35 . 2011-11-18 03:35 30720 c:\windows\system32\licmgr10.dll + 2011-11-18 03:35 . 2011-11-18 03:35 85504 c:\windows\system32\jsproxy.dll + 2011-11-18 03:35 . 2011-11-18 03:35 49664 c:\windows\system32\imgutil.dll + 2011-11-18 03:35 . 2011-11-18 03:35 85504 c:\windows\system32\iesetup.dll + 2011-11-18 03:35 . 2011-11-18 03:35 39936 c:\windows\system32\iernonce.dll + 2011-11-18 03:35 . 2011-11-18 03:35 89088 c:\windows\system32\ie4uinit.exe + 2011-11-18 03:35 . 2011-11-18 03:35 82432 c:\windows\system32\icardie.dll + 2011-11-18 03:30 . 2011-11-18 03:30 47104 c:\windows\system32\cdd.dll + 2009-10-12 04:41 . 2011-11-18 03:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-10-12 04:41 . 2011-11-02 20:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-10-12 04:41 . 2011-11-02 20:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-10-12 04:41 . 2011-11-18 03:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-10-12 04:41 . 2011-11-02 20:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-10-12 04:41 . 2011-11-18 03:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-09-20 23:13 . 2011-11-18 03:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-09-20 23:13 . 2011-11-14 04:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-09-20 23:13 . 2011-11-14 04:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-09-20 23:13 . 2011-11-18 03:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-12-06 17:28 . 2011-11-18 03:09 5164 c:\windows\system32\WDI\ERCQueuedResolutions.dat + 2009-09-06 23:06 . 2011-11-18 04:01 6812 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2382803881-993425058-3415998572-1000_UserData.bin + 2011-11-18 03:59 . 2011-11-18 03:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-11-14 04:50 . 2011-11-14 04:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-11-18 03:59 . 2011-11-18 03:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-11-14 04:50 . 2011-11-14 04:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2010-10-11 04:02 . 2010-08-17 23:54 135680 c:\windows\SysWOW64\XpsRasterService.dll + 2011-11-18 03:30 . 2011-11-18 03:30 135680 c:\windows\SysWOW64\XpsRasterService.dll + 2011-11-18 03:30 . 2011-11-18 03:30 876032 c:\windows\SysWOW64\XpsPrint.dll + 2011-11-18 03:30 . 2011-11-18 03:30 288768 c:\windows\SysWOW64\XpsGdiConverter.dll + 2011-11-18 03:30 . 2011-11-18 03:30 258048 c:\windows\SysWOW64\winspool.drv - 2010-10-11 04:00 . 2009-09-24 22:54 258048 c:\windows\SysWOW64\winspool.drv + 2011-11-18 03:35 . 2011-11-18 03:35 152064 c:\windows\SysWOW64\wextract.exe + 2011-11-18 03:35 . 2011-11-18 03:35 203776 c:\windows\SysWOW64\webcheck.dll + 2011-11-18 03:35 . 2011-11-18 03:35 420864 c:\windows\SysWOW64\vbscript.dll - 2011-04-13 19:34 . 2011-02-17 06:23 420864 c:\windows\SysWOW64\vbscript.dll + 2011-11-18 03:35 . 2011-11-18 03:35 231936 c:\windows\SysWOW64\url.dll + 2011-11-18 03:30 . 2011-11-18 03:30 586240 c:\windows\SysWOW64\stobject.dll + 2011-11-18 03:30 . 2011-11-18 03:30 847360 c:\windows\SysWOW64\OpcServices.dll - 2010-10-11 04:00 . 2009-09-25 01:38 847360 c:\windows\SysWOW64\OpcServices.dll + 2011-11-18 03:35 . 2011-11-18 03:35 123392 c:\windows\SysWOW64\occache.dll + 2011-11-18 03:35 . 2011-11-18 03:35 162304 c:\windows\SysWOW64\msrating.dll + 2011-11-18 03:35 . 2011-11-18 03:35 161792 c:\windows\SysWOW64\msls31.dll + 2011-11-18 03:35 . 2011-11-18 03:35 580608 c:\windows\SysWOW64\msfeeds.dll - 2010-10-11 04:02 . 2010-08-17 23:51 261632 c:\windows\SysWOW64\mfreadwrite.dll + 2011-11-18 03:30 . 2011-11-18 03:30 261632 c:\windows\SysWOW64\mfreadwrite.dll + 2011-11-18 03:30 . 2011-11-18 03:30 209920 c:\windows\SysWOW64\mfplat.dll + 2011-11-18 03:30 . 2011-11-18 03:30 302592 c:\windows\SysWOW64\mfmp4src.dll - 2010-10-11 04:02 . 2010-08-17 23:51 302592 c:\windows\SysWOW64\mfmp4src.dll + 2011-11-18 03:30 . 2011-11-18 03:30 357376 c:\windows\SysWOW64\MFHEAACdec.dll - 2010-10-11 04:02 . 2010-08-17 23:51 357376 c:\windows\SysWOW64\MFHEAACdec.dll + 2011-11-18 03:35 . 2011-11-18 03:35 716800 c:\windows\SysWOW64\jscript.dll + 2011-11-18 03:21 . 2011-10-03 13:06 157472 c:\windows\SysWOW64\javaws.exe - 2011-10-17 02:54 . 2011-05-04 11:52 157472 c:\windows\SysWOW64\javaws.exe + 2011-11-18 03:21 . 2011-10-03 13:06 145184 c:\windows\SysWOW64\javaw.exe - 2011-10-17 02:54 . 2011-05-04 11:52 145184 c:\windows\SysWOW64\javaw.exe + 2011-11-18 03:21 . 2011-10-03 13:06 145184 c:\windows\SysWOW64\java.exe - 2011-10-17 02:54 . 2011-05-04 11:52 145184 c:\windows\SysWOW64\java.exe + 2011-11-18 03:35 . 2011-11-18 03:35 150528 c:\windows\SysWOW64\iexpress.exe + 2011-11-18 03:35 . 2011-11-18 03:35 142848 c:\windows\SysWOW64\ieUnatt.exe + 2011-11-18 03:35 . 2011-11-18 03:35 176640 c:\windows\SysWOW64\ieui.dll + 2011-11-18 03:35 . 2011-11-18 03:35 118784 c:\windows\SysWOW64\iepeers.dll + 2011-11-18 03:35 . 2011-11-18 03:35 353584 c:\windows\SysWOW64\iedkcs32.dll + 2011-11-18 03:35 . 2011-11-18 03:35 434176 c:\windows\SysWOW64\ieapfltr.dll + 2011-11-18 03:35 . 2011-11-18 03:35 163840 c:\windows\SysWOW64\ieakui.dll - 2009-09-20 23:27 . 2009-03-08 11:32 163840 c:\windows\SysWOW64\ieakui.dll + 2011-11-18 03:35 . 2011-11-18 03:35 227840 c:\windows\SysWOW64\ieaksie.dll + 2011-11-18 03:35 . 2011-11-18 03:35 130560 c:\windows\SysWOW64\ieakeng.dll + 2011-11-18 03:35 . 2011-11-18 03:35 110592 c:\windows\SysWOW64\IEAdvpack.dll + 2011-11-18 03:35 . 2011-11-18 03:35 223232 c:\windows\SysWOW64\dxtrans.dll + 2011-11-18 03:35 . 2011-11-18 03:35 353792 c:\windows\SysWOW64\dxtmsft.dll + 2011-11-18 03:30 . 2011-11-18 03:30 478720 c:\windows\SysWOW64\dxgi.dll + 2011-11-18 03:30 . 2011-11-18 03:30 486400 c:\windows\SysWOW64\d3d10level9.dll + 2011-11-18 03:30 . 2011-11-18 03:30 189952 c:\windows\SysWOW64\d3d10core.dll - 2010-10-11 04:02 . 2010-08-17 23:48 219648 c:\windows\SysWOW64\d3d10_1core.dll + 2011-11-18 03:30 . 2011-11-18 03:30 219648 c:\windows\SysWOW64\d3d10_1core.dll + 2011-11-18 03:30 . 2011-11-18 03:30 160768 c:\windows\SysWOW64\d3d10_1.dll + 2011-11-18 03:30 . 2011-11-18 03:30 683008 c:\windows\SysWOW64\d2d1.dll + 2011-11-18 03:35 . 2011-11-18 03:35 114176 c:\windows\SysWOW64\advpack.dll + 2011-11-18 03:35 . 2011-11-18 03:35 101888 c:\windows\SysWOW64\admparse.dll + 2011-11-18 03:30 . 2011-11-18 03:30 231936 c:\windows\system32\XpsRasterService.dll - 2010-10-11 04:02 . 2010-08-17 23:58 231936 c:\windows\system32\XpsRasterService.dll + 2011-11-18 03:30 . 2011-11-18 03:30 479744 c:\windows\system32\XpsGdiConverter.dll + 2011-11-18 03:30 . 2011-11-18 03:30 366592 c:\windows\system32\winspool.drv + 2011-11-18 03:35 . 2011-11-18 03:35 160256 c:\windows\system32\wextract.exe + 2011-11-18 03:35 . 2011-11-18 03:35 249344 c:\windows\system32\webcheck.dll + 2009-09-16 21:07 . 2011-11-16 15:11 254388 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2011-11-18 03:35 . 2011-11-18 03:35 603648 c:\windows\system32\vbscript.dll + 2011-11-18 03:35 . 2011-11-18 03:35 237056 c:\windows\system32\url.dll + 2011-11-18 03:30 . 2011-11-18 03:30 748544 c:\windows\system32\stobject.dll - 2009-09-18 10:56 . 2009-04-11 07:11 748544 c:\windows\system32\stobject.dll - 2006-11-02 12:46 . 2011-11-14 04:27 663486 c:\windows\system32\perfh009.dat + 2006-11-02 12:46 . 2011-11-18 03:45 663486 c:\windows\system32\perfh009.dat - 2006-11-02 12:46 . 2011-11-14 04:27 128906 c:\windows\system32\perfc009.dat + 2006-11-02 12:46 . 2011-11-18 03:45 128906 c:\windows\system32\perfc009.dat + 2011-11-18 03:35 . 2011-11-18 03:35 149504 c:\windows\system32\occache.dll + 2011-11-18 03:35 . 2011-11-18 03:35 197120 c:\windows\system32\msrating.dll + 2011-11-18 03:35 . 2011-11-18 03:35 222208 c:\windows\system32\msls31.dll + 2011-11-18 03:35 . 2011-11-18 03:35 697344 c:\windows\system32\msfeeds.dll - 2010-10-11 04:02 . 2010-08-17 23:54 345088 c:\windows\system32\mfreadwrite.dll + 2011-11-18 03:30 . 2011-11-18 03:30 345088 c:\windows\system32\mfreadwrite.dll + 2011-11-18 03:30 . 2011-11-18 03:30 195072 c:\windows\system32\mfps.dll + 2011-11-18 03:30 . 2011-11-18 03:30 278528 c:\windows\system32\mfplat.dll + 2011-11-18 03:30 . 2011-11-18 03:30 377344 c:\windows\system32\mfmp4src.dll - 2010-10-11 04:02 . 2010-08-17 23:55 428544 c:\windows\system32\MFHEAACdec.dll + 2011-11-18 03:30 . 2011-11-18 03:30 428544 c:\windows\system32\MFHEAACdec.dll + 2011-11-18 03:35 . 2011-11-18 03:35 818176 c:\windows\system32\jscript.dll + 2011-11-18 03:35 . 2011-11-18 03:35 103936 c:\windows\system32\inseng.dll + 2011-11-18 03:35 . 2011-11-18 03:35 165888 c:\windows\system32\iexpress.exe + 2011-11-18 03:35 . 2011-11-18 03:35 173056 c:\windows\system32\ieUnatt.exe + 2011-11-18 03:35 . 2011-11-18 03:35 248320 c:\windows\system32\ieui.dll + 2011-11-18 03:35 . 2011-11-18 03:35 111616 c:\windows\system32\iesysprep.dll + 2011-11-18 03:35 . 2011-11-18 03:35 145920 c:\windows\system32\iepeers.dll + 2011-11-18 03:35 . 2011-11-18 03:35 403248 c:\windows\system32\iedkcs32.dll + 2011-11-18 03:35 . 2011-11-18 03:35 534528 c:\windows\system32\ieapfltr.dll - 2009-09-20 23:27 . 2009-03-08 11:39 163840 c:\windows\system32\ieakui.dll + 2011-11-18 03:35 . 2011-11-18 03:35 163840 c:\windows\system32\ieakui.dll + 2011-11-18 03:35 . 2011-11-18 03:35 267776 c:\windows\system32\ieaksie.dll + 2011-11-18 03:35 . 2011-11-18 03:35 160256 c:\windows\system32\ieakeng.dll + 2011-11-18 03:35 . 2011-11-18 03:35 135168 c:\windows\system32\IEAdvpack.dll + 2011-11-18 03:35 . 2011-11-18 03:35 282112 c:\windows\system32\dxtrans.dll + 2011-11-18 03:35 . 2011-11-18 03:35 452608 c:\windows\system32\dxtmsft.dll + 2011-11-18 03:30 . 2011-11-18 03:30 625152 c:\windows\system32\dxgi.dll + 2011-11-18 03:30 . 2011-11-18 03:30 900480 c:\windows\system32\drivers\dxgkrnl.sys - 2010-10-11 04:00 . 2009-09-25 01:32 566272 c:\windows\system32\d3d10level9.dll + 2011-11-18 03:30 . 2011-11-18 03:30 566272 c:\windows\system32\d3d10level9.dll + 2011-11-18 03:30 . 2011-11-18 03:30 287232 c:\windows\system32\d3d10core.dll + 2011-11-18 03:30 . 2011-11-18 03:30 327680 c:\windows\system32\d3d10_1core.dll + 2011-11-18 03:30 . 2011-11-18 03:30 196096 c:\windows\system32\d3d10_1.dll + 2011-11-18 03:30 . 2011-11-18 03:30 834048 c:\windows\system32\d2d1.dll - 2009-09-20 23:34 . 2011-11-14 04:24 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-09-20 23:34 . 2011-11-18 03:42 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-09-06 23:05 . 2011-11-14 04:21 491520 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-09-06 23:05 . 2011-11-18 03:42 491520 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-11-18 03:35 . 2011-11-18 03:35 136192 c:\windows\system32\advpack.dll + 2011-11-18 03:35 . 2011-11-18 03:35 114176 c:\windows\system32\admparse.dll - 2010-10-15 00:11 . 2010-10-26 22:43 752644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-10-15 00:11 . 2011-11-18 03:57 752644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2010-10-11 04:00 . 2009-09-25 01:49 1554432 c:\windows\SysWOW64\xpsservices.dll + 2011-11-18 03:30 . 2011-11-18 03:30 1554432 c:\windows\SysWOW64\xpsservices.dll + 2011-11-18 03:35 . 2011-11-18 03:35 1126912 c:\windows\SysWOW64\wininet.dll + 2011-11-18 03:35 . 2011-11-18 03:35 1102848 c:\windows\SysWOW64\urlmon.dll + 2011-11-18 03:30 . 2011-11-18 03:30 1075712 c:\windows\SysWOW64\shdocvw.dll + 2011-11-18 03:30 . 2011-11-18 03:30 2873344 c:\windows\SysWOW64\mf.dll + 2011-11-18 03:35 . 2011-11-18 03:35 1798144 c:\windows\SysWOW64\jscript9.dll + 2011-11-18 03:35 . 2011-11-18 03:35 1791488 c:\windows\SysWOW64\iertutil.dll + 2011-11-18 03:35 . 2011-11-18 03:35 9704960 c:\windows\SysWOW64\ieframe.dll + 2011-11-18 03:35 . 2011-11-18 03:35 3695416 c:\windows\SysWOW64\ieapfltr.dat + 2011-11-18 03:30 . 2011-11-18 03:30 1068544 c:\windows\SysWOW64\DWrite.dll + 2011-11-18 03:30 . 2011-11-18 03:30 1172480 c:\windows\SysWOW64\d3d10warp.dll + 2011-11-18 03:30 . 2011-11-18 03:30 1029120 c:\windows\SysWOW64\d3d10.dll - 2010-10-11 04:00 . 2009-09-25 02:00 3068416 c:\windows\system32\xpsservices.dll + 2011-11-18 03:30 . 2011-11-18 03:30 3068416 c:\windows\system32\xpsservices.dll + 2011-11-18 03:30 . 2011-11-18 03:30 1653760 c:\windows\system32\XpsPrint.dll + 2011-11-18 03:35 . 2011-11-18 03:35 1389056 c:\windows\system32\wininet.dll + 2011-11-18 03:35 . 2011-11-18 03:35 1344512 c:\windows\system32\urlmon.dll + 2011-11-18 03:30 . 2011-11-18 03:30 1204224 c:\windows\system32\shdocvw.dll - 2010-10-11 04:00 . 2009-09-16 23:49 1032192 c:\windows\system32\printfilterpipelinesvc.exe + 2011-11-18 03:30 . 2011-11-18 03:30 1032192 c:\windows\system32\printfilterpipelinesvc.exe + 2011-11-18 03:30 . 2011-11-18 03:30 1461760 c:\windows\system32\OpcServices.dll - 2010-10-11 04:00 . 2009-09-25 01:40 1461760 c:\windows\system32\OpcServices.dll - 2010-10-11 04:02 . 2010-08-17 23:56 1257984 c:\windows\system32\MFH264Dec.dll + 2011-11-18 03:30 . 2011-11-18 03:30 1257984 c:\windows\system32\MFH264Dec.dll + 2011-11-18 03:30 . 2011-11-18 03:30 3548672 c:\windows\system32\mf.dll + 2011-11-18 03:35 . 2011-11-18 03:35 2309120 c:\windows\system32\jscript9.dll + 2011-11-18 03:35 . 2011-11-18 03:35 2143744 c:\windows\system32\iertutil.dll + 2011-11-18 03:35 . 2011-11-18 03:35 3695416 c:\windows\system32\ieapfltr.dat + 2011-11-18 03:30 . 2011-11-18 03:30 1147904 c:\windows\system32\FntCache.dll - 2010-10-11 04:02 . 2010-08-17 23:51 1147904 c:\windows\system32\FntCache.dll + 2011-11-18 03:30 . 2011-11-18 03:30 1555968 c:\windows\system32\DWrite.dll + 2011-11-18 03:30 . 2011-11-18 03:30 2002944 c:\windows\system32\d3d10warp.dll + 2011-11-18 03:30 . 2011-11-18 03:30 1268224 c:\windows\system32\d3d10.dll - 2009-09-06 23:05 . 2011-11-14 04:27 6176768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-09-06 23:05 . 2011-11-18 03:42 6176768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-09-06 23:05 . 2011-11-18 03:42 4374528 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-09-06 23:05 . 2011-11-14 04:27 4374528 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2006-11-02 15:22 . 2011-01-12 11:00 4537193 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat + 2006-11-02 15:22 . 2011-11-18 03:39 4537193 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat + 2009-04-28 09:53 . 2011-11-18 03:57 3491936 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-04-28 09:53 . 2011-11-14 04:48 3491936 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2010-10-15 00:11 . 2011-11-18 03:57 8449816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2382803881-993425058-3415998572-1000-8192.dat + 2011-11-18 03:35 . 2011-11-18 03:35 12275200 c:\windows\SysWOW64\mshtml.dll + 2006-11-02 12:33 . 2011-11-18 03:58 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat - 2006-11-02 12:33 . 2011-11-13 04:18 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat + 2011-11-18 03:35 . 2011-11-18 03:35 17781760 c:\windows\system32\mshtml.dll + 2011-11-18 03:35 . 2011-11-18 03:35 10886144 c:\windows\system32\ieframe.dll + 2011-11-18 03:50 . 2011-11-18 03:50 10956800 c:\windows\ERDNT\Hiv-backup\schema.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016] "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216] "TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-10 1328424] "CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-10 185640] "DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . R2 gupdate1ca8fabaf33d630;Google Update Service (gupdate1ca8fabaf33d630);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 133104] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 133104] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 15:11] . 2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 15:11] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 154648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 227352] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 202264] "SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [bU] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\lgc4x2qq.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Coupons.com Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{37153479-1976-43c3-a1ee-557513977b64} - (no file) WebBrowser-{37153479-1976-43C3-A1EE-557513977B64} - (no file) ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe . ************************************************************************** . Completion time: 2011-11-17 20:05:41 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-18 04:05 ComboFix2.txt 2011-11-18 02:52 ComboFix3.txt 2011-11-14 04:57 . Pre-Run: 465,383,206,912 bytes free Post-Run: 465,274,146,816 bytes free . - - End Of File - - CAB961F3C6BD500574D375485C41D3BA
-
ComboFix 11-11-13.03 - Home 11/13/2011 20:40:24.1.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4486 [GMT -8:00] Running from: c:\users\Home\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\SelectRebates c:\program files (x86)\SelectRebates\FFToolbar\install.rdf c:\program files (x86)\SelectRebates\SelectRebatesA.dat c:\users\Home\AppData\Roaming\AZqqhYYXwUVeOBz c:\users\Home\AppData\Roaming\AZqqhYYXwUVeOBz\Cloud Protection.ico c:\users\Home\AppData\Roaming\KeellIBrzPyxA c:\users\Home\AppData\Roaming\KeellIBrzPyxA\Cloud Protection.ico c:\users\Home\AppData\Roaming\lD2oonF4pm5sQ7E c:\users\Home\AppData\Roaming\lD2oonF4pm5sQ7E\Cloud Protection.ico c:\users\Home\AppData\Roaming\SddWWK77fR9gTqY c:\users\Home\AppData\Roaming\SddWWK77fR9gTqY\Cloud Protection.ico c:\users\Home\AppData\Roaming\xllOOBtxyc1iD3n c:\users\Home\AppData\Roaming\xllOOBtxyc1iD3n\Cloud Protection.ico c:\users\Home\gotomypc_540.exe c:\windows\assembly\tmp\U c:\windows\assembly\tmp\U\000000c0.@ c:\windows\assembly\tmp\U\000000cb.@ c:\windows\assembly\tmp\U\000000cf.@ c:\windows\assembly\tmp\U\80000000.@ c:\windows\assembly\tmp\U\800000c0.@ c:\windows\assembly\tmp\U\800000cb.@ c:\windows\assembly\tmp\U\800000cf.@ c:\windows\System64 . . ((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 ))))))))))))))))))))))))))))))) . . 2011-11-14 04:48 . 2011-11-14 04:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-12 01:15 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2649D9D-DB71-4623-99A0-8134EA8DDB41}\mpengine.dll 2011-11-10 04:55 . 2011-09-20 21:06 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-10 04:54 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-10 04:54 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll 2011-11-10 04:54 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-10 04:08 . 2011-11-10 04:08 -------- d-----w- c:\users\Home\AppData\Roaming\FONyxA0uv2b3n5Q 2011-11-10 04:08 . 2011-11-10 04:18 -------- d-----w- c:\users\Home\AppData\Local\PMB Files 2011-11-10 04:08 . 2011-11-10 04:08 -------- d-----w- c:\users\Home\AppData\Roaming\dxA1uS2ob3m5Q6W 2011-11-10 04:07 . 2011-11-10 04:13 -------- d-----w- c:\users\Home\AppData\Roaming\LdEK8fRZ9TwUeI 2011-11-10 04:07 . 2011-11-10 04:07 -------- d-----w- c:\users\Home\AppData\Roaming\u4pmG5sQJ 2011-11-10 04:07 . 2011-11-10 04:07 -------- d-----w- c:\users\Home\AppData\Roaming\H4pmG5sQJdKfZhX 2011-11-10 04:07 . 2011-11-10 04:07 -------- d-----w- c:\users\Home\AppData\Roaming\YcA1ivD2oFpHsJd 2011-11-10 03:06 . 2011-11-10 03:06 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\TEXTBOX.JS 2011-11-10 03:06 . 2011-11-10 03:06 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\TILEBOX.JS 2011-11-10 03:06 . 2011-11-10 03:06 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\SAVEDUSER.JS 2011-11-10 03:06 . 2011-11-10 03:06 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\UICORE.JS 2011-11-10 03:06 . 2011-11-10 03:06 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\USERTILE.JS 2011-11-10 03:06 . 2011-11-10 03:06 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\TEXT.JS 2011-11-10 03:06 . 2011-11-10 03:06 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\UIRESOURCE.JS 2011-11-10 03:06 . 2011-11-10 03:06 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\QUERYSTRING.JS 2011-11-10 03:06 . 2011-11-10 03:06 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\NEWUSERCOMM.JS 2011-11-10 03:06 . 2011-11-10 03:06 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\LOCALIZATION.JS 2011-11-10 03:06 . 2011-11-10 03:06 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\IMAGE.JS 2011-11-10 03:06 . 2011-11-10 03:06 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\LINK.JS 2011-11-10 03:05 . 2011-11-10 03:05 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\EXTERNALWRAPPER.JS 2011-11-10 03:05 . 2011-11-10 03:05 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\DIVWRAPPER.JS 2011-11-10 03:05 . 2011-11-10 03:05 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\COMBOBOX.JS 2011-11-10 03:05 . 2011-11-10 03:05 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\CHECKBOX.JS 2011-11-10 03:05 . 2011-11-10 03:05 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(1238)\BUTTON.JS 2011-11-09 04:00 . 2011-11-09 04:35 -------- d-----w- c:\users\Home\AppData\Local\ID Vault 2011-11-09 04:00 . 2011-11-09 04:00 -------- d-----w- c:\programdata\IsolatedStorage 2011-11-09 04:00 . 2011-11-09 04:35 -------- d-----w- c:\users\Home\AppData\Roaming\ID Vault 2011-11-09 03:58 . 2011-11-09 03:58 -------- d-----w- c:\programdata\White Sky, Inc 2011-10-28 02:35 . 2011-11-10 04:26 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2011-10-27 00:29 . 2011-10-27 00:29 -------- d-----w- c:\windows\system32\Macromed 2011-10-26 23:12 . 2011-11-10 04:26 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2011-10-18 14:53 . 2011-11-12 03:33 -------- d--h--w- c:\users\Home\AppData\Local\CrashDumps 2011-10-18 03:37 . 2011-10-18 03:55 -------- d--h--w- c:\users\Home\AppData\Local\NPE 2011-10-18 01:27 . 2011-10-18 01:27 -------- d--h--w- c:\users\Home\AppData\Roaming\Malwarebytes 2011-10-18 01:26 . 2011-10-18 01:26 -------- d-----w- c:\programdata\Malwarebytes 2011-10-18 01:26 . 2011-11-10 04:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-10-18 01:26 . 2011-09-01 00:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-17 22:44 . 2011-10-17 22:44 -------- d--h--w- c:\users\Home\AppData\Roaming\okUUUVrlOBtP0cS 2011-10-17 22:42 . 2011-10-17 22:42 -------- d--h--w- c:\users\Home\AppData\Roaming\WcbnQWETYVN01nH 2011-10-17 22:38 . 2011-10-17 22:38 -------- d--h--w- c:\users\Home\AppData\Roaming\a36EjVx1Gs 2011-10-17 22:38 . 2011-10-17 22:38 -------- d--h--w- c:\users\Home\AppData\Roaming\EDDD2ooF4pmGsQ6 2011-10-17 22:36 . 2011-10-17 22:36 -------- d--h--w- c:\users\Home\AppData\Roaming\o2b3GaHdKR9 2011-10-17 22:34 . 2011-10-17 22:34 -------- d--h--w- c:\users\Home\AppData\Roaming\V68hjkzAipadRXC 2011-10-17 22:31 . 2011-10-17 22:31 -------- d--h--w- c:\users\Home\AppData\Roaming\FOOAiWYN3WjN3JC 2011-10-17 22:31 . 2011-10-17 22:31 -------- d--h--w- c:\users\Home\AppData\Roaming\uPoJ9UAmEwzvG6R 2011-10-17 22:30 . 2011-10-17 22:30 -------- d--h--w- c:\users\Home\AppData\Roaming\GFFF3pGaTV 2011-10-17 22:30 . 2011-10-17 22:30 -------- d--h--w- c:\users\Home\AppData\Roaming\OsJf147qeishB26 2011-10-17 22:30 . 2011-10-17 22:30 -------- d--h--w- c:\users\Home\AppData\Roaming\KGG4H66sWJ7ELgT 2011-10-17 22:30 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\x111ivvoaRV 2011-10-17 22:30 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\Z00ccS11ivDon4a 2011-10-17 22:29 . 2011-10-17 22:29 -------- d--h--w- c:\users\Home\AppData\Roaming\tbF33pG5aQ 2011-10-17 22:29 . 2011-10-17 22:29 -------- d--h--w- c:\users\Home\AppData\Roaming\bddVx0cibD3pG4Q 2011-10-17 22:29 . 2011-10-17 22:29 -------- d--h--w- c:\users\Home\AppData\Roaming\appmmHsKhjVelBz 2011-10-17 22:29 . 2011-10-17 22:29 -------- d--h--w- c:\users\Home\AppData\Roaming\qyAA1uuvS2ob 2011-10-17 22:29 . 2011-10-17 22:29 -------- d--h--w- c:\users\Home\AppData\Roaming\BLgTTZqhC3R04YN 2011-10-17 22:29 . 2011-10-17 22:29 -------- d--h--w- c:\users\Home\AppData\Roaming\TIIVVrlOtxP0UrO 2011-10-17 22:29 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\lvmQJJ7dEK8ZYvm 2011-10-17 22:28 . 2011-10-17 22:28 -------- d--h--w- c:\users\Home\AppData\Roaming\xXqUa6W7R9XjCks 2011-10-17 22:28 . 2011-10-17 22:28 -------- d--h--w- c:\users\Home\AppData\Roaming\O11uuvDD2o 2011-10-17 22:28 . 2011-10-17 22:28 -------- d--h--w- c:\users\Home\AppData\Roaming\FyyccA1ivD2n5Qu 2011-10-17 22:28 . 2011-10-17 22:28 -------- d--h--w- c:\users\Home\AppData\Roaming\bPP0ycA1ivD2n5 2011-10-17 22:28 . 2011-10-17 22:28 -------- d--h--w- c:\users\Home\AppData\Roaming\CllOBzzP0yc 2011-10-17 22:27 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\mtZd4PqaitwLHDz 2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\NzpfOoEjAGgrvJ9 2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\yZpXujFe6z71BO 2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\UztrBVrlBzNyxx0 2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\JjvqPADG42QpV7h 2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\DyK19vsI6JfheqQ 2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\D888gTTZqhYCkUr 2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\cmxJ2rmwbLr17Uv 2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\aiWYzpfOoE 2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\vzzOONyxAi2SF3m 2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\vzOONyxxAi2SF3m 2011-10-17 22:27 . 2011-10-17 22:27 -------- d--h--w- c:\users\Home\AppData\Roaming\JBBBrzONNyAi2SF 2011-10-17 22:26 . 2011-10-17 22:26 -------- d--h--w- c:\users\Home\AppData\Roaming\vzzOONyyxvSib3p 2011-10-17 22:26 . 2011-10-17 22:26 -------- d--h--w- c:\users\Home\AppData\Roaming\vzzOONyxv2ibFpi 2011-10-17 22:26 . 2011-10-17 22:26 -------- d--h--w- c:\users\Home\AppData\Roaming\vzOONNyxv2ibFpi 2011-10-17 22:26 . 2011-10-17 22:26 -------- d--h--w- c:\users\Home\AppData\Roaming\vOOONNyxv2ibFpi 2011-10-17 22:25 . 2011-10-17 22:25 -------- d--h--w- c:\users\Home\AppData\Roaming\LH4jdeoa5EwdCI 2011-10-17 22:24 . 2011-10-17 22:24 -------- d--h--w- c:\users\Home\AppData\Roaming\pnnGG5aQH 2011-10-17 22:20 . 2011-10-17 22:20 -------- d--h--w- c:\users\Home\AppData\Roaming\gAA11vvD2on4pm5 2011-10-17 22:17 . 2011-10-17 22:17 -------- d--h--w- c:\users\Home\AppData\Roaming\vbbD33onG4wVr 2011-10-17 22:17 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\uiibD33onGwV 2011-10-17 22:16 . 2011-10-17 22:16 -------- d--h--w- c:\users\Home\AppData\Roaming\H1iibbD3onG 2011-10-17 22:15 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\QS11ibD3onG 2011-10-17 22:15 . 2011-10-17 22:15 -------- d--h--w- c:\users\Home\AppData\Roaming\Q111ibD3onG 2011-10-17 22:15 . 2011-10-17 22:19 -------- d--h--w- c:\users\Home\AppData\Roaming\H11iibDonG4 2011-10-17 22:15 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\QS1iibDonG4 2011-10-17 22:13 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\okIrrzOOxA0cSi 2011-10-17 22:12 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\o7kIrrzONxA0cS 2011-10-17 22:11 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\nDDD2o45JiJS 2011-10-17 22:10 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\nD22onnFALBz 2011-10-17 22:10 . 2011-10-17 22:10 -------- d--h--w- c:\users\Home\AppData\Roaming\mlOOBBtzPy1vDoF 2011-10-17 22:10 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\HOOttzPP0yA1iD2 2011-10-17 22:10 . 2011-10-17 22:10 -------- d--h--w- c:\users\Home\AppData\Roaming\UyccAA1ivD2oF4m 2011-10-17 22:09 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\HOOOttzP0ycAiv2 2011-10-17 22:09 . 2011-10-17 22:09 -------- d--h--w- c:\users\Home\AppData\Roaming\mlOOOBtzP0ycAiD 2011-10-17 22:09 . 2011-10-17 22:09 -------- d--h--w- c:\users\Home\AppData\Roaming\HOOOBBtzP0yc1iD 2011-10-17 22:07 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\SJJJ6ddERZ 2011-10-17 22:07 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\HjYYCwkIIVlONx 2011-10-17 22:07 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\AwwkIrOtPuSb3n4 2011-10-17 22:07 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\AtxxA00uc2bvZjC 2011-10-17 22:07 . 2011-10-17 22:14 -------- d--h--w- c:\users\Home\AppData\Roaming\U0uucc2ibvZqYwI 2011-10-17 22:07 . 2011-10-17 22:07 -------- d--h--w- c:\users\Home\AppData\Roaming\nbbZZqjYCwkI 2011-10-17 22:07 . 2011-10-17 22:07 -------- d--h--w- c:\users\Home\AppData\Roaming\nbbnZqjYCwkI 2011-10-17 22:07 . 2011-10-17 22:07 -------- d--h--w- c:\users\Home\AppData\Roaming\EOOONttxP0uc1iD 2011-10-17 22:07 . 2011-10-17 22:07 -------- d--h--w- c:\users\Home\AppData\Roaming\AwkIrOtPuSb3n4m 2011-10-17 22:07 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\cQQJJ6dEE 2011-10-17 22:05 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\yciibD3onGamfkZ 2011-10-17 22:04 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\ngggTXXqYCeIVzO 2011-10-17 22:03 . 2011-10-18 02:17 -------- d--h--w- c:\users\Home\AppData\Roaming\rqqhhYXww 2011-10-17 22:02 . 2011-10-17 22:02 -------- d--h--w- c:\users\Home\AppData\Roaming\R2YYCCwkVrlOtPu 2011-10-17 22:01 . 2011-10-17 22:01 -------- d--h--w- c:\users\Home\AppData\Roaming\WK77fEEL9gTq 2011-10-17 22:00 . 2011-10-17 22:00 -------- d--h--w- c:\users\Home\AppData\Roaming\a3ppmG55aQ6dW 2011-10-17 21:58 . 2011-10-17 21:58 -------- d--h--w- c:\users\Home\AppData\Roaming\W6SrXs3xwEpAegW 2011-10-17 21:58 . 2011-10-17 21:58 -------- d--h--w- c:\users\Home\AppData\Roaming\cXHvlRaSrZs2Pj8 2011-10-17 21:58 . 2011-10-17 21:58 -------- d--h--w- c:\users\Home\AppData\Roaming\ymnovzzVrUV 2011-10-17 21:58 . 2011-10-17 21:58 -------- d--h--w- c:\users\Home\AppData\Roaming\vlIXLfLE7Q 2011-10-17 21:58 . 2011-10-17 21:58 -------- d--h--w- c:\users\Home\AppData\Roaming\UH2lYEyVR3xeEai . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-10 03:43 . 2011-06-24 01:23 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-30 23:25 . 2011-10-12 03:12 1147904 ----a-w- c:\windows\system32\wininet.dll 2011-09-30 23:21 . 2011-10-12 03:12 56832 ----a-w- c:\windows\system32\licmgr10.dll 2011-09-30 23:21 . 2011-10-12 03:12 1538560 ----a-w- c:\windows\system32\inetcpl.cpl 2011-09-30 23:20 . 2011-10-12 03:12 132096 ----a-w- c:\windows\system32\iesysprep.dll 2011-09-30 23:20 . 2011-10-12 03:12 77312 ----a-w- c:\windows\system32\iesetup.dll 2011-09-30 23:06 . 2011-10-12 03:12 916480 ----a-w- c:\windows\SysWow64\wininet.dll 2011-09-30 23:02 . 2011-10-12 03:12 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-09-30 23:01 . 2011-10-12 03:12 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-09-30 23:01 . 2011-10-12 03:12 71680 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-09-30 23:01 . 2011-10-12 03:12 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-09-30 22:29 . 2011-10-12 03:12 479232 ----a-w- c:\windows\system32\html.iec 2011-09-30 22:07 . 2011-10-12 03:12 385024 ----a-w- c:\windows\SysWow64\html.iec 2011-09-30 21:48 . 2011-10-12 03:12 162816 ----a-w- c:\windows\system32\ieUnatt.exe 2011-09-30 21:47 . 2011-10-12 03:12 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-09-30 21:29 . 2011-10-12 03:12 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-09-30 21:28 . 2011-10-12 03:12 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-09-06 13:56 . 2011-10-12 03:06 2764288 ----a-w- c:\windows\system32\win32k.sys 2011-08-25 16:20 . 2011-10-12 03:05 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll 2011-08-25 16:19 . 2011-10-12 03:05 332288 ----a-w- c:\windows\system32\oleacc.dll 2011-08-25 16:19 . 2011-10-12 03:05 847360 ----a-w- c:\windows\system32\oleaut32.dll 2011-08-25 16:15 . 2011-10-12 03:05 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll 2011-08-25 16:14 . 2011-10-12 03:05 238080 ----a-w- c:\windows\SysWow64\oleacc.dll 2011-08-25 16:14 . 2011-10-12 03:05 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-08-25 13:54 . 2011-10-12 03:05 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2011-08-25 13:31 . 2011-10-12 03:05 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408] "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216] "TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-10 1328424] "CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-10 185640] "DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . R2 gupdate1ca8fabaf33d630;Google Update Service (gupdate1ca8fabaf33d630);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 133104] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 133104] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 15:11] . 2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-07 15:11] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 154648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 227352] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 202264] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904] "combofix"="c:\combofix\CF3555.3XE" [2008-01-21 363008] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\lgc4x2qq.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-HPADVISOR - c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe Wow6432Node-HKCU-Run-s11iivDD3on4aH5 - c:\users\Home\AppData\Roaming\svhostu.exe ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe AddRemove-Coupon Printer for Windows4.0 - c:\program files (x86)\Coupons\uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe . ************************************************************************** . Completion time: 2011-11-13 20:57:09 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-14 04:57 . Pre-Run: 467,832,479,744 bytes free Post-Run: 469,182,660,608 bytes free . - - End Of File - - A417CA765F83970010CA87A244B31443
-
Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 5/16/2009 8:56:23 AM System Uptime: 11/12/2011 7:59:19 PM (1 hours ago) . Motherboard: PEGATRON CORPORATION | | Benicia Processor: Pentium® Dual-Core CPU E5200 @ 2.50GHz | CPU 1 | 2500/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 582 GiB total, 436.283 GiB free. D: is FIXED (NTFS) - 14 GiB total, 1.931 GiB free. E: is CDROM (UDF) F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) ActiveCheck component for HP Active Support Library Adobe AIR Adobe Flash Player 10 Plugin Adobe Reader 9.4.6 Combat Arms Compatibility Pack for the 2007 Office system Coupon Printer for Windows CyberLink DVD Suite Deluxe DirectX for Managed Code Update (Summer 2004) DJ_SF_03_D1500_Software_Min Feedback Tool Google Earth Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Active Support Library HP Customer Experience Enhancements HP Games HP MediaSmart Demo HP MediaSmart DVD HP MediaSmart Music/Photo/Video HP Odometer HP Picasso Media Center Add-In HP Recovery Manager RSS HP Support Information HP Total Care Setup HP Update HPAsset component for HP Active Support Library Java Auto Updater Java 6 Update 26 LabelPrint LightScribe System Software Malwarebytes' Anti-Malware version 1.51.2.1300 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2572067) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft Default Manager Microsoft Live Search Toolbar Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Web Publishing Wizard 1.52 Microsoft Works Mozilla Firefox (3.6.24) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) My Disney Kitchen Octoshape add-in for Adobe Flash Player Picaboo X PictureMover Python 2.6.1 QuickTime Realtek High Definition Audio Driver Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553074) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Office Excel 2007 (KB2553073) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2535818) Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) The Print Shop 23 Toolbox Update for 2007 Microsoft Office System (KB2284654) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office OneNote 2007 (KB980729) Windows Media Player Firefox Plugin . ==== Event Viewer Messages From Past Week ======== . 11/9/2011 8:16:22 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.115.1237.0 Loading engine version: 1.1.7702.0 11/9/2011 8:11:55 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 11/9/2011 8:07:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate1ca8fabaf33d630) service to connect. 11/9/2011 8:07:55 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate1ca8fabaf33d630) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/9/2011 7:46:35 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.115.1237.0 Loading engine version: 1.1.7801.0 11/9/2011 6:29:49 PM, Error: Service Control Manager [7001] - The Windows Event Collector service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start. 11/8/2011 8:00:11 PM, Error: Service Control Manager [7030] - The CGPS Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 11/8/2011 7:24:22 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 002100E1DA1F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 11/8/2011 6:57:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt spldr Wanarpv6 11/8/2011 6:57:56 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 11/8/2011 6:57:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 11/8/2011 6:57:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 11/8/2011 6:57:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 11/8/2011 6:57:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 11/8/2011 6:57:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 11/8/2011 12:36:28 PM, Error: netbt [4321] - The name "WORKGROUP :0" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer. 11/8/2011 12:36:20 PM, Error: netbt [4321] - The name "WORKGROUP :0" could not be registered on the interface with IP address 192.168.1.5. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer. 11/8/2011 12:36:19 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 002100E1DA1F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 11/7/2011 3:10:31 PM, Error: EventLog [6008] - The previous system shutdown at 9:46:14 PM on 11/6/2011 was unexpected. 11/12/2011 8:01:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt 11/12/2011 8:01:20 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists. 11/12/2011 8:01:20 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists. 11/11/2011 8:10:36 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 002100E1DA1F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 11/11/2011 5:32:07 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 002100E1DA1F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 11/10/2011 11:15:23 AM, Error: netbt [4321] - The name "WORKGROUP :0" could not be registered on the interface with IP address 192.168.1.2. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer. . ==== End Of File =========================== DDS.txt: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_26 Run by Home at 20:06:35 on 2011-11-12 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.3825 [GMT -8:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Dwm.exe C:\Windows\System32\spoolsv.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\LSI SoftModem\agr64svc.exe c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\igfxsrvc.exe C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe "C:\Windows\system32\svchost.exe" C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY uRun: [s11iivDD3on4aH5] C:\Users\Home\AppData\Roaming\svhostu.exe mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe mRun: [updateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL LSP: mswsock.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos1.walmart.com/WalmartActivia.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{659A2472-CCCC-43E3-864C-023B39AB7739} : DhcpNameServer = 192.168.1.1 SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB-X64: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe mRun-x64: [updateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun-x64: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" mRun-x64: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" mRun-x64: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" mRun-x64: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [(Default)] mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\lgc4x2qq.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} . ============= SERVICES / DRIVERS =============== . R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-17 366152] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] S2 gupdate1ca8fabaf33d630;Google Update Service (gupdate1ca8fabaf33d630);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-7 133104] S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-18 89920] S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-7 133104] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] . =============== File Associations =============== . JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . 2011-11-13 03:59:39 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A2649D9D-DB71-4623-99A0-8134EA8DDB41}\offreg.dll 2011-11-12 01:15:06 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A2649D9D-DB71-4623-99A0-8134EA8DDB41}\mpengine.dll 2011-11-10 04:55:58 1426304 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-11-10 04:54:41 893440 ----a-w- C:\Program Files\Common Files\System\wab32.dll 2011-11-10 04:54:41 707584 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll 2011-11-10 04:54:41 50688 ----a-w- C:\Program Files\Windows Mail\wabimp.dll 2011-11-10 04:08:14 -------- d-----w- C:\Users\Home\AppData\Roaming\FONyxA0uv2b3n5Q 2011-11-10 04:08:13 -------- d-----w- C:\Users\Home\AppData\Local\PMB Files 2011-11-10 04:08:09 -------- d-----w- C:\Users\Home\AppData\Roaming\dxA1uS2ob3m5Q6W 2011-11-10 04:07:54 -------- d-----w- C:\Users\Home\AppData\Roaming\LdEK8fRZ9TwUeI 2011-11-10 04:07:53 -------- d-----w- C:\Users\Home\AppData\Roaming\u4pmG5sQJ 2011-11-10 04:07:53 -------- d-----w- C:\Users\Home\AppData\Roaming\H4pmG5sQJdKfZhX 2011-11-10 04:07:48 -------- d-----w- C:\Users\Home\AppData\Roaming\YcA1ivD2oFpHsJd 2011-11-09 04:00:27 -------- d-----w- C:\Users\Home\AppData\Local\ID Vault 2011-11-09 04:00:27 -------- d-----w- C:\ProgramData\IsolatedStorage 2011-11-09 04:00:00 -------- d-----w- C:\Users\Home\AppData\Roaming\ID Vault 2011-11-09 03:58:59 -------- d-----w- C:\ProgramData\White Sky, Inc 2011-10-28 02:35:33 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe(960) 2011-10-26 23:12:34 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2011-10-18 14:53:50 -------- d--h--w- C:\Users\Home\AppData\Local\CrashDumps 2011-10-18 03:37:51 -------- d--h--w- C:\Users\Home\AppData\Local\NPE 2011-10-18 01:27:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\Malwarebytes 2011-10-18 01:26:40 -------- d-----w- C:\ProgramData\Malwarebytes 2011-10-18 01:26:37 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-10-18 01:26:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-10-17 22:44:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\okUUUVrlOBtP0cS 2011-10-17 22:42:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\WcbnQWETYVN01nH 2011-10-17 22:38:40 -------- d--h--w- C:\Users\Home\AppData\Roaming\a36EjVx1Gs 2011-10-17 22:38:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\EDDD2ooF4pmGsQ6 2011-10-17 22:36:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\o2b3GaHdKR9 2011-10-17 22:34:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\V68hjkzAipadRXC 2011-10-17 22:31:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\FOOAiWYN3WjN3JC 2011-10-17 22:31:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\uPoJ9UAmEwzvG6R 2011-10-17 22:30:24 -------- d--h--w- C:\Users\Home\AppData\Roaming\GFFF3pGaTV 2011-10-17 22:30:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\OsJf147qeishB26 2011-10-17 22:30:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\KGG4H66sWJ7ELgT 2011-10-17 22:30:19 -------- d--h--w- C:\Users\Home\AppData\Roaming\x111ivvoaRV 2011-10-17 22:30:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\Z00ccS11ivDon4a 2011-10-17 22:29:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\tbF33pG5aQ 2011-10-17 22:29:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\bddVx0cibD3pG4Q 2011-10-17 22:29:30 -------- d--h--w- C:\Users\Home\AppData\Roaming\appmmHsKhjVelBz 2011-10-17 22:29:17 -------- d--h--w- C:\Users\Home\AppData\Roaming\qyAA1uuvS2ob 2011-10-17 22:29:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\BLgTTZqhC3R04YN 2011-10-17 22:29:09 -------- d--h--w- C:\Users\Home\AppData\Roaming\TIIVVrlOtxP0UrO 2011-10-17 22:29:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\lvmQJJ7dEK8ZYvm 2011-10-17 22:28:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\xXqUa6W7R9XjCks 2011-10-17 22:28:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\O11uuvDD2o 2011-10-17 22:28:24 -------- d--h--w- C:\Users\Home\AppData\Roaming\ZPPPuccS1 2011-10-17 22:28:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\FyyccA1ivD2n5Qu 2011-10-17 22:28:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\bPP0ycA1ivD2n5 2011-10-17 22:28:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\CllOBzzP0yc 2011-10-17 22:27:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\NzpfOoEjAGgrvJ9 2011-10-17 22:27:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\mtZd4PqaitwLHDz 2011-10-17 22:27:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\yZpXujFe6z71BO 2011-10-17 22:27:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\UztrBVrlBzNyxx0 2011-10-17 22:27:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\JjvqPADG42QpV7h 2011-10-17 22:27:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\DyK19vsI6JfheqQ 2011-10-17 22:27:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\D888gTTZqhYCkUr 2011-10-17 22:27:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\cmxJ2rmwbLr17Uv 2011-10-17 22:27:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\aiWYzpfOoE 2011-10-17 22:27:41 -------- d--h--w- C:\Users\Home\AppData\Roaming\vzzOONyxAi2SF3m 2011-10-17 22:27:41 -------- d--h--w- C:\Users\Home\AppData\Roaming\vzOONyxxAi2SF3m 2011-10-17 22:27:40 -------- d--h--w- C:\Users\Home\AppData\Roaming\JBBBrzONNyAi2SF 2011-10-17 22:26:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\vzzOONyyxvSib3p 2011-10-17 22:26:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\vzzOONyxv2ibFpi 2011-10-17 22:26:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\vzOONNyxv2ibFpi 2011-10-17 22:26:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\vOOONNyxv2ibFpi 2011-10-17 22:25:37 -------- d--h--w- C:\Users\Home\AppData\Roaming\LH4jdeoa5EwdCI 2011-10-17 22:24:11 -------- d--h--w- C:\Users\Home\AppData\Roaming\pnnGG5aQH 2011-10-17 22:20:44 -------- d--h--w- C:\Users\Home\AppData\Roaming\gAA11vvD2on4pm5 2011-10-17 22:17:39 -------- d--h--w- C:\Users\Home\AppData\Roaming\vbbD33onG4wVr 2011-10-17 22:17:26 -------- d--h--w- C:\Users\Home\AppData\Roaming\uiibD33onGwV 2011-10-17 22:16:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\H1iibbD3onG 2011-10-17 22:15:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\QS11ibD3onG 2011-10-17 22:15:50 -------- d--h--w- C:\Users\Home\AppData\Roaming\Q111ibD3onG 2011-10-17 22:15:32 -------- d--h--w- C:\Users\Home\AppData\Roaming\H11iibDonG4 2011-10-17 22:15:29 -------- d--h--w- C:\Users\Home\AppData\Roaming\QS1iibDonG4 2011-10-17 22:13:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\okIrrzOOxA0cSi 2011-10-17 22:12:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\o7kIrrzONxA0cS 2011-10-17 22:11:35 -------- d--h--w- C:\Users\Home\AppData\Roaming\nDDD2o45JiJS 2011-10-17 22:10:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\nD22onnFALBz 2011-10-17 22:10:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\mlOOBBtzPy1vDoF 2011-10-17 22:10:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\HOOttzPP0yA1iD2 2011-10-17 22:10:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\UyccAA1ivD2oF4m 2011-10-17 22:09:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\HOOOttzP0ycAiv2 2011-10-17 22:09:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\ZVeelOOBtPy1vDo 2011-10-17 22:09:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\mlOOOBtzP0ycAiD 2011-10-17 22:09:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\HOOOBBtzP0yc1iD 2011-10-17 22:07:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\U0uucc2ibvZqYwI 2011-10-17 22:07:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\SJJJ6ddERZ 2011-10-17 22:07:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\nbbZZqjYCwkI 2011-10-17 22:07:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\nbbnZqjYCwkI 2011-10-17 22:07:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\HjYYCwkIIVlONx 2011-10-17 22:07:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\EOOONttxP0uc1iD 2011-10-17 22:07:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\AwwkIrOtPuSb3n4 2011-10-17 22:07:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\AwkIrOtPuSb3n4m 2011-10-17 22:07:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\AtxxA00uc2bvZjC 2011-10-17 22:07:42 -------- d--h--w- C:\Users\Home\AppData\Roaming\cQQJJ6dEE 2011-10-17 22:05:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\YhebFT8SVr 2011-10-17 22:04:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\ngggTXXqYekIrzN 2011-10-17 22:03:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\rqqhhYXww 2011-10-17 22:02:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\R2YYCCwkVrlOtPu 2011-10-17 22:01:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\WK77fEEL9gTq 2011-10-17 22:00:11 -------- d--h--w- C:\Users\Home\AppData\Roaming\a3ppmG55aQ6dW 2011-10-17 21:58:39 -------- d--h--w- C:\Users\Home\AppData\Roaming\W6SrXs3xwEpAegW 2011-10-17 21:58:36 -------- d--h--w- C:\Users\Home\AppData\Roaming\cXHvlRaSrZs2Pj8 2011-10-17 21:58:35 -------- d--h--w- C:\Users\Home\AppData\Roaming\ymnovzzVrUV 2011-10-17 21:58:35 -------- d--h--w- C:\Users\Home\AppData\Roaming\vlIXLfLE7Q 2011-10-17 21:58:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\UH2lYEyVR3xeEai 2011-10-17 21:58:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\pJdsJWffEL865Gn 2011-10-17 21:57:51 -------- d--h--w- C:\Users\Home\AppData\Roaming\JQov1yNAVYhhgXW 2011-10-17 21:57:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\mqX9JJ55Q6D1SPA 2011-10-17 21:57:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\rov1NPykYhhg 2011-10-17 21:57:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\CmbSAP0BUeCjLf 2011-10-17 21:57:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\OzITZFcUh330tUY 2011-10-17 21:56:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\dW1BXAIdTrTdDxk 2011-10-17 21:56:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\fHH66sWJJ7EL8TZ 2011-10-17 21:56:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\nxeLHtXKpuB5Sxr 2011-10-17 21:56:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\cPUh8dGaJDAA 2011-10-17 21:56:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\USlZQ2PURabCJnc 2011-10-17 21:56:41 -------- d--h--w- C:\Users\Home\AppData\Roaming\hdDxwE4Al 2011-10-17 21:56:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\A85SkfQD0qQ2PCG 2011-10-17 21:56:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\SLHFbF0VVUJ420x 2011-10-17 21:56:21 -------- d--h--w- C:\Users\Home\AppData\Roaming\CPj8Gx94Sqv 2011-10-17 21:56:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\qHm3i1xBIYqLHFb 2011-10-17 21:56:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\dqJoPjfFNT6btwE 2011-10-17 21:55:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\KzXdFyCLaSl9d2r 2011-10-17 21:55:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\nOrq8pSxr 2011-10-17 21:54:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\p9soOXnxw 2011-10-17 21:54:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\YKTezv5QZO45H 2011-10-17 21:54:36 -------- d--h--w- C:\Users\Home\AppData\Roaming\lb3mqpjVlzc2mvK 2011-10-17 21:54:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\vSib3mqpjVlzc 2011-10-17 21:54:27 -------- d--h--w- C:\Users\Home\AppData\Roaming\Q000uS1b3oG 2011-10-17 21:54:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\TOzje9ncPUq985p 2011-10-17 21:54:06 -------- d--h--w- C:\Users\Home\AppData\Roaming\HFAyVOfm2odZeov 2011-10-17 21:53:08 -------- d--h--w- C:\Users\Home\AppData\Roaming\RWS96nSVhEsuzj 2011-10-17 21:53:08 -------- d--h--w- C:\Users\Home\AppData\Roaming\kLHoACRaixURQ4S 2011-10-17 21:53:06 -------- d--h--w- C:\Users\Home\AppData\Roaming\mtXC9ncPUq 2011-10-17 21:53:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\nTWS9WGiO 2011-10-17 21:53:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\NsFvzU9LDtkdFyj 2011-10-17 21:53:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\bwEDlh6uCEnB9db 2011-10-17 21:53:02 -------- d--h--w- C:\Users\Home\AppData\Roaming\q11ivvn4amH5dgX 2011-10-17 21:53:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\cVycS11ivD3oFmH 2011-10-17 21:52:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\VNP1ivvn4 2011-10-17 21:52:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\ro1tXdapNYE4cUK 2011-10-17 21:51:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\SoBRGukEpuCd2 2011-10-17 21:51:27 -------- d--h--w- C:\Users\Home\AppData\Roaming\CKf9qCIVrhHijZ6 2011-10-17 21:50:54 -------- d--h--w- C:\Users\Home\AppData\Roaming\vhsvVnFF4pHsQEg 2011-10-17 21:50:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\PnxZayrRFpH5Qdg 2011-10-17 21:50:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\eCR4xqW4zpH5Qdg 2011-10-17 21:50:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\EEK88RhXUlrkgau 2011-10-17 21:50:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\dEK88RhXUlrkgau 2011-10-17 21:50:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\C66dK8fRhXUlxIX 2011-10-17 21:50:07 -------- d--h--w- C:\Users\Home\AppData\Roaming\AozC9QcrTHAj 2011-10-17 21:50:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\Z2PX6bOjsiOZ5Fy 2011-10-17 21:50:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\nRntqsoNwWFAILa 2011-10-17 21:48:40 -------- d--h--w- C:\Users\Home\AppData\Roaming\m4mBS47qkzv47 2011-10-17 21:48:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\liiibD33o 2011-10-17 21:48:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\hOttxPP0cS1ib3n 2011-10-17 21:48:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\X26ZObWhPn 2011-10-17 21:48:15 -------- d--h--w- C:\Users\Home\AppData\Roaming\tu49ViJYPndw0FR 2011-10-17 21:46:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\TF4a5JERe0D4H7g 2011-10-17 21:45:51 -------- d--h--w- C:\Users\Home\AppData\Roaming\q3oHWfEgy 2011-10-17 21:44:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\Azxv3567gCVNu2D 2011-10-17 21:44:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\rZXlcbJRU 2011-10-17 21:44:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\BrONx0c1b34msW7 2011-10-17 21:44:36 -------- d--h--w- C:\Users\Home\AppData\Roaming\gXjVlBzyAvbpGQ 2011-10-17 21:44:25 -------- d--h--w- C:\Users\Home\AppData\Roaming\Vgli5ZOvs9tD 2011-10-17 21:44:13 -------- d--h--w- C:\Users\Home\AppData\Roaming\U14QgjPDQhB2deS 2011-10-17 21:44:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\yPv47RwtAbs8XI 2011-10-17 21:43:17 -------- d--h--w- C:\Users\Home\AppData\Roaming\dBzyAuSiFn5HdKf 2011-10-17 21:43:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\RmRt49tbfzm9y5X 2011-10-17 21:42:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\wwwrOx0c1Do4m5W 2011-10-17 21:39:37 -------- d--h--w- C:\Users\Home\AppData\Roaming\errzzPNyyx1 2011-10-17 21:29:06 -------- d--h--w- C:\Users\Home\AppData\Roaming\CVelBzzPyA1u2b4 2011-10-17 21:29:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\gnnF4pmHsQ7dR9w 2011-10-17 21:28:40 -------- d--h--w- C:\Users\Home\AppData\Roaming\UnGG446WJ7ELgYC 2011-10-17 21:28:40 -------- d--h--w- C:\Users\Home\AppData\Roaming\A333onnG46WJEgY 2011-10-17 21:28:36 -------- d--h--w- C:\Users\Home\AppData\Roaming\oasETwOcomJgktA 2011-10-17 21:28:29 -------- d--h--w- C:\Users\Home\AppData\Roaming\sHsKLjkVlxS 2011-10-17 21:28:29 -------- d--h--w- C:\Users\Home\AppData\Roaming\lClzyAvoFG6W8hX 2011-10-17 21:28:29 -------- d--h--w- C:\Users\Home\AppData\Roaming\ExSGsgUy1D 2011-10-17 21:28:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\yYr0in45JgXBy2p 2011-10-17 21:28:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\xTqCrzNx0ci3n4 2011-10-17 21:23:27 -------- d--h--w- C:\Users\Home\AppData\Roaming\STqttxzlewRTR8k 2011-10-17 21:23:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\Y7RecyBCj9gfQd7 2011-10-17 21:23:07 -------- d--h--w- C:\Users\Home\AppData\Roaming\s9qlvbo0ytzCwZ 2011-10-17 21:22:48 -------- d--h--w- C:\Users\Home\AppData\Roaming\ht5ZCVz2G 2011-10-17 21:21:19 -------- d--h--w- C:\Users\Home\AppData\Roaming\XUUVellOBycAiv2 2011-10-17 21:21:18 -------- d--h--w- C:\Users\Home\AppData\Roaming\XxxPP0ycS1iD3n4 2011-10-17 21:21:18 -------- d--h--w- C:\Users\Home\AppData\Roaming\XxPP0ycS1ivDoF4 2011-10-17 21:20:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\P99hTTXqjUekIrO 2011-10-17 21:20:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\P99hhTXqjUCkIrO 2011-10-17 21:20:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\iwwkkUVelOBzPyA 2011-10-17 21:20:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\bwwkUUVelOtzPyA 2011-10-17 21:20:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\bwwkkUVelOBzPyA 2011-10-17 21:20:20 -------- d-----w- C:\Users\Home\AppData\Roaming\lD2oonF4pm5sQ7E 2011-10-17 21:07:21 -------- d--h--w- C:\Users\Home\AppData\Roaming\NyyxAA1vS2bFpm 2011-10-17 21:06:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\HfRRRL9hTXqjUeI 2011-10-17 21:06:54 -------- d--h--w- C:\Users\Home\AppData\Roaming\mTUkWnbu7tEHm 2011-10-17 21:06:54 -------- d--h--w- C:\Users\Home\AppData\Roaming\adRTUIf4bu7tEHH 2011-10-17 21:06:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\zT3dLXCsob 2011-10-17 21:06:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\SfDjmdLXCsobu7x 2011-10-17 21:06:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\OuTEojmdLqeWFbu 2011-10-17 21:06:50 -------- d--h--w- C:\Users\Home\AppData\Roaming\rp8UPImSyKFOgsS 2011-10-17 21:06:48 -------- d--h--w- C:\Users\Home\AppData\Roaming\o4KXzLWmSyKFOgs 2011-10-17 21:06:41 -------- d--h--w- C:\Users\Home\AppData\Roaming\zkeelOOBtzP0cAD 2011-10-17 21:06:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\rhYYXXwkUVelBtP 2011-10-17 21:06:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\rhhYYXXwkUVlOtz 2011-10-17 21:06:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\rhhYYXwwkUVlOtz 2011-10-17 21:06:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\o77ffEL88TZqhCk 2011-10-17 21:05:44 -------- d--h--w- C:\Users\Home\AppData\Roaming\uTTTtPpK7fCcr7b 2011-10-17 21:05:44 -------- d--h--w- C:\Users\Home\AppData\Roaming\RwiIIN855WJ7dLg 2011-10-17 21:05:44 -------- d--h--w- C:\Users\Home\AppData\Roaming\RTTTtPpK7fCcr7b 2011-10-17 21:05:44 -------- d--h--w- C:\Users\Home\AppData\Roaming\kXRK77fCcr7 2011-10-17 21:05:44 -------- d--h--w- C:\Users\Home\AppData\Roaming\koKiIN855WJ 2011-10-17 21:05:39 -------- d--h--w- C:\Users\Home\AppData\Roaming\k666dWWK8fR 2011-10-17 21:04:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\yXXXwjUCelIrzNx 2011-10-17 21:04:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\yXXXwjUCelIBzNx 2011-10-17 21:04:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\yXXXwjUCClIBzNx 2011-10-17 21:04:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\LHIq6HUb0DWrVh 2011-10-17 21:04:51 -------- d--h--w- C:\Users\Home\AppData\Roaming\yXwwwUUCelBrzNx 2011-10-17 21:04:51 -------- d--h--w- C:\Users\Home\AppData\Roaming\a99gTXXqjY 2011-10-17 21:04:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\DT1oZ9famH6XoBv 2011-10-17 21:04:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\eLo5qTfamH6XoB 2011-10-17 21:04:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\yeeekIIBrzOvtE4 2011-10-17 21:04:42 -------- d--h--w- C:\Users\Home\AppData\Roaming\qOONNyxxA0vS 2011-10-17 21:04:42 -------- d--h--w- C:\Users\Home\AppData\Roaming\qONNyyxA0uvS 2011-10-17 21:04:42 -------- d--h--w- C:\Users\Home\AppData\Roaming\jNNNyxxA0uv2i 2011-10-17 21:03:36 -------- d--h--w- C:\Users\Home\AppData\Roaming\mVb0D3rVhu4uUCi 2011-10-17 21:03:24 -------- d--h--w- C:\Users\Home\AppData\Roaming\m6HUb0D3rVhu4uU 2011-10-17 21:02:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\dkIq6HUb0 2011-10-17 21:02:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\ydVyNwOBm1LVWoJ 2011-10-17 21:01:41 -------- d--h--w- C:\Users\Home\AppData\Roaming\m9qxanbHoWooKUd 2011-10-17 21:00:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\jFFk4QQJ7e 2011-10-17 20:59:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\yBBBrzzONyx 2011-10-17 20:59:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\xrrzzONyyx0 2011-10-17 20:59:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\qOOONyyxA0uS 2011-10-17 20:59:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\qOONNyxxA0u2 2011-10-17 20:59:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\pekkIBBrz 2011-10-17 20:59:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\nkIIBrrzO 2011-10-17 20:59:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\GIBBrrzONy 2011-10-17 20:59:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\GBBBrzzONy 2011-10-17 20:59:31 -------- d-----w- C:\Users\Home\AppData\Roaming\yBBrrzOONyx 2011-10-17 20:59:30 -------- d--h--w- C:\Users\Home\AppData\Roaming\UVJo75cVUVci4x 2011-10-17 20:57:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\To9KesGy3 2011-10-17 20:57:25 -------- d--h--w- C:\Users\Home\AppData\Roaming\FJqadplavk9j 2011-10-17 20:56:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\CIfvJAITLkaLAVw 2011-10-17 20:56:29 -------- d--h--w- C:\Users\Home\AppData\Roaming\JBrrzzPEENVCPhT 2011-10-17 20:56:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\JBBBrzzEENVCPhT 2011-10-17 20:54:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\QdPCNlN3NbjDqH 2011-10-17 20:54:11 -------- d--h--w- C:\Users\Home\AppData\Roaming\uGswGX5sSgTFUUS 2011-10-17 20:53:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\p8CVW41EFbnxFye 2011-10-17 20:48:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\Hc6VdfRZTwjUlIr 2011-10-17 20:48:34 -------- d--h--w- C:\Users\Home\AppData\Roaming\mPPP0yycA1iDo 2011-10-17 20:46:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\xsssWWJ7fELqhC 2011-10-17 20:46:45 -------- d--h--w- C:\Users\Home\AppData\Roaming\PCwwVWOyHVQX1W0 2011-10-17 20:46:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\iTwWsEbGQSHL8jR 2011-10-17 20:46:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\KZUDGFCOi9IkgRN 2011-10-17 20:46:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\j8X1UhWDDsBvQ31 2011-10-17 20:46:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\hH8X1UhWDDsBvQ3 2011-10-17 20:46:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\EqVclRFewYDfpEB 2011-10-17 20:41:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\wUUOBzA1iv2on4m 2011-10-17 20:39:10 -------- d--h--w- C:\Users\Home\AppData\Roaming\XvvDD2onF4pm5 2011-10-17 20:36:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\JOtPciDnLwVltP1 2011-10-17 20:36:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\ev9rvQzp7kmgkig 2011-10-17 20:36:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\bD46LZUtvsgUyns 2011-10-17 20:36:14 -------- d--h--w- C:\Users\Home\AppData\Roaming\vgqXkVlBPy 2011-10-17 20:35:54 -------- d--h--w- C:\Users\Home\AppData\Roaming\nTO1aTxDmZzD 2011-10-17 20:35:40 -------- d--h--w- C:\Users\Home\AppData\Roaming\vWKK7ffEL9gZqCk 2011-10-17 20:35:39 -------- d--h--w- C:\Users\Home\AppData\Roaming\h22oobFF4pm5 2011-10-17 20:35:39 -------- d--h--w- C:\Users\Home\AppData\Roaming\f999hhYXwjUVl 2011-10-17 20:34:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\AbFF335aQJ6dK8R 2011-10-17 20:34:19 -------- d--h--w- C:\Users\Home\AppData\Roaming\L6ZUBNubpaJdKf 2011-10-17 20:34:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\cOPvnmJgqkVl 2011-10-17 20:33:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\yTvguKPWkFq0JVA 2011-10-17 20:33:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\dWWJJ7fEE8gTqYw 2011-10-17 20:33:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\hyFHgYVyv 2011-10-17 20:31:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\gUBPy15TkOv6Yzu 2011-10-17 20:31:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\NRTzGdTI3sLqIif 2011-10-17 20:31:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\KhNmRrF8eS 2011-10-17 20:30:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\zlu5TNoWUNupLI0 2011-10-17 20:30:13 -------- d--h--w- C:\Users\Home\AppData\Roaming\ZdTkvFa9VAn7jkV 2011-10-17 20:30:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\Z8XIvpdRIADa 2011-10-17 20:29:27 -------- d--h--w- C:\Users\Home\AppData\Roaming\BuoGWTzS35fjIun 2011-10-17 20:28:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\s79CunaHW78Cyva 2011-10-17 20:27:36 -------- d--h--w- C:\Users\Home\AppData\Roaming\v8XOtPc1v45ZXUt 2011-10-17 20:27:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\p555aHdK7fLTqeD 2011-10-17 20:27:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\rhYYXXwyvDob 2011-10-17 20:26:32 -------- d--h--w- C:\Users\Home\AppData\Roaming\WKNiafCuLlig 2011-10-17 20:26:32 -------- d--h--w- C:\Users\Home\AppData\Roaming\TeGKTIGs7EgqYkV 2011-10-17 20:25:51 -------- d--h--w- C:\Users\Home\AppData\Roaming\E7ZVPyc1v3naHJd 2011-10-17 20:23:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\WUCCeekIBrzOyx0 2011-10-17 20:22:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\fnnGG5aQQH 2011-10-17 20:22:08 -------- d--h--w- C:\Users\Home\AppData\Roaming\UQRUuWqriRCNbEw 2011-10-17 20:20:15 -------- d--h--w- C:\Users\Home\AppData\Roaming\Bb3m5WfLkOu2b35 2011-10-17 20:20:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\l12FJRXeByup 2011-10-17 20:19:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\vn8tDH8OD58lvGR 2011-10-17 20:19:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\u4mWLZYt0coFpm5 2011-10-17 20:19:36 -------- d--h--w- C:\Users\Home\AppData\Roaming\ITTXXwjjUCeIzSJ 2011-10-17 20:19:26 -------- d--h--w- C:\Users\Home\AppData\Roaming\RjjUUCeBBrO 2011-10-17 20:19:26 -------- d--h--w- C:\Users\Home\AppData\Roaming\PiiivDD3onF 2011-10-17 20:19:10 -------- d--h--w- C:\Users\Home\AppData\Roaming\jVVBvJheNu5JW 2011-10-17 20:19:02 -------- d--h--w- C:\Users\Home\AppData\Roaming\PDomdXkeOPc 2011-10-17 20:17:35 -------- d--h--w- C:\Users\Home\AppData\Roaming\XyyyxAA0uvSibFp 2011-10-17 20:17:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\S7LgjkNA0ucib3n 2011-10-17 20:17:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\QQQH6WLgjVNA0ci 2011-10-17 20:17:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\ySS22obFF3mG5Q6 2011-10-17 20:17:19 -------- d--h--w- C:\Users\Home\AppData\Roaming\OJJJ6ddWK8 2011-10-17 20:11:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\VTXjYCekIrxu 2011-10-17 20:11:03 -------- d--h--w- C:\Users\Home\AppData\Roaming\ObF3pma68hqkrNx 2011-10-17 20:10:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\tSbnaKLTjkrt0i3 2011-10-17 18:07:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\zhhhYXwkUelOt 2011-10-17 18:07:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\vUVVrllOBtPy1v3 2011-10-17 18:07:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\piiiDoFmH 2011-10-17 18:07:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\gOBBttxPyc1vDn4 2011-10-17 18:07:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\d55ssWJJ7dE8gZq 2011-10-17 18:01:37 -------- d--h--w- C:\Users\Home\AppData\Roaming\mRXPvnEZz12Jg9t 2011-10-17 18:01:32 -------- d--h--w- C:\Users\Home\AppData\Roaming\d8USslD7lFfIr3h 2011-10-17 18:01:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\FwPvnEZz12Jg 2011-10-17 17:59:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\VZZqqjYYCwkVrON 2011-10-17 17:59:39 -------- d--h--w- C:\Users\Home\AppData\Roaming\rFF44pmmH 2011-10-17 17:59:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\ZAA11uvvD2bFpG5 2011-10-17 17:59:32 -------- d--h--w- C:\Users\Home\AppData\Roaming\D1nmH55JLqk 2011-10-17 17:59:30 -------- d--h--w- C:\Users\Home\AppData\Roaming\URL9TXqYCeIO2nG 2011-10-17 17:59:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\fUPubQK9XjCkBzN 2011-10-17 17:59:21 -------- d--h--w- C:\Users\Home\AppData\Roaming\V4gl1adXO 2011-10-17 17:59:11 -------- d--h--w- C:\Users\Home\AppData\Roaming\Ldk2KOaZtoJYOim 2011-10-17 17:59:10 -------- d--h--w- C:\Users\Home\AppData\Roaming\WKfRRL9hhTqjUeI 2011-10-17 17:59:10 -------- d--h--w- C:\Users\Home\AppData\Roaming\WKfRRL99hTqjUek 2011-10-17 17:59:09 -------- d--h--w- C:\Users\Home\AppData\Roaming\JkkUodEKKgRZ9Yw 2011-10-17 17:57:26 -------- d--h--w- C:\Users\Home\AppData\Roaming\fycc1aAKe3NqFwQ 2011-10-17 17:56:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\cXOPc7Auv 2011-10-17 17:56:03 -------- d--h--w- C:\Users\Home\AppData\Roaming\N000ycAA1iv2oF4 2011-10-17 17:56:03 -------- d--h--w- C:\Users\Home\AppData\Roaming\j555sQQJ7dK8RZh 2011-10-17 17:47:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\tssQQJ66dE8fR9h 2011-10-17 17:47:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\pIVVrrzONtxAuc2 2011-10-17 17:47:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\EE9hhXwUelBzN13 2011-10-17 17:47:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\DlBBzPN1WjIAD5d 2011-10-17 17:47:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\DlllIBBtzPNcAuv 2011-10-17 17:47:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\DlllIBBtzPNA1uD 2011-10-17 17:45:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\sOONNASibn4Q67f 2011-10-17 17:44:25 -------- d--h--w- C:\Users\Home\AppData\Roaming\sbD33nG4aQH 2011-10-17 17:44:21 -------- d--h--w- C:\Users\Home\AppData\Roaming\h6tibDD3p 2011-10-17 17:43:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\RiG6WJ7fEL8 2011-10-17 17:43:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\LiG6WJ7fEL8 2011-10-17 17:43:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\l6WJJfEL8gTZ 2011-10-17 17:43:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\Djm6WJ7fEL8TZh 2011-10-17 17:43:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\Db46WJ7fEL8TZh 2011-10-17 17:43:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\Cb46WJ7fEL8TZhC 2011-10-17 17:43:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\Ab46WJ7fEL8TZhC 2011-10-17 17:43:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\a7ffEL8gTZqhCwD 2011-10-17 17:43:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\KG6WJ7fEL8 2011-10-17 17:43:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\hEEKK8ffR 2011-10-17 17:43:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\cXXwwkUUVeOBtP0 2011-10-17 17:43:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\ayyyxAA1uvSobFp 2011-10-17 17:41:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\Ca6dWfjCkr0qwxR 2011-10-17 17:40:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\a9qVl1pdtcfVdP7 2011-10-17 17:40:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\nGas8ZeAbgkBbRL 2011-10-17 17:40:54 -------- d--h--w- C:\Users\Home\AppData\Roaming\bR9qVl1pdtcfVd 2011-10-17 17:40:51 -------- d--h--w- C:\Users\Home\AppData\Roaming\etGas8ZeAbgkBbR 2011-10-17 17:40:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\Zzvbm5ECNDEg 2011-10-17 17:40:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\GQCiVhjUCkIOFEe 2011-10-17 17:40:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\iONNtxPP0uc1i 2011-10-17 17:40:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\S00ucibD3pGaHsK 2011-10-17 17:39:51 -------- d--h--w- C:\Users\Home\AppData\Roaming\CZYwUrOtP0yS1vD 2011-10-17 17:39:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\xEELTqYUrOt0c1 2011-10-17 17:39:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\PhhYYXwwkUVlOt 2011-10-17 17:39:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\pF444amH5sJE8gh 2011-10-17 17:39:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\o88ghhYXwkU 2011-10-17 17:39:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\i6ilYJvz3iutCE5 2011-10-17 17:39:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\AL8TqwUrOt0c1vn 2011-10-17 17:38:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\f6fhXjerNAuSoFp 2011-10-17 17:37:24 -------- d--h--w- C:\Users\Home\AppData\Roaming\jjIy1opsdKRTwCI 2011-10-17 17:35:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\uJjAGhPpRzn9x4q 2011-10-17 17:35:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\SdU2WVb7r3EVv 2011-10-17 17:35:30 -------- d--h--w- C:\Users\Home\AppData\Roaming\LVvJjAGhPpRzn9x 2011-10-17 17:34:44 -------- d--h--w- C:\Users\Home\AppData\Roaming\LvBawvJLXrxZj2H 2011-10-17 17:31:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\QkUUVVrlOBtx0yS 2011-10-17 17:26:07 -------- d--h--w- C:\Users\Home\AppData\Roaming\CgsoyrjEHnAB9d5 2011-10-17 17:23:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\D666dEEK8fR 2011-10-17 17:22:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\kcccS22ibD3pGH 2011-10-17 17:22:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\tSn6LjrPi4WgwOc 2011-10-17 17:22:24 -------- d--h--w- C:\Users\Home\AppData\Roaming\CbbFF3p5aQd8R9T 2011-10-17 04:51:24 -------- d--h--w- C:\Users\Home\AppData\Roaming\ypppnrBBtxPyc1i 2011-10-17 04:51:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\TttxxP0uuc1ioaw 2011-10-17 04:51:13 -------- d--h--w- C:\Users\Home\AppData\Roaming\zuuucSS2ibD3nGa 2011-10-17 04:51:11 -------- d--h--w- C:\Users\Home\AppData\Roaming\Xuu2obbF4pm5sQ6 2011-10-17 04:51:07 -------- d--h--w- C:\Users\Home\AppData\Roaming\fTXXXqjUCekIBzN 2011-10-17 04:51:06 -------- d--h--w- C:\Users\Home\AppData\Roaming\SRRRZ99hXwjUelB 2011-10-17 04:51:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\zEKK88fRZ9hTX 2011-10-17 04:49:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\mSiivDD3onFam5s 2011-10-17 04:48:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\gS11iivD3on 2011-10-17 04:47:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\HnnG5QQKRL9 2011-10-17 04:46:26 -------- d--h--w- C:\Users\Home\AppData\Roaming\GTTTZqqjYCwkVrO 2011-10-17 04:46:24 -------- d--h--w- C:\Users\Home\AppData\Roaming\l555sQQJ6 2011-10-17 04:46:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\wEEEK88fRZ9hXwU 2011-10-17 04:45:34 -------- d--h--w- C:\Users\Home\AppData\Roaming\NbfGzxxAGhLgRq 2011-10-17 04:44:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\QDfr1JUy2KUIvmQ 2011-10-17 04:44:42 -------- d--h--w- C:\Users\Home\AppData\Roaming\vttPcDHEZEzcFKX 2011-10-17 04:44:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\KFpmmG5aaQ6dW8f 2011-10-17 04:44:25 -------- d--h--w- C:\Users\Home\AppData\Roaming\iaHdKfLgqYeIr 2011-10-17 04:43:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\WlPci2HE8YlDbFp 2011-10-17 04:43:40 -------- d--h--w- C:\Users\Home\AppData\Roaming\LK88LhTjUeIry2a 2011-10-17 04:43:26 -------- d--h--w- C:\Users\Home\AppData\Roaming\tYzYXwBcQE8fuF5 2011-10-17 04:43:10 -------- d--h--w- C:\Users\Home\AppData\Roaming\r22obFDnH6UVrJm 2011-10-17 04:40:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\HTTTXwwjUCe 2011-10-17 04:39:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\nWnFF9hTXn5LCHT 2011-10-17 04:37:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\sPPNNyxxA1uS2bF 2011-10-17 04:37:49 -------- d--h--w- C:\Users\Home\AppData\Roaming\LyvlCgS76fv4tJv 2011-10-17 04:37:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\sUUCCelIBtzPNc1 2011-10-17 04:36:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\fQQQH66sWK7fL9T 2011-10-17 04:36:18 -------- d--h--w- C:\Users\Home\AppData\Roaming\seu5ZISQhzi6XOi 2011-10-17 04:36:11 -------- d--h--w- C:\Users\Home\AppData\Roaming\c2HTr1HWTOi5ZOv 2011-10-17 04:35:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\tXkc1ullOBUCeIB 2011-10-17 04:35:26 -------- d--h--w- C:\Users\Home\AppData\Roaming\whhhYXXwkUVlOtz 2011-10-17 04:35:17 -------- d--h--w- C:\Users\Home\AppData\Roaming\gVeellOBtzP0cAi 2011-10-17 04:35:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\suuuccS2ibD3nG 2011-10-17 04:33:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\xcccSS1ivD3oF4m 2011-10-17 04:32:50 -------- d--h--w- C:\Users\Home\AppData\Roaming\fmmGNJB2GdIZw 2011-10-17 04:32:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\a66ddEK8fRZ9hXj 2011-10-17 04:32:15 -------- d--h--w- C:\Users\Home\AppData\Roaming\LH66ddWK7fRLgTq 2011-10-17 04:31:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\sZUspFBsBuk0KLY 2011-10-17 04:31:44 -------- d--h--w- C:\Users\Home\AppData\Roaming\hBBDsvFQh 2011-10-17 04:31:30 -------- d--h--w- C:\Users\Home\AppData\Roaming\uItPyAu2b4m5Q6E 2011-10-17 04:31:18 -------- d--h--w- C:\Users\Home\AppData\Roaming\NHWW5IIVrzONxAr 2011-10-17 04:31:08 -------- d--h--w- C:\Users\Home\AppData\Roaming\bPNv2A2dN0c 2011-10-17 04:31:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\daaWJ7f4HdV7bEy 2011-10-17 04:30:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\qzzzPNNyxA1u 2011-10-17 04:30:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\K2zPb0rllOtxPuS 2011-10-17 04:30:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\FJ7dLgZhXkVOtPy 2011-10-17 04:29:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\GeeelIIBtzPyc1u 2011-10-17 04:26:03 -------- d--h--w- C:\Users\Home\AppData\Roaming\t0SDHELYOcnQ8RU 2011-10-17 04:25:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\uq2QKqcSa9C1Tky 2011-10-17 04:25:25 -------- d--h--w- C:\Users\Home\AppData\Roaming\eKK88fRRZ9h 2011-10-17 04:24:25 -------- d--h--w- C:\Users\Home\AppData\Roaming\ESS22ibbD3nG4 2011-10-17 04:23:37 -------- d--h--w- C:\Users\Home\AppData\Roaming\m88gV1vDFp 2011-10-17 04:23:35 -------- d--h--w- C:\Users\Home\AppData\Roaming\T3pmG5WhjNAn5d7 2011-10-17 04:23:27 -------- d--h--w- C:\Users\Home\AppData\Roaming\IXwwjjUVe 2011-10-17 04:23:27 -------- d--h--w- C:\Users\Home\AppData\Roaming\HwwwkkUVelOBz0 2011-10-17 04:23:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\DkrOBxv3oH5Jd8 2011-10-17 04:23:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\tJKTkzA0i3naHKf 2011-10-17 04:23:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\pJfTrtPc1v3oW7L 2011-10-17 04:23:10 -------- d--h--w- C:\Users\Home\AppData\Roaming\ZGGG5aaQ8 2011-10-17 04:23:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\SKK88gRRZ9hXwUV 2011-10-17 04:23:02 -------- d--h--w- C:\Users\Home\AppData\Roaming\Q77ddEL8gRZ 2011-10-17 04:22:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\d34m57ghkOPiDon 2011-10-17 04:22:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\UosRUzSG8TCezyv 2011-10-17 04:22:48 -------- d--h--w- C:\Users\Home\AppData\Roaming\OlOOBBtxP0ycSiD 2011-10-17 04:22:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\ePP00uucS1iD3nG 2011-10-17 04:22:39 -------- d--h--w- C:\Users\Home\AppData\Roaming\gJ7ETYUSvaH5WJ 2011-10-17 04:22:34 -------- d--h--w- C:\Users\Home\AppData\Roaming\LVVrtPySvFa5JEh 2011-10-17 04:22:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\HwwwkUUVrlOtx0y 2011-10-17 04:22:27 -------- d--h--w- C:\Users\Home\AppData\Roaming\mOONNtxPPucS1 2011-10-17 04:22:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\RbbbD33onG4aH6W 2011-10-17 04:22:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\cubsQQJ6dEK8RZh 2011-10-17 04:22:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\cVVVellOBtzPyc1 2011-10-17 04:22:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\VUUUVrrlOBtP0yS 2011-10-17 04:20:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\s77gXjCkrOtx0uS 2011-10-17 04:19:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\vlllONNtxP 2011-10-17 04:18:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\CCCwwkUUVrOBtP0 2011-10-17 04:17:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\wELL88gTZqhYw 2011-10-17 04:16:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\qxxPP0yycSiv 2011-10-17 04:15:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\T333ppnG4aQH 2011-10-17 04:14:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\CyyccS11ivDon4 2011-10-17 04:13:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\vQJJ7KgZhXjeItP 2011-10-17 04:12:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\YQQJJ6ddWK8RL 2011-10-17 04:11:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\XXXqqjYCCeIVrOt 2011-10-17 04:10:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\YkkkUVVrlO 2011-10-17 04:10:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\q888gRRZqhYwkVe 2011-10-17 04:10:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\X3pGWTaWqNxAuS3 2011-10-17 04:10:42 -------- d--h--w- C:\Users\Home\AppData\Roaming\yelrzPNxeu70iDQ 2011-10-17 04:10:35 -------- d--h--w- C:\Users\Home\AppData\Roaming\juvvvD2obF4pm 2011-10-17 04:10:35 -------- d--h--w- C:\Users\Home\AppData\Roaming\I0nppmH55sJ7dKg 2011-10-17 04:10:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\tCkxxuS4aW7TN 2011-10-17 04:10:24 -------- d--h--w- C:\Users\Home\AppData\Roaming\kWEZNi4J3o4m5dR 2011-10-17 04:10:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\NuuvvD22obFpm5s 2011-10-17 04:10:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\KuuuvvS2obF3mGa 2011-10-17 04:10:11 -------- d--h--w- C:\Users\Home\AppData\Roaming\EzPPc2md8ZhTX 2011-10-17 04:10:07 -------- d--h--w- C:\Users\Home\AppData\Roaming\LsVe95dTUvFGHW7 2011-10-17 04:10:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\Vam6sWWLhkySsky 2011-10-17 04:08:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\KYYYCwwkIVrONx0 2011-10-17 04:08:50 -------- d--h--w- C:\Users\Home\AppData\Roaming\O3ppnGG5aQH6WKf 2011-10-17 04:08:41 -------- d--h--w- C:\Users\Home\AppData\Roaming\eZqqjjYCwkIVlOt 2011-10-17 04:08:41 -------- d--h--w- C:\Users\Home\AppData\Roaming\aZZqqhYYCwUVrOB 2011-10-17 04:08:36 -------- d--h--w- C:\Users\Home\AppData\Roaming\EnnnG4TOtxP0cSi 2011-10-17 04:08:35 -------- d--h--w- C:\Users\Home\AppData\Roaming\xVFGKx50pG6XjY 2011-10-17 04:08:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\UhhhYXXwkUVeOBz 2011-10-17 04:08:22 -------- d--h--w- C:\Users\Home\AppData\Roaming\KtttxPP0ycS1vDo 2011-10-17 04:08:17 -------- d--h--w- C:\Users\Home\AppData\Roaming\P11iv3amHJ7E8Rq 2011-10-17 04:08:15 -------- d--h--w- C:\Users\Home\AppData\Roaming\Ln4aTaEYkgZJ8R3 2011-10-17 04:08:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\KRRZZ9hhTXwUC 2011-10-17 04:08:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\rlIIBBtzP 2011-10-17 04:08:00 -------- d--h--w- C:\Users\Home\AppData\Roaming\PttzzNypG5JEKR9 2011-10-17 04:06:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\tbQK7gjkIVrONxA 2011-10-17 04:05:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\OQdKgZhXjV 2011-10-17 04:04:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\iQQJJ6dWWKfRLhX 2011-10-17 04:03:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\ZzPdKTjBNy03n59 2011-10-17 04:03:50 -------- d--h--w- C:\Users\Home\AppData\Roaming\jffEEL8ggTqhYwU 2011-10-17 04:03:40 -------- d--h--w- C:\Users\Home\AppData\Roaming\JGWWJfLTwrBciDo 2011-10-17 04:03:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\ACzv6KTkS 2011-10-17 04:03:32 -------- d--h--w- C:\Users\Home\AppData\Roaming\VjjUUVeel 2011-10-17 04:03:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\PaaamHH5sWJdELg 2011-10-17 04:03:26 -------- d--h--w- C:\Users\Home\AppData\Roaming\P8CBS4JRZqYXwUe 2011-10-17 04:03:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\NhhXkPvdXymswBz 2011-10-17 04:03:17 -------- d--h--w- C:\Users\Home\AppData\Roaming\BD22mEVOBtzP0c1 2011-10-17 04:03:13 -------- d--h--w- C:\Users\Home\AppData\Roaming\iIIBtPcbdTPv2bW 2011-10-17 04:03:06 -------- d--h--w- C:\Users\Home\AppData\Roaming\wRRRZqqhYXwkV 2011-10-17 04:03:05 -------- d--h--w- C:\Users\Home\AppData\Roaming\affEEL9ggTqjYwk 2011-10-17 04:01:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\rUOcFdqziFpmHs8 2011-10-17 04:00:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\QOONxP0u1YPOnHZ 2011-10-17 04:00:48 -------- d--h--w- C:\Users\Home\AppData\Roaming\CzzOONyxx0uvSi 2011-10-17 04:00:47 -------- d--h--w- C:\Users\Home\AppData\Roaming\SQQJJ6ddEKfRZhT 2011-10-17 04:00:42 -------- d--h--w- C:\Users\Home\AppData\Roaming\pUUVVeBDo4m6dKf 2011-10-17 04:00:37 -------- d--h--w- C:\Users\Home\AppData\Roaming\JPPcSYevXuDbp5S 2011-10-17 04:00:29 -------- d--h--w- C:\Users\Home\AppData\Roaming\G555aQQH6dWKfR9 2011-10-17 04:00:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\UG55aaQJ6dWK8R9 2011-10-17 04:00:23 -------- d--h--w- C:\Users\Home\AppData\Roaming\HbFF3pRXqerONx 2011-10-17 04:00:18 -------- d--h--w- C:\Users\Home\AppData\Roaming\wYvDniQudf 2011-10-17 04:00:10 -------- d--h--w- C:\Users\Home\AppData\Roaming\T999gTTXqjYC 2011-10-17 04:00:09 -------- d--h--w- C:\Users\Home\AppData\Roaming\JRRLL9ggTXqYCkI 2011-10-17 04:00:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\sfRRLL9gTXq 2011-10-17 04:00:02 -------- d--h--w- C:\Users\Home\AppData\Roaming\jioGV0vDPcA12 2011-10-17 03:59:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\laaamHH5sWJ7E8Z 2011-10-17 03:59:51 -------- d--h--w- C:\Users\Home\AppData\Roaming\GE9ggTZZqjYwk 2011-10-17 03:59:44 -------- d--h--w- C:\Users\Home\AppData\Roaming\YmHh1O5sJ8UG2 2011-10-17 03:59:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\k1nWTOtxc5kUOcn 2011-10-17 03:59:30 -------- d--h--w- C:\Users\Home\AppData\Roaming\LQHH66dWK7fR9gX 2011-10-17 03:59:30 -------- d--h--w- C:\Users\Home\AppData\Roaming\E88ffRL9hTXqj 2011-10-17 03:59:25 -------- d--h--w- C:\Users\Home\AppData\Roaming\EwwjUNumJ6dW8fL 2011-10-17 03:59:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\j0yycAivDgezUeB 2011-10-17 03:59:14 -------- d--h--w- C:\Users\Home\AppData\Roaming\uZZq0cAo4mH5sJd 2011-10-17 03:59:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\WRwBhQQJOfcSiGg 2011-10-17 03:59:02 -------- d--h--w- C:\Users\Home\AppData\Roaming\xfffELL8gTZhYwk 2011-10-17 03:59:02 -------- d--h--w- C:\Users\Home\AppData\Roaming\C7ffEEL9gTZqYCk 2011-10-17 03:58:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\KCCeIipnGHK7f 2011-10-17 03:58:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\uKKZu6IvoGavAu6 2011-10-17 03:58:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\JLL88gTTZqhCwUV 2011-10-17 03:58:43 -------- d--h--w- C:\Users\Home\AppData\Roaming\aqjjYYCwkIVrl 2011-10-17 03:58:38 -------- d--h--w- C:\Users\Home\AppData\Roaming\ZVrr3GaHsW7fL9T 2011-10-17 03:58:36 -------- d--h--w- C:\Users\Home\AppData\Roaming\cPyA2FpmDP5a6lB 2011-10-17 03:58:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\V9ggTTZqjYCwIVl 2011-10-17 03:58:24 -------- d--h--w- C:\Users\Home\AppData\Roaming\TammHH5sWJ7dE8R 2011-10-17 03:58:19 -------- d--h--w- C:\Users\Home\AppData\Roaming\FcSS11ibD3n4 2011-10-17 03:58:17 -------- d--h--w- C:\Users\Home\AppData\Roaming\NQJJdWW8fR9XCOv 2011-10-17 03:58:07 -------- d--h--w- C:\Users\Home\AppData\Roaming\nEEEK88fRZ9TXjU 2011-10-17 03:58:04 -------- d--h--w- C:\Users\Home\AppData\Roaming\tTTTZqqhYCwkVrO 2011-10-17 03:56:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\NuuuvSS2ibF3nG 2011-10-17 03:55:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\UwOP0omHgXelzDo 2011-10-17 03:54:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\gRRLL9hhXzxS3Ga 2011-10-17 03:53:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\jFFF4JfZwIxoGW9 2011-10-17 03:53:52 -------- d--h--w- C:\Users\Home\AppData\Roaming\ThhhYXXwkUVlOtz 2011-10-17 03:53:50 -------- d--h--w- C:\Users\Home\AppData\Roaming\B11DsR9XjF8qrAd 2011-10-17 03:53:41 -------- d--h--w- C:\Users\Home\AppData\Roaming\GTTZZCIVrlNtx0c 2011-10-17 03:53:37 -------- d--h--w- C:\Users\Home\AppData\Roaming\H77fLqkrxcv4HWd 2011-10-17 03:53:31 -------- d--h--w- C:\Users\Home\AppData\Roaming\pIIIVrrzONtAuSi 2011-10-17 03:53:30 -------- d--h--w- C:\Users\Home\AppData\Roaming\vhhhTXXwjUCeIBz 2011-10-17 03:53:20 -------- d--h--w- C:\Users\Home\AppData\Roaming\OBBBrzzON02ib3n 2011-10-17 03:53:15 -------- d--h--w- C:\Users\Home\AppData\Roaming\URLL99hTXjU 2011-10-17 03:53:03 -------- d--h--w- C:\Users\Home\AppData\Roaming\zsJ77fEEL8CwkVl 2011-10-17 03:53:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\kzONx02bF3n 2011-10-17 03:52:53 -------- d--h--w- C:\Users\Home\AppData\Roaming\NOO0uSSbnGam6K 2011-10-17 03:52:48 -------- d--h--w- C:\Users\Home\AppData\Roaming\IYIIVVrlONtu 2011-10-17 03:52:34 -------- d--h--w- C:\Users\Home\AppData\Roaming\KDDD3oonF4am5sJ 2011-10-17 03:52:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\n4a6KfLgZjCkrOt 2011-10-17 03:52:19 -------- d--h--w- C:\Users\Home\AppData\Roaming\yJfLqCwkUO0 2011-10-17 03:52:17 -------- d--h--w- C:\Users\Home\AppData\Roaming\qTTXXqjUCekIOvn 2011-10-17 03:52:03 -------- d--h--w- C:\Users\Home\AppData\Roaming\CmGa68R9TqC 2011-10-17 03:52:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\mlBPyAiDoFm5Q7E 2011-10-17 03:50:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\HcAiDoFm5Q7 2011-10-17 03:49:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\kDD33pnnG4aKZI 2011-10-17 03:48:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\uSS33pnQdKf9TqC 2011-10-17 03:47:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\NyyycAA1ivD2nF 2011-10-17 03:46:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\Wuuc1b3Ga 2011-10-17 03:45:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\vJJJdE8XkUVeO 2011-10-17 03:44:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\ntxxxA0ucS2i 2011-10-17 03:43:56 -------- d--h--w- C:\Users\Home\AppData\Roaming\qpmmmG5aQJ6dW8R 2011-10-17 03:42:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\VtttxPP0ucS1 2011-10-17 03:41:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\kNyyccA1uvD 2011-10-17 03:40:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\DVVrrlOOBtP0ySi 2011-10-17 03:39:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\DAA00ucS2ibD3n4 2011-10-17 03:38:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\WeellIBBrzNyx1v 2011-10-17 03:37:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\pTZZqqhYCwkUVlB 2011-10-17 03:36:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\lQQHH6KLqerxcDG 2011-10-17 03:35:59 -------- d--h--w- C:\Users\Home\AppData\Roaming\tNcuDb4GQ6Kf9Tw 2011-10-17 03:34:58 -------- d--h--w- C:\Users\Home\AppData\Roaming\oSS22ibbD3pG4Q6 2011-10-17 03:33:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\IxxPP0cS1iDnaH6 2011-10-17 03:32:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\ZOONNtxxP0uS1bo 2011-10-17 03:31:57 -------- d--h--w- C:\Users\Home\AppData\Roaming\XkkkIBBrzONyA0v 2011-10-17 03:29:28 -------- d--h--w- C:\Users\Home\AppData\Roaming\hXwwkUUVrOBtP0c 2011-10-17 03:29:19 -------- d--h--w- C:\Users\Home\AppData\Roaming\WDD22onF4pH5 2011-10-17 03:29:18 -------- d--h--w- C:\Users\Home\AppData\Roaming\a77EL8gTZqhYw 2011-10-17 03:29:18 -------- d-----w- C:\Users\Home\AppData\Roaming\xllOOBtxyc1iD3n 2011-10-17 03:29:13 -------- d--h--w- C:\Users\Home\AppData\Roaming\RNtxP0ucSiD 2011-10-17 03:29:13 -------- d--h--w- C:\Users\Home\AppData\Roaming\b4amH6sWJE8TqYw 2011-10-17 03:29:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\PdWK7fRL9TqYeIr 2011-10-17 03:29:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\mrzONtxA0c2b3 2011-10-17 03:29:12 -------- d--h--w- C:\Users\Home\AppData\Roaming\kzONyxA0uSiFpGa 2011-10-17 03:29:11 -------- d--h--w- C:\Users\Home\AppData\Roaming\NTXqjUCekBz 2011-10-17 02:55:25 -------- d-----w- C:\Program Files (x86)\Common Files\Java(961) 2011-10-17 02:46:46 -------- d--h--w- C:\Users\Home\AppData\Roaming\tSS22obF3p 2011-10-17 02:46:33 -------- d--h--w- C:\Users\Home\AppData\Roaming\G99ggTZqjY 2011-10-17 02:46:30 -------- d-----w- C:\Users\Home\AppData\Roaming\AZqqhYYXwUVeOBz 2011-10-17 02:46:26 -------- d--h--w- C:\Users\Home\AppData\Roaming\tIBrzPNyx1 2011-10-17 02:44:17 -------- d--h--w- C:\Users\Home\AppData\Roaming\eFF44pmmG5s 2011-10-17 02:44:16 -------- d--h--w- C:\Users\Home\AppData\Roaming\zeellOBBtzPyc1i 2011-10-17 02:44:11 -------- d--h--w- C:\Users\Home\AppData\Roaming\XvDD33onF4am5 2011-10-17 02:43:19 -------- d--h--w- C:\Users\Home\AppData\Roaming\ess66EEK8RZ9TwU 2011-10-17 02:43:19 -------- d-----w- C:\Users\Home\AppData\Roaming\KeellIBrzPyxA 2011-10-17 01:51:01 -------- d--h--w- C:\Users\Home\AppData\Roaming\dkUrOx0c1DoFm5J 2011-10-17 01:51:01 -------- d-----w- C:\Users\Home\AppData\Roaming\dqXkeOt0c 2011-10-17 01:50:55 -------- d--h--w- C:\Users\Home\AppData\Roaming\VkkkUVVrlOBxP0c 2011-10-17 01:50:55 -------- d-----w- C:\Users\Home\AppData\Roaming\yIIIVrrlONtx0uS 2011-10-17 01:50:54 -------- d--h--w- C:\Users\Home\AppData\Roaming\bppnnG44aQHsW7f 2011-10-16 23:51:08 -------- d-sh--w- C:\Windows\System32\%APPDATA% 2011-10-16 23:47:57 -------- d-----we C:\Windows\system64 2011-10-14 23:50:25 -------- d-----w- C:\Program Files (x86)\Picaboo X . ==================== Find3M ==================== . 2011-11-10 03:43:30 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-30 23:25:35 1147904 ----a-w- C:\Windows\System32\wininet.dll 2011-09-30 23:21:20 56832 ----a-w- C:\Windows\System32\licmgr10.dll 2011-09-30 23:21:00 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl 2011-09-30 23:20:40 132096 ----a-w- C:\Windows\System32\iesysprep.dll 2011-09-30 23:20:39 77312 ----a-w- C:\Windows\System32\iesetup.dll 2011-09-30 23:06:24 916480 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-09-30 23:02:06 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2011-09-30 23:01:51 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2011-09-30 23:01:34 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll 2011-09-30 23:01:34 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2011-09-30 22:29:23 479232 ----a-w- C:\Windows\System32\html.iec 2011-09-30 22:07:25 385024 ----a-w- C:\Windows\SysWow64\html.iec 2011-09-30 21:48:19 162816 ----a-w- C:\Windows\System32\ieUnatt.exe 2011-09-30 21:47:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-09-30 21:29:54 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2011-09-30 21:28:36 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-09-30 00:54:44 1062984 ----a-w- C:\Users\Home\gotomypc_540.exe 2011-09-06 13:56:50 2764288 ----a-w- C:\Windows\System32\win32k.sys 2011-08-25 16:20:38 735744 ----a-w- C:\Windows\System32\UIAutomationCore.dll 2011-08-25 16:19:32 847360 ----a-w- C:\Windows\System32\oleaut32.dll 2011-08-25 16:19:32 332288 ----a-w- C:\Windows\System32\oleacc.dll 2011-08-25 16:15:04 555520 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll 2011-08-25 16:14:01 563712 ----a-w- C:\Windows\SysWow64\oleaut32.dll 2011-08-25 16:14:01 238080 ----a-w- C:\Windows\SysWow64\oleacc.dll 2011-08-25 13:54:14 4096 ----a-w- C:\Windows\System32\oleaccrc.dll 2011-08-25 13:31:01 4096 ----a-w- C:\Windows\SysWow64\oleaccrc.dll . ============= FINISH: 20:08:53.27 ===============
-
Sorry, didn't see the request for DDS. Should I run it and post the log?
-
So there were 87 items found during this scan. I removed all of them. I forgot to mention in my first post, but there are a couple of other things going on. I am having an issue with websites being redirected from google, and also my web browser opens by itself and goes to the same "redirect" site. And lastly, about half of the icons on my desktop are transparent, like they are hidden files. Heres the log from the scan: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8129 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19154 11/11/2011 8:09:18 PM mbam-log-2011-11-11 (20-09-18).txt Scan type: Quick scan Objects scanned: 173223 Time elapsed: 5 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 79 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ZYXwwkUVelOB8234A (Trojan.FakeAlert.CLGen) -> Value: ZYXwwkUVelOB8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aYXwwkUVelOBP8234A (Trojan.FakeAlert.CLGen) -> Value: aYXwwkUVelOBP8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QYXwwkUVelOBPy8234A (Trojan.FakeAlert.CLGen) -> Value: QYXwwkUVelOBPy8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gWJJ7fEL8gTZhC8234A (Trojan.FakeAlert.CLGen) -> Value: gWJJ7fEL8gTZhC8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lnm6WJ7fEL8TZhC8234A (Trojan.FakeAlert.CLGen) -> Value: lnm6WJ7fEL8TZhC8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DzNS2iibD3pG4Lr8234A (Trojan.FakeAlert.CLGen) -> Value: DzNS2iibD3pG4Lr8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bhZNeF23C1e8234A (Trojan.FakeAlert.CLGen) -> Value: bhZNeF23C1e8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bVmsWWfgxmr8234A (Trojan.FakeAlert.CLGen) -> Value: bVmsWWfgxmr8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FwjjUCCel8234A (Trojan.FakeAlert.CLGen) -> Value: FwjjUCCel8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KwjjUCCelIBzPNx8234A (Trojan.FakeAlert.CLGen) -> Value: KwjjUCCelIBzPNx8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bwjjUCCelIBzPyx8234A (Trojan.FakeAlert.CLGen) -> Value: bwjjUCCelIBzPyx8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Fl3PCsNeo8234A (Trojan.FakeAlert.CLGen) -> Value: Fl3PCsNeo8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\j3PCsNeoW98234A (Trojan.FakeAlert.CLGen) -> Value: j3PCsNeoW98234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\r1l3PCsNeoK98234A (Trojan.FakeAlert.CLGen) -> Value: r1l3PCsNeoK98234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1l3PCsNeoK98234A (Trojan.FakeAlert.CLGen) -> Value: l1l3PCsNeoK98234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\K3PCsNeoW9HCO8234A (Trojan.FakeAlert.CLGen) -> Value: K3PCsNeoW9HCO8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LlddiiVNtxAucS8234A (Trojan.FakeAlert.CLGen) -> Value: LlddiiVNtxAucS8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kl3PCsNeoK9HCOm8234A (Trojan.FakeAlert.CLGen) -> Value: Kl3PCsNeoK9HCOm8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bl3PCsNeoK9HCOm8234A (Trojan.FakeAlert.CLGen) -> Value: bl3PCsNeoK9HCOm8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ul3PCsNeoW9HCOm8234A (Trojan.FakeAlert.CLGen) -> Value: Ul3PCsNeoW9HCOm8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ye3PCsNeoW9HCOm8234A (Trojan.FakeAlert.CLGen) -> Value: ye3PCsNeoW9HCOm8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Wl3PCsNeoK9HCOm8234A (Trojan.FakeAlert.CLGen) -> Value: Wl3PCsNeoK9HCOm8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DbwjkXVOmSj7Pdj8234A (Trojan.FakeAlert.CLGen) -> Value: DbwjkXVOmSj7Pdj8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GFPxw8fVYX8234A (Trojan.FakeAlert.CLGen) -> Value: GFPxw8fVYX8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Nxw8fVYXwkUVeOt8234A (Trojan.FakeAlert.CLGen) -> Value: Nxw8fVYXwkUVeOt8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\G7trmJbVm68234A (Trojan.FakeAlert.CLGen) -> Value: G7trmJbVm68234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mtUmJbVm6sW7fL88234A (Trojan.FakeAlert.CLGen) -> Value: mtUmJbVm6sW7fL88234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WfffELL8gTZqYwU8234A (Trojan.FakeAlert.CLGen) -> Value: WfffELL8gTZqYwU8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cyyyeF5sJ7dE8234A (Trojan.FakeAlert.CLGen) -> Value: cyyyeF5sJ7dE8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HTTTZqqhYCw8234A (Trojan.FakeAlert.CLGen) -> Value: HTTTZqqhYCw8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uEoJTTZqhYCw8234A (Trojan.FakeAlert.CLGen) -> Value: uEoJTTZqhYCw8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uTTTZqqhYCwk8234A (Trojan.FakeAlert.CLGen) -> Value: uTTTZqqhYCwk8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SEoJTTZqhYCwU8234A (Trojan.FakeAlert.CLGen) -> Value: SEoJTTZqhYCwU8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dtcSS1ivD34mHsW8234A (Trojan.FakeAlert.CLGen) -> Value: dtcSS1ivD34mHsW8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Vl1ibD33on4HZCk8234A (Trojan.FakeAlert.CLGen) -> Value: Vl1ibD33on4HZCk8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ql1ibD33on4HZCk8234A (Trojan.FakeAlert.CLGen) -> Value: ql1ibD33on4HZCk8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\v1iibD3oon4HZCk8234A (Trojan.FakeAlert.CLGen) -> Value: v1iibD3oon4HZCk8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ohhhTXwwjUC8234A (Trojan.FakeAlert.CLGen) -> Value: ohhhTXwwjUC8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TktxxP0uu8234A (Trojan.FakeAlert.CLGen) -> Value: TktxxP0uu8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aktxxP0uuS8234A (Trojan.FakeAlert.CLGen) -> Value: aktxxP0uuS8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\owtxxP0uuS18234A (Trojan.FakeAlert.CLGen) -> Value: owtxxP0uuS18234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VtxxPP0ucS1iD3n8234A (Trojan.FakeAlert.CLGen) -> Value: VtxxPP0ucS1iD3n8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qiiivDD3o8234A (Trojan.FakeAlert.CLGen) -> Value: qiiivDD3o8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\P11iivD33nF4aHs8234A (Trojan.FakeAlert.CLGen) -> Value: P11iivD33nF4aHs8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\k1ivvD2nF4p8234A (Trojan.FakeAlert.CLGen) -> Value: k1ivvD2nF4p8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vJJ7dEKzeyxA18234A (Trojan.FakeAlert.CLGen) -> Value: vJJ7dEKzeyxA18234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QCLgZYCIVrltP0c8234A (Trojan.FakeAlert.CLGen) -> Value: QCLgZYCIVrltP0c8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FLgZYCIIVrltP0c8234A (Trojan.FakeAlert.CLGen) -> Value: FLgZYCIIVrltP0c8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Av7BPNyyx8234A (Trojan.FakeAlert.CLGen) -> Value: Av7BPNyyx8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\y334hhTwjUelBNv8234A (Trojan.FakeAlert.CLGen) -> Value: y334hhTwjUelBNv8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IrrOBttxPyc18234A (Trojan.FakeAlert.CLGen) -> Value: IrrOBttxPyc18234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Q17BPNyyxAuvSqe8234A (Trojan.FakeAlert.CLGen) -> Value: Q17BPNyyxAuvSqe8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xD7BPNyyxAuvSqe8234A (Trojan.FakeAlert.CLGen) -> Value: xD7BPNyyxAuvSqe8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\L7BPPyyxA1uSqeF8234A (Trojan.FakeAlert.CLGen) -> Value: L7BPPyyxA1uSqeF8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WNxxA00uS2b3p5Q8234A (Trojan.FakeAlert.CLGen) -> Value: WNxxA00uS2b3p5Q8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WWpn6KK7fRLgTXj8234A (Trojan.FakeAlert.CLGen) -> Value: WWpn6KK7fRLgTXj8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Wdpn6KK7fRLgTXj8234A (Trojan.FakeAlert.CLGen) -> Value: Wdpn6KK7fRLgTXj8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PGGG5zWfRL98234A (Trojan.FakeAlert.CLGen) -> Value: PGGG5zWfRL98234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qGGG5zWfRL9h8234A (Trojan.FakeAlert.CLGen) -> Value: qGGG5zWfRL9h8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Q2tGG5zWfRL9XqC8234A (Trojan.FakeAlert.CLGen) -> Value: Q2tGG5zWfRL9XqC8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gGG5zWffRLhXqUk8234A (Trojan.FakeAlert.CLGen) -> Value: gGG5zWffRLhXqUk8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KSbF3pm5QJ8234A (Trojan.FakeAlert.CLGen) -> Value: KSbF3pm5QJ8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NbFF3pmGQJdKLT8234A (Trojan.FakeAlert.CLGen) -> Value: NbFF3pmGQJdKLT8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UPbF3pmGQJdKLTq8234A (Trojan.FakeAlert.CLGen) -> Value: UPbF3pmGQJdKLTq8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UPbF3pm5QJdKLTq8234A (Trojan.FakeAlert.CLGen) -> Value: UPbF3pm5QJdKLTq8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kl044m5sQ7dK8zS8234A (Trojan.FakeAlert.CLGen) -> Value: kl044m5sQ7dK8zS8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\j044pm5sQ7dK8zS8234A (Trojan.FakeAlert.CLGen) -> Value: j044pm5sQ7dK8zS8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FS22FnGa6dWK8234A (Trojan.FakeAlert.CLGen) -> Value: FS22FnGa6dWK8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RnnG5a6ddK7fL98234A (Trojan.FakeAlert.CLGen) -> Value: RnnG5a6ddK7fL98234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aZ22onnF4pHQ7E88234A (Trojan.FakeAlert.CLGen) -> Value: aZ22onnF4pHQ7E88234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qJn4pmH5sQJ78234A (Trojan.FakeAlert.CLGen) -> Value: qJn4pmH5sQJ78234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\F9hhYXwUe8234A (Trojan.FakeAlert.CLGen) -> Value: F9hhYXwUe8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a89hhXwUelBzN138234A (Trojan.FakeAlert.CLGen) -> Value: a89hhXwUelBzN138234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OjIxi7WdqV8234A (Trojan.FakeAlert.CLGen) -> Value: OjIxi7WdqV8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NjIxi7WdqVt8234A (Trojan.FakeAlert.CLGen) -> Value: NjIxi7WdqVt8234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\H23Yzu35dqVtF238234A (Trojan.FakeAlert.CLGen) -> Value: H23Yzu35dqVtF238234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SjIxi7WdqVtF2358234A (Trojan.FakeAlert.CLGen) -> Value: SjIxi7WdqVtF2358234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DjIxi7WdqVtF2358234A (Trojan.FakeAlert.CLGen) -> Value: DjIxi7WdqVtF2358234A -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PddqkBN2FGJ8Xt8234A (Trojan.FakeAlert.CLGen) -> Value: PddqkBN2FGJ8Xt8234A -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\Home\AppData\Local\Temp\wpbt0.dll (Exploit.Drop) -> Quarantined and deleted successfully. c:\Users\Home\AppData\Local\Temp\0.28225748762686875.exe (Exploit.Drop.2) -> Quarantined and deleted successfully. c:\Users\Home\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\winupd.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
-
Hi, I have been having issues with malware and search engine redirecting. "Cloud Protection" and "Privacy Protection" had both infected my computer but I have been able to get both of them removed. The windows firewall is disabled and is unable to restart. I have ran malware bytes and removed quite a few problems. Windows firewall will not start. It's ability to run depends on the base filtering engine, which is working properly and running, and the "windows firewall authorization driver". In device manager, after showing hidden objects, the "windows firewall authorization driver" has a yellow exclamation point next to it, and when opened, it states "This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)". Any help with this issue would be greatly appreciated.