Jump to content

ping.exe, svchost.exe, iexplore.exe, forced proxy and site spams


Tsiphon
 Share

Recommended Posts

Here's the MBAM quickscan report.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8156

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.19088

11/13/2011 5:03:44 PM

mbam-log-2011-11-13 (17-03-44).txt

Scan type: Quick scan

Objects scanned: 206235

Time elapsed: 2 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Replies 57
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

Hi,

Please download mbrfix.exe from here.

Scroll down to locate mbrfix.exe and in the lower right corner of the tool info, you'll see the Download link. It's important that you save it directly to the C:\ drive and extract it to that same location.

Double click the mbrfix folder and drag the mbrfix.exe out of that folder so it's location is C:\mbrfix.exe

Click start->in search box type cmd.exe, right click cmd.exe and select run as administrator.

If all went well you should have black window with Administrator: Command Prompt title open.

At the prompt, type in the following and press Enter:

cd /d c:\

( Note - there is a space between cd and /d and another space between /d and c:\ )

You should now be at the C:\> prompt.

Type in the following and press Enter:

MbrFix_/drive_0_savembr_MBRNormalmode

(Note - I've placed underscores where spaces should be. Do not type in the underscore, just hit the space bar. Also, the 0 you see in the command, is the numeral 0.)

Next, type exit and press Enter.

--

Next, restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.

At the prompt, type in the following and press Enter:

cd /d c:\

( Note - there is a space between cd and /d and another space between /d and c:\ )

You should now be at the C:\> prompt.

Type in the following and press Enter:

MbrFix_/drive_0_savembr_MBRREmode

(Again, note - I've placed underscores where spaces should be. Do not type in the underscore, just hit the space bar. Also, the 0 you see in the command, is the numeral 0.)

Next, type exit and press Enter and restart the machine.

Navigate to C:\MBRNormalmode file. Right click it to zip it up, and please attach it to your next post. Repeat with C:\MBRREmode file.

Link to post
Share on other sites

My options under Advanced Boot Options are as follows:

Safe Mode

Safe Mode with Networking

Safe Mode with Command Prompt

Enable Boot Logging

Enable low-resolution video (640x480)

Last Known Good Configuration (advanced)

Directory Services Restore Mode

Debugging Mode

Disable automatic restart on system failure

Disable Driver Signature Enforcement

Start Windows Normally

In other words, there is no "Repair your computer"

I'll retry and post if I obtain different results.

Link to post
Share on other sites

Good. Place the DVD in and reboot. Press enter when you see "Press any key to boot from CD or DVD.." message.

Set the preferences (keyboard layout etc) and press next. Select "repair your computer" option on the next screen. In System Recovery Options dialog highlight your Vista installation and click next. Select Command Prompt and continue from there.

Link to post
Share on other sites

I did everything, the only difference is under the Vista repair it wouldn't recognize MbrFix, but it did recognize MbrFix64. I put both in the C: location in case it didn't work with the normal one. If need be I can go back and do everything from MbrFix and see if it works a second time, just lemme know if the generation of the log from MbrFix versus MbrFix64 is important.

Results are attached.

MBRNormalmode.zip

MBRREmode.zip

Link to post
Share on other sites

Hi,

Those MBR exports didn't seem to be infected. Do you have IIS component of Windows enabled (go to programs in windows control panel and turn windows features on or off and see if Internet Information Services checkbox has something in it)?

Also, see if you're able to run aswMBR if you uncheck I/O devices option first.

Link to post
Share on other sites

The IIS has a filled in square. FTP Publishing service isn't checked at all, and Web Management Tools has a square, and World Wide Web Services has a square. Under Web Management, IIS Management Console is the only box ticked off. Under World Wide Web Services, Performance Features has a tick, and all other options have filled in squares. I can go into further detail if need be.

aswMBR won't run with or without the "Trace Disk IO calls" option ticked. I assume you want "Scan" and not "Fix MBR".

Link to post
Share on other sites

Hi,

If system isn't used for web developing or site hosting I recommend to disable IIS component.

Let's reinstall Firefox:

1. Uninstall removing user data too.

2. Delete these folders if still exist:

C:\Program Files (x86)\Mozilla Firefox

c:\users\Tsiphon\AppData\Roaming\Mozilla\Firefox

3. Reinstall Firefox.

Post fresh dds logs. Also, please post log from MiniToolBox having network cable plugged in (seems that log didn't get attached earlier).

Link to post
Share on other sites

Hi,

Is there a way to back up my profile, like my add-on's and bookmarks, or is that what we are wanting to delete?

Instructions for bookmark backuping here. Add-ons must be reinstalled afterwards.

And you recommend I completely uncheck the top IIS folder?

Yes, unless you're using IIS for those things I mentioned in previous post.

Link to post
Share on other sites

Uninstalled, deleted, then reinstalled. I also unchecked IIS.

DDS as follows,

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_29

Run by Tsiphon at 17:21:24 on 2011-11-16

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.4094.1784 [GMT -6:00]

.

AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\system32\mqsvc.exe

C:\Windows\SysWoW64\svchost.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Windows\system32\svchost.exe -k iissvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Windows\RAVCpl64.exe

C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe

C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\SysWOW64\conime.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe

mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

dRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15103/CTPID.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{B2707B3A-F1B2-4360-8B02-F14850833270} : DhcpNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~2\mzvkbd3.dll C:\Windows\SysWOW64\guard32.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll

BHO-X64: IEVkbdBHO - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll

BHO-X64: link filter bho - No File

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe

mRun-x64: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe

mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~2\mzvkbd3.dll C:\Windows\SysWOW64\guard32.dll

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Tsiphon\AppData\Roaming\Mozilla\Firefox\Profiles\i4gr5jr6.default\

.

============= SERVICES / DRIVERS ===============

.

R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\system32\Drivers\BtHidBus.sys --> C:\Windows\system32\Drivers\BtHidBus.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]

R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-26 366152]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-5-4 1153368]

R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2008-6-24 605464]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]

R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-5-25 5790064]

R3 btnetBUs;Bluetooth PAN Bus Service;C:\Windows\system32\Drivers\btnetBus.sys --> C:\Windows\system32\Drivers\btnetBus.sys [?]

R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

R3 IvtBtBUs;IVT Bluetooth Bus Service;C:\Windows\system32\Drivers\IvtBtBus.sys --> C:\Windows\system32\Drivers\IvtBtBus.sys [?]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\system32\DRIVERS\vcsvad.sys --> C:\Windows\system32\DRIVERS\vcsvad.sys [?]

S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [2010-7-1 352976]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-27 135664]

S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-8-6 79360]

S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-27 135664]

S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\B85.tmp --> C:\Windows\system32\B85.tmp [?]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-7-22 19968]

S3 PSSDK42;PSSDK42;\??\C:\Windows\system32\Drivers\pssdk42.sys --> C:\Windows\system32\Drivers\pssdk42.sys [?]

S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.09\RivaTuner64.sys [2008-4-28 19952]

S3 scramby_out;Scramby Output;C:\Windows\system32\drivers\scramby_out.sys --> C:\Windows\system32\drivers\scramby_out.sys [?]

S3 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-5-25 487280]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 BsMobileCS;BsMobileCS;C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2010-3-9 143467]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-3-24 93184]

S4 MSSQL$SOLARWINDS_ORION;SQL Server (SOLARWINDS_ORION); [x]

S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]

S4 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2011-11-16 23:04:50 -------- d-----w- C:\Program Files (x86)\VS Revo Group

2011-11-16 00:22:01 -------- d--h--w- C:\ProgramData\Common Files

2011-11-16 00:20:00 -------- d-----w- C:\ProgramData\MFAData

2011-11-11 23:32:19 -------- d-sh--w- C:\$RECYCLE.BIN

2011-11-11 21:11:18 -------- d-----w- C:\ComboFix

2011-11-08 20:09:20 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-08 19:57:55 -------- d-----w- C:\Users\Tsiphon\AppData\Local\Solid State Networks

2011-11-06 19:03:56 98816 ----a-w- C:\Windows\sed.exe

2011-11-06 19:03:56 518144 ----a-w- C:\Windows\SWREG.exe

2011-11-06 19:03:56 256000 ----a-w- C:\Windows\PEV.exe

2011-11-06 19:03:56 208896 ----a-w- C:\Windows\MBR.exe

2011-11-02 23:46:30 6144 ------w- C:\Windows\System32\B85.tmp

2011-11-02 23:40:23 6144 ------w- C:\Windows\System32\7213.tmp

2011-11-02 23:30:25 6144 ------w- C:\Windows\System32\5060.tmp

2011-11-02 23:22:41 6144 ------w- C:\Windows\System32\1AC0.tmp

2011-11-02 23:16:36 6144 ------w- C:\Windows\System32\88FD.tmp

2011-11-02 23:11:45 6144 ------w- C:\Windows\System32\1821.tmp

2011-11-02 23:11:14 -------- d-----w- C:\Program Files (x86)\Sophos

2011-11-01 18:56:45 388096 ----a-r- C:\Users\Tsiphon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-10-31 07:06:56 0 ----a-w- C:\Windows\SysWow64\drivers\SET88DE.tmp

2011-10-31 07:06:45 0 ----a-w- C:\Windows\SysWow64\drivers\SET5C67.tmp

2011-10-31 07:06:44 0 ----a-w- C:\Windows\SysWow64\drivers\SET5AA1.tmp

2011-10-31 07:06:44 0 ----a-w- C:\Windows\SysWow64\drivers\SET584F.tmp

2011-10-31 07:06:23 0 ----a-w- C:\Windows\SysWow64\drivers\SET771.tmp

2011-10-31 07:06:22 0 ----a-w- C:\Windows\SysWow64\drivers\SET4E1.tmp

2011-10-31 07:06:07 309320 ----a-w- C:\Windows\SysWow64\drivers\TrufosAlt.sys

2011-10-31 07:06:07 0 ----a-w- C:\Windows\SysWow64\drivers\SETC86D.tmp

2011-10-31 07:05:21 0 ----a-w- C:\Windows\SysWow64\drivers\SET1747.tmp

2011-10-31 07:04:26 0 ----a-w- C:\Windows\SysWow64\drivers\SET3E2B.tmp

2011-10-31 07:04:25 0 ----a-w- C:\Windows\SysWow64\drivers\SET3C94.tmp

2011-10-31 07:04:25 0 ----a-w- C:\Windows\SysWow64\drivers\SET39E5.tmp

2011-10-31 07:04:23 0 ----a-w- C:\Windows\SysWow64\drivers\SET334F.tmp

2011-10-31 07:04:00 0 ----a-w- C:\Windows\SysWow64\drivers\SETDA09.tmp

2011-10-31 07:03:22 0 ----a-w- C:\Windows\SysWow64\drivers\SET432B.tmp

2011-10-31 07:03:21 0 ----a-w- C:\Windows\SysWow64\drivers\SET400F.tmp

2011-10-31 07:02:46 0 ----a-w- C:\Windows\SysWow64\drivers\SETB971.tmp

2011-10-31 07:02:46 0 ----a-w- C:\Windows\SysWow64\drivers\SETB6A2.tmp

2011-10-31 07:02:44 0 ----a-w- C:\Windows\SysWow64\drivers\SETAFBE.tmp

2011-10-31 06:58:23 0 ----a-w- C:\Windows\SysWow64\drivers\SETB450.tmp

2011-10-31 04:21:13 -------- d-----w- C:\Users\Tsiphon\AppData\Roaming\WinPatrol

2011-10-31 04:21:03 -------- d-----w- C:\ProgramData\InstallMate

2011-10-31 04:21:03 -------- d-----w- C:\Program Files (x86)\BillP Studios

2011-10-31 04:18:21 -------- d-----w- C:\ProgramData\Comodo

2011-10-31 04:18:17 -------- d-----w- C:\Program Files\COMODO

2011-10-31 04:17:25 -------- d-----w- C:\ProgramData\Comodo Downloader

2011-10-28 22:54:51 -------- d-----w- C:\Program Files (x86)\Eusing Free Registry Cleaner

2011-10-26 21:59:25 -------- d-----w- C:\Users\Tsiphon\AppData\Roaming\Malwarebytes

2011-10-26 21:59:20 -------- d-----w- C:\ProgramData\Malwarebytes

2011-10-26 21:59:16 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-10-26 21:59:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-10-26 21:56:52 -------- d-----w- C:\Users\Tsiphon\AppData\Roaming\WTablet

2011-10-21 14:14:24 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FDC2EED1-71B5-48C1-ADD4-7D759D933147}\mpengine.dll

.

==================== Find3M ====================

.

2011-11-08 20:10:35 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-10-07 23:47:50 42224 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys

2011-10-07 23:47:48 574216 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys

2011-10-07 23:47:48 16528 ----a-w- C:\Windows\System32\drivers\cmderd.sys

2011-10-07 23:47:14 41200 ----a-w- C:\Windows\System32\cmdcsr.dll

2011-10-07 23:47:12 300200 ----a-w- C:\Windows\SysWow64\guard32.dll

2011-10-07 23:47:10 388280 ----a-w- C:\Windows\System32\guard64.dll

2011-08-31 04:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe

2011-08-31 04:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll

2011-08-31 04:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2011-08-31 04:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll

.

============= FINISH: 17:23:22.82 ===============

Attach.txt

Link to post
Share on other sites

MiniToolBox with cable plugged in:

MiniToolBox by Farbar

Ran by Tsiphon (administrator) on 16-11-2011 at 17:17:59

Windows Vista Ultimate Service Pack 1 (X64)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.

No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

reset

set global

popd

# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Tsiphon-PC

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) #2

Physical Address. . . . . . . . . : 00-1D-7D-0B-F9-00

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::44e9:94b0:3723:3f4d%9(Preferred)

IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : Wednesday, November 16, 2011 5:11:49 PM

Lease Expires . . . . . . . . . . : Thursday, November 17, 2011 5:11:49 PM

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)

Physical Address. . . . . . . . . : 00-1D-7D-0B-F8-E1

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : isatap.{09CF76A3-2DCA-454D-89DF-76F42DD0BA58}

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 02-00-54-55-4E-01

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : 6TO4 Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 19:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : isatap.{B2707B3A-F1B2-4360-8B02-F14850833270}

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 22:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : 6TO4 Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Server: Tsiphon

Address: 192.168.1.1

Name: google.com

Addresses: 173.194.64.104

173.194.64.105

173.194.64.106

173.194.64.103

173.194.64.147

173.194.64.99

Pinging google.com [173.194.64.99] with 32 bytes of data:

Reply from 173.194.64.99: bytes=32 time=18ms TTL=47

Reply from 173.194.64.99: bytes=32 time=17ms TTL=47

Ping statistics for 173.194.64.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 17ms, Maximum = 18ms, Average = 17ms

Server: Tsiphon

Address: 192.168.1.1

Name: yahoo.com

Addresses: 72.30.2.43

209.191.122.70

98.139.180.149

98.137.149.56

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=13ms TTL=54

Reply from 209.191.122.70: bytes=32 time=12ms TTL=54

Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 12ms, Maximum = 13ms, Average = 12ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=1ms TTL=128

Reply from 127.0.0.1: bytes=32 time=1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 1ms, Maximum = 1ms, Average = 1ms

===========================================================================

Interface List

9 ...00 1d 7d 0b f9 00 ...... Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) #2

8 ...00 1d 7d 0b f8 e1 ...... Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)

1 ........................... Software Loopback Interface 1

31 ...00 00 00 00 00 00 00 e0 isatap.{09CF76A3-2DCA-454D-89DF-76F42DD0BA58}

10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface

20 ...00 00 00 00 00 00 00 e0 6TO4 Adapter

32 ...00 00 00 00 00 00 00 e0 isatap.{B2707B3A-F1B2-4360-8B02-F14850833270}

33 ...00 00 00 00 00 00 00 e0 6TO4 Adapter

===========================================================================

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 20

127.0.0.0 255.0.0.0 On-link 127.0.0.1 306

127.0.0.1 255.255.255.255 On-link 127.0.0.1 306

127.255.255.255 255.255.255.255 On-link 127.0.0.1 306

192.168.1.0 255.255.255.0 On-link 192.168.1.102 276

192.168.1.102 255.255.255.255 On-link 192.168.1.102 276

192.168.1.255 255.255.255.255 On-link 192.168.1.102 276

224.0.0.0 240.0.0.0 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 192.168.1.102 276

255.255.255.255 255.255.255.255 On-link 127.0.0.1 306

255.255.255.255 255.255.255.255 On-link 192.168.1.102 276

===========================================================================

Persistent Routes:

None

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination Gateway

1 306 ::1/128 On-link

9 276 fe80::/64 On-link

9 276 fe80::44e9:94b0:3723:3f4d/128

On-link

1 306 ff00::/8 On-link

9 276 ff00::/8 On-link

===========================================================================

Persistent Routes:

None

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)

Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)

Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)

Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)

Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [34304] (Microsoft Corporation)

Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)

Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)

x64-Catalog5 01 mswsock.dll [File Not found] ()

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)

x64-Catalog5 05 mswsock.dll [File Not found] ()

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)

x64-Catalog5 07 C:\Windows\System32\wshbth.dll [42496] (Microsoft Corporation)

x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)

x64-Catalog9 01 mswsock.dll [File Not found] ()

x64-Catalog9 02 mswsock.dll [File Not found] ()

x64-Catalog9 03 mswsock.dll [File Not found] ()

x64-Catalog9 04 mswsock.dll [File Not found] ()

x64-Catalog9 05 mswsock.dll [File Not found] ()

x64-Catalog9 06 mswsock.dll [File Not found] ()

x64-Catalog9 07 mswsock.dll [File Not found] ()

x64-Catalog9 08 mswsock.dll [File Not found] ()

x64-Catalog9 09 mswsock.dll [File Not found] ()

x64-Catalog9 10 mswsock.dll [File Not found] ()

x64-Catalog9 11 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:

==================

Error: (11/16/2011 04:41:08 PM) (Source: MSMQ) (User: )

Description: Message Queuing failed to bind to port 1801. The port may already be bound to another process. Make sure that the port is free and try to start Message Queuing again. If this problem arises during setup, you must free the port and run setup again.

Error: (11/16/2011 04:41:08 PM) (Source: MSMQ) (User: )

Description: Message Queuing failed to bind to port 1801. The port may already be bound to another process. Make sure that the port is free and try to start Message Queuing again. If this problem arises during setup, you must free the port and run setup again.

Error: (11/15/2011 10:58:44 PM) (Source: MSMQ) (User: )

Description: Message Queuing failed to bind to port 1801. The port may already be bound to another process. Make sure that the port is free and try to start Message Queuing again. If this problem arises during setup, you must free the port and run setup again.

Error: (11/15/2011 10:58:44 PM) (Source: MSMQ) (User: )

Description: Message Queuing failed to bind to port 1801. The port may already be bound to another process. Make sure that the port is free and try to start Message Queuing again. If this problem arises during setup, you must free the port and run setup again.

Error: (11/15/2011 06:48:22 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 490467

Error: (11/15/2011 06:48:22 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 490467

Error: (11/15/2011 06:48:22 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/15/2011 06:40:21 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 9048

Error: (11/15/2011 06:40:21 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 9048

Error: (11/15/2011 06:40:21 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

System errors:

=============

Error: (11/16/2011 05:03:02 PM) (Source: APPHOSTSVC) (User: )

Description: The Application Host Helper Service has detected that administration.config file doesn't contain valid configuration. Config history backup feature has been disabled. It will be re-enabled automatically once the configuration file is fixed.

Microsoft Office Sessions:

=========================

Error: (11/09/2009 08:12:16 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/12/2009 02:03:08 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/04/2009 02:09:17 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/04/2009 02:05:55 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 160 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/04/2009 02:03:09 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 117 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/04/2009 01:10:53 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/15/2009 01:45:32 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

========================= Memory info: ===================================

Percentage of memory in use: 56%

Total physical RAM: 4093.58 MB

Available physical RAM: 1793.41 MB

Total Pagefile: 8374.26 MB

Available Pagefile: 6061.23 MB

Total Virtual: 4095.88 MB

Available Virtual: 3998.5 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:465.76 GB) (Free:32.32 GB) NTFS

3 Drive d: (PRESARIO) (Fixed) (Total:149.05 GB) (Free:0.87 GB) NTFS

5 Drive f: (Second Disk) (Fixed) (Total:465.76 GB) (Free:2.19 GB) NTFS

6 Drive h: (JEROD DRIVE) (Removable) (Total:3.73 GB) (Free:1.38 GB) FAT32

========================= Users: ========================================

User accounts for \\TSIPHON-PC

Administrator Guest Mcx1

Tsiphon

**** End of log ****

Link to post
Share on other sites

Updated Combo log follows. My computer still reports svchost and iexplorer pings to malicious sites, and i notice mbam sometimes says my laptop does as well, but it's only rarely on firefox and azureus (torrents), and I checked the sites they are pinging from process explorer and those are legitimate sites. I don't think that is the case with my desktop.

I also ran MBAM on quick scan and it finally found some threats. I'll post those in a separate reply. Also attached to this reply is 3 screenshots of my process explorer mess.

ComboFix 11-11-18.02 - Tsiphon 11/18/2011 16:36:57.7.4 - x64

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.4094.2209 [GMT -6:00]

Running from: c:\users\Tsiphon\Desktop\ComboFix.exe

FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-10-18 to 2011-11-18 )))))))))))))))))))))))))))))))

.

.

2011-11-18 22:52 . 2011-11-18 22:52 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2011-11-18 22:52 . 2011-11-18 22:52 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

2011-11-18 22:52 . 2011-11-18 22:52 -------- d-----w- c:\users\Guest\AppData\Local\temp

2011-11-18 22:52 . 2011-11-18 22:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-16 23:04 . 2011-11-16 23:04 -------- d-----w- c:\program files (x86)\VS Revo Group

2011-11-16 00:22 . 2011-11-16 00:22 -------- d--h--w- c:\programdata\Common Files

2011-11-16 00:20 . 2011-11-16 00:22 -------- d-----w- c:\programdata\MFAData

2011-11-08 20:10 . 2011-11-08 20:10 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-11-08 20:09 . 2011-11-08 20:09 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-08 19:57 . 2011-11-08 20:06 -------- d-----w- c:\users\Tsiphon\AppData\Local\Solid State Networks

2011-11-08 03:40 . 2011-11-08 03:40 -------- d-----w- c:\windows\system32\Macromed

2011-11-02 23:46 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\B85.tmp

2011-11-02 23:40 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\7213.tmp

2011-11-02 23:30 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\5060.tmp

2011-11-02 23:22 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\1AC0.tmp

2011-11-02 23:16 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\88FD.tmp

2011-11-02 23:11 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\1821.tmp

2011-11-02 23:11 . 2011-11-02 23:11 -------- d-----w- c:\program files (x86)\Sophos

2011-11-01 18:56 . 2011-11-01 18:56 388096 ----a-r- c:\users\Tsiphon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-10-31 07:06 . 2011-10-31 07:06 0 ----a-w- c:\windows\SysWow64\drivers\SET88DE.tmp

2011-10-31 07:06 . 2011-10-31 07:06 0 ----a-w- c:\windows\SysWow64\drivers\SET5C67.tmp

2011-10-31 07:06 . 2011-10-31 07:06 0 ----a-w- c:\windows\SysWow64\drivers\SET5AA1.tmp

2011-10-31 07:06 . 2011-10-31 07:06 0 ----a-w- c:\windows\SysWow64\drivers\SET584F.tmp

2011-10-31 07:06 . 2011-10-31 07:06 0 ----a-w- c:\windows\SysWow64\drivers\SET771.tmp

2011-10-31 07:06 . 2011-10-31 07:06 0 ----a-w- c:\windows\SysWow64\drivers\SET4E1.tmp

2011-10-31 07:06 . 2011-10-31 07:07 309320 ----a-w- c:\windows\SysWow64\drivers\TrufosAlt.sys

2011-10-31 07:06 . 2011-10-31 07:06 0 ----a-w- c:\windows\SysWow64\drivers\SETC86D.tmp

2011-10-31 07:05 . 2011-10-31 07:05 0 ----a-w- c:\windows\SysWow64\drivers\SET1747.tmp

2011-10-31 07:04 . 2011-10-31 07:04 0 ----a-w- c:\windows\SysWow64\drivers\SET3E2B.tmp

2011-10-31 07:04 . 2011-10-31 07:04 0 ----a-w- c:\windows\SysWow64\drivers\SET3C94.tmp

2011-10-31 07:04 . 2011-10-31 07:04 0 ----a-w- c:\windows\SysWow64\drivers\SET39E5.tmp

2011-10-31 07:04 . 2011-10-31 07:04 0 ----a-w- c:\windows\SysWow64\drivers\SET334F.tmp

2011-10-31 07:04 . 2011-10-31 07:04 0 ----a-w- c:\windows\SysWow64\drivers\SETDA09.tmp

2011-10-31 07:03 . 2011-10-31 07:03 0 ----a-w- c:\windows\SysWow64\drivers\SET432B.tmp

2011-10-31 07:03 . 2011-10-31 07:03 0 ----a-w- c:\windows\SysWow64\drivers\SET400F.tmp

2011-10-31 07:02 . 2011-10-31 07:02 0 ----a-w- c:\windows\SysWow64\drivers\SETB971.tmp

2011-10-31 07:02 . 2011-10-31 07:02 0 ----a-w- c:\windows\SysWow64\drivers\SETB6A2.tmp

2011-10-31 07:02 . 2011-10-31 07:02 0 ----a-w- c:\windows\SysWow64\drivers\SETAFBE.tmp

2011-10-31 06:58 . 2011-10-31 06:58 0 ----a-w- c:\windows\SysWow64\drivers\SETB450.tmp

2011-10-31 04:21 . 2011-10-31 04:21 -------- d-----w- c:\users\Tsiphon\AppData\Roaming\WinPatrol

2011-10-31 04:21 . 2011-10-31 04:21 -------- d-----w- c:\programdata\InstallMate

2011-10-31 04:21 . 2011-10-31 04:21 -------- d-----w- c:\program files (x86)\BillP Studios

2011-10-31 04:18 . 2011-11-02 08:48 -------- d-----w- c:\programdata\Comodo

2011-10-31 04:18 . 2011-10-31 04:18 -------- d-----w- c:\program files\COMODO

2011-10-31 04:17 . 2011-10-31 04:18 -------- d-----w- c:\programdata\Comodo Downloader

2011-10-29 08:24 . 2011-10-29 10:15 -------- d-----w- c:\users\Tsiphon\AppData\Roaming\Winamp

2011-10-28 22:54 . 2011-10-28 23:09 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner

2011-10-26 21:59 . 2011-10-26 21:59 -------- d-----w- c:\users\Tsiphon\AppData\Roaming\Malwarebytes

2011-10-26 21:59 . 2011-10-26 21:59 -------- d-----w- c:\programdata\Malwarebytes

2011-10-26 21:59 . 2011-10-27 02:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-10-26 21:59 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-26 21:56 . 2011-10-26 21:56 -------- d-----w- c:\users\Tsiphon\AppData\Roaming\WTablet

2011-10-21 14:14 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FDC2EED1-71B5-48C1-ADD4-7D759D933147}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-08 20:10 . 2010-04-30 21:21 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-10-07 23:47 . 2011-10-07 23:47 93200 ----a-w- c:\windows\system32\drivers\inspect.sys

2011-10-07 23:47 . 2011-10-07 23:47 42224 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-10-07 23:47 . 2011-10-07 23:47 574216 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-10-07 23:47 . 2011-10-07 23:47 16528 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-10-07 23:47 . 2011-10-07 23:47 41200 ----a-w- c:\windows\system32\cmdcsr.dll

2011-10-07 23:47 . 2011-10-07 23:47 300200 ----a-w- c:\windows\SysWow64\guard32.dll

2011-10-07 23:47 . 2011-10-07 23:47 388280 ----a-w- c:\windows\system32\guard64.dll

2011-08-31 04:05 . 2011-08-31 04:05 96104 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 04:05 . 2011-08-31 04:05 85864 ----a-w- c:\windows\system32\dnssd.dll

2011-08-31 04:05 . 2011-08-31 04:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-08-31 04:05 . 2011-08-31 04:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2008-07-19 . 437C1C0CB2A42EA20083F21E9CAEF461 . 646656 . . [6.0.6000.20537] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_32359eb27623cc22\user32.dll

[7] 2008-07-19 . 296BA70E2A302E639CBD9E2A32DC65C4 . 646656 . . [6.0.6000.16438] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_31ad02315d0545af\user32.dll

[-] 2008-01-19 . BC8872C0B1B4599D60857B9E6BB66E44 . 672256 . . [6.0.6001.18000] .. c:\windows\SysWOW64\user32.dll

[7] 2008-01-19 . 3D691030DBD3BD75DE1501BE54F0D425 . 648192 . . [6.0.6001.18000] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll

[7] 2006-11-02 . 00B53DCA0408CCD8F6BAF13994F6E3A0 . 646656 . . [6.0.6000.16386] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_3174f01b5d2fa18f\user32.dll

.

((((((((((((((((((((((((((((( SnapShot_2011-11-09_07.10.30 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-05-15 06:45 . 2011-11-02 22:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-05-15 06:45 . 2011-11-11 20:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2011-11-03 21:11 . 2011-11-17 22:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat

- 2011-11-03 21:11 . 2011-11-03 21:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat

+ 2011-11-03 21:11 . 2011-11-17 22:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat

- 2011-11-03 21:11 . 2011-11-03 21:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat

+ 2011-11-03 21:11 . 2011-11-17 22:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat

- 2011-11-03 21:11 . 2011-11-03 21:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat

+ 2010-09-28 04:48 . 2011-11-11 20:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat

- 2010-09-28 04:48 . 2011-11-02 22:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat

+ 2008-07-19 07:24 . 2011-11-18 22:25 30946 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4111605854-636613554-1496609690-1000_UserData.bin

- 2011-06-10 04:10 . 2011-11-08 20:04 62078 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat

+ 2011-06-10 04:10 . 2011-11-18 22:21 62078 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat

+ 2008-07-19 06:58 . 2011-11-18 22:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-07-19 06:58 . 2011-11-09 00:49 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-07-19 06:58 . 2011-11-09 00:49 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-07-19 06:58 . 2011-11-18 22:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-07-19 06:58 . 2011-11-09 00:49 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-07-19 06:58 . 2011-11-18 22:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-05-20 06:17 . 2011-11-08 20:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-05-20 06:17 . 2011-11-18 22:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-05-20 06:17 . 2011-11-18 22:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-05-20 06:17 . 2011-11-08 20:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2006-11-02 12:40 . 2011-10-31 04:20 86016 c:\windows\inf\infpub.dat

+ 2006-11-02 12:40 . 2011-11-17 23:53 86016 c:\windows\inf\infpub.dat

+ 2011-11-11 20:51 . 2011-11-11 20:51 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E0F3F081-0CA6-11E1-B172-001D7D0BF8E1}.dat

+ 2011-11-11 20:51 . 2011-11-11 20:51 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E9396173-0CA6-11E1-B172-001D7D0BF8E1}.dat

+ 2011-11-11 20:51 . 2011-11-11 20:51 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E0F3F085-0CA6-11E1-B172-001D7D0BF8E1}.dat

+ 2011-11-11 20:51 . 2011-11-11 20:51 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E0F3F083-0CA6-11E1-B172-001D7D0BF8E1}.dat

+ 2011-11-11 20:51 . 2011-11-11 20:51 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E0F3F082-0CA6-11E1-B172-001D7D0BF8E1}.dat

- 2011-11-08 20:03 . 2011-11-08 20:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-11-18 22:20 . 2011-11-18 22:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-11-18 22:20 . 2011-11-18 22:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-11-08 20:03 . 2011-11-08 20:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-10-26 01:38 . 2011-11-11 20:51 507904 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat

- 2011-10-26 01:38 . 2011-11-02 22:11 507904 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat

+ 2008-07-22 10:21 . 2011-11-11 20:51 360448 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-01-17 21:40 . 2011-11-16 00:48 763792 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2008-07-19 07:24 . 2011-11-18 22:25 106796 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 15:44 . 2011-11-18 22:25 142702 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-08-26 08:08 . 2011-11-16 23:01 476096 c:\windows\system32\perfh011.dat

+ 2006-11-02 12:46 . 2011-11-16 23:01 725528 c:\windows\system32\perfh009.dat

+ 2008-08-26 08:08 . 2011-11-16 23:01 155332 c:\windows\system32\perfc011.dat

+ 2006-11-02 12:46 . 2011-11-16 23:01 155332 c:\windows\system32\perfc009.dat

- 2009-05-15 06:07 . 2011-11-08 20:03 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-05-15 06:07 . 2011-11-18 22:20 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2006-11-02 12:40 . 2011-11-17 23:53 143360 c:\windows\inf\infstrng.dat

- 2006-11-02 12:40 . 2011-10-31 04:20 143360 c:\windows\inf\infstrng.dat

- 2006-11-02 12:40 . 2011-10-31 04:20 143360 c:\windows\inf\infstor.dat

+ 2006-11-02 12:40 . 2011-11-17 23:53 143360 c:\windows\inf\infstor.dat

+ 2008-07-22 10:21 . 2011-11-11 20:51 2473984 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-07-22 10:21 . 2011-11-04 23:50 2473984 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-07-22 10:21 . 2011-11-11 20:51 1212416 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-07-22 10:21 . 2011-11-04 23:50 1212416 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2006-11-02 15:21 . 2011-11-16 23:01 2929146 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat

- 2006-11-02 15:21 . 2011-11-08 20:31 2929146 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat

- 2011-06-11 06:21 . 2011-11-08 20:04 4194304 c:\windows\Debug\msmqlog.bin

+ 2011-06-11 06:21 . 2011-11-18 22:21 4194304 c:\windows\Debug\msmqlog.bin

+ 2006-11-02 12:33 . 2011-11-16 23:01 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat

- 2006-11-02 12:33 . 2011-11-08 20:31 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2006-11-02 12:35 . 2011-11-11 20:53 52174280 c:\windows\system32\mrt.exe

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 138240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]

"DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-06-25 1325848]

"AcronisTimounterMonitor"="c:\program files (x86)\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-25 904768]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"QuickTime Task"="c:\program files (x86)\QuickTime Alternative\QTTask.exe" [2011-07-05 421888]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon]

[bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]

[bU]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux8"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"LogitechQuickCamRibbon"="c:\program files (x86)\Logitech\QuickCam\Quickcam.exe" /hide

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 135664]

R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]

R3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0); [x]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-08-06 79360]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 135664]

R3 LVcKap64;Logitech AEC Driver; [x]

R3 LVPr2M64;Logitech LVPr2M64 Driver; [x]

R3 LVUSBS64;Logitech USB Monitor Filter; [x]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\B85.tmp [x]

R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [x]

R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.09\RivaTuner64.sys [2008-07-19 19952]

R3 rt61x64;Ralink RT61 Wireless Driver for Windows Vista; [x]

R3 scramby_out;Scramby Output;c:\windows\system32\drivers\scramby_out.sys [x]

R3 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 487280]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

R3 X6va003;X6va003;c:\users\Tsiphon\AppData\Local\Temp\003F29A.tmp [x]

R4 BsMobileCS;BsMobileCS;c:\program files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2010-03-09 143467]

R4 MSSQL$SOLARWINDS_ORION;SQL Server (SOLARWINDS_ORION); [x]

R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]

R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]

S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2008-06-25 605464]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]

S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 5790064]

S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [x]

S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]

S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]

S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]

S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - PROCEXP141

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 17:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 12:40]

.

2011-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 12:40]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

"RtHDVCpl"="RAVCpl64.exe" [2008-02-13 5684736]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 225792]

"Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-25 136472]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 9264456]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Tsiphon\AppData\Roaming\Mozilla\Firefox\Profiles\i4gr5jr6.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-10 - (no file)

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Solarwinds Trap Service]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SolarWinds: Collector DataProcessor]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Solarwinds: Job Broker]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Solarwinds: Job Engine]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Solarwinds: Job Engine v2]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Solarwinds: Job Scheduler]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Solarwinds: Job Scheduler v2]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Solarwinds: Worker Process]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Solarwinds: Worker Process v2]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\B85.tmp"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\X6va003]

"ImagePath"="\??\c:\users\Tsiphon\AppData\Local\Temp\003F29A.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9c,a2,f1,d4,15,82,c2,48,99,43,46,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9c,a2,f1,d4,15,82,c2,48,99,43,46,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9c,a2,f1,d4,15,82,c2,48,99,43,46,\

.

[HKEY_USERS\S-1-5-21-4111605854-636613554-1496609690-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:b0,24,0d,0e,50,c2,6b,70,02,29,1d,b9,9b,f3,6b,2f,2b,5d,22,b8,72,f1,89,

77,30,39,6a,87,2c,80,fe,83,ab,a8,68,9b,31,cd,34,b5,2e,58,6d,51,6f,3c,e1,3f,\

"??"=hex:de,c2,f1,00,6b,13,52,1e,8d,7b,f0,04,df,b8,e0,7f

.

[HKEY_USERS\S-1-5-21-4111605854-636613554-1496609690-1000\Software\SecuROM\License information*]

"datasecu"=hex:fa,84,73,12,ef,d2,44,36,38,4d,80,39,fc,50,df,aa,cd,eb,4b,10,d6,

0d,5b,f9,da,79,e0,3f,89,9a,b4,3c,4a,db,10,1e,e8,20,fd,88,02,da,16,3a,7a,b7,\

"rkeysecu"=hex:d0,71,9f,d7,18,0a,c6,cb,3e,d1,09,7e,f3,81,c3,2a

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

"CurrentPartnershipProtocol"=dword:00000003

"MinimumPartnershipProtocol"=dword:00000002

@=""

"EulaRequired"=dword:06010000

"DTPTNetworkType"="{0}"

"Dual-Home"=dword:00000001

"DisableCredentialSave"=dword:00000000

"RasTimeoutResponseWait"=dword:00000032

"RasTimeoutPause"=dword:00000005

"ConnectTypesAllowed"=dword:0000000a

"CheckPasswordTimeoutSeconds"=dword:00000014

"WaitV2TimeoutSeconds"=dword:00000004

"SerialPort"="Bluetooth"

"HasUsbDevice"=dword:00000000

"SerialBaudRate"=dword:0001c200

"DeviceType"=""

"DeviceOemInfo"=""

"DeviceVersion"=dword:04401504

"DeviceProcessorType"=dword:00000000

"DeviceProcessor"=""

"DisableIr"=dword:00000000

"GuestOnly"=dword:00000000

"MajorVersion"=dword:00000006

"MinorVersion"=dword:00000000

"InstalledDir"="c:\\Windows\\WindowsMobile"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

Completion time: 2011-11-18 16:58:05

ComboFix-quarantined-files.txt 2011-11-18 22:58

ComboFix2.txt 2011-11-11 21:53

ComboFix3.txt 2011-11-09 07:16

ComboFix4.txt 2011-11-08 03:33

ComboFix5.txt 2011-11-18 22:32

.

Pre-Run: 36,330,483,712 bytes free

Post-Run: 36,276,187,136 bytes free

.

- - End Of File - - 46A01E2888103619D1BABAF3B2738028

post-98638-0-46420600-1321658357.jpg

post-98638-0-09424700-1321658364.jpg

post-98638-0-08413500-1321658373.jpg

Link to post
Share on other sites

I forgot to mention, but the last picture on the attachments is just showing you that when I try to open firefox or internet explorer the windows are completely hidden to me.

the following is the mbam report:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8190

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.19088

11/18/2011 5:16:57 PM

mbam-log-2011-11-18 (17-16-57).txt

Scan type: Quick scan

Objects scanned: 205702

Time elapsed: 3 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:\windows\temp\cookies (Backdoor.Agent) -> Quarantined and deleted successfully.

Files Infected:

c:\windows\temp\windowsnw.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\windows\temp\history\firefox.ex (Backdoor.Zapchast) -> Quarantined and deleted successfully.

c:\windows\temp\kdata (Malware.Trace) -> Quarantined and deleted successfully.

c:\windows\temp\history\firefox.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\windows\temp\managee.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\windows\temp\cookies\venton.exe (Backdoor.Agent) -> Quarantined and deleted successfully.

c:\windows\temp\temporary\makeout.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\windows\temp\as.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hi,

Open notepad and copy/paste the text in the codebox below into it:


@echo off
for %%g in (
c:\windows\SysWOW64\user32.dll
) do zip Files_for_submission %%g
del %0

Save this as grab.bat

Choose to Save type as - All Files

Save it on your desktop.

It should look like this: bat_icon.gif

Double click on grab.bat & allow it to run

A file, Files_for_submission.zip will be created on your desktop. Upload it to this website.

Kindly include a link to this topic in the message.

Link to post
Share on other sites

Hi,

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.

@ECHO OFF

COPY /Y c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll c:\windows\SysWOW64\user32.dll.bak

DEL %0

Right click on fixes.bat file and select run as administrator to execute it. Check that c:\windows\SysWOW64\user32.dll.bak file exists after the operation.

Next I need you to use your Vista DVD to boot into recovery environment like you did earlier. Type the following commands there:

COPY /Y c:\windows\SysWOW64\user32.dll.bak c:\windows\SysWOW64\user32.dll
EXIT

Boot back into normal mode, run ComboFix and post back its log + fresh dds logs.

Link to post
Share on other sites

:D All seems good! I updated Combofix for this log, and there were no weird processes running under the CTaudsrc, and MBAM reported no malicious site connections.

Also, Firefox can open now!

Here is the combofix log (combofix rebooted my computer), and the DDS will be in the next reply.

ComboFix 11-11-19.04 - Tsiphon 11/19/2011 15:30:48.8.4 - x64

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.4094.2143 [GMT -6:00]

Running from: c:\users\Tsiphon\Desktop\ComboFix.exe

FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\iojbcaa.tmp

c:\programdata\kojbcaa.tmp

c:\programdata\mojbcaa.tmp

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_COMSysApp

.

.

((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))

.

.

2011-11-19 21:48 . 2011-11-19 21:48 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2011-11-19 21:48 . 2011-11-19 21:48 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

2011-11-19 21:48 . 2011-11-19 21:48 -------- d-----w- c:\users\Guest\AppData\Local\temp

2011-11-19 21:48 . 2011-11-19 21:48 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-19 21:08 . 2008-01-19 07:32 648192 ----a-w- c:\windows\SysWow64\user32.dll.bak

2011-11-16 23:04 . 2011-11-16 23:04 -------- d-----w- c:\program files (x86)\VS Revo Group

2011-11-16 00:22 . 2011-11-16 00:22 -------- d--h--w- c:\programdata\Common Files

2011-11-16 00:20 . 2011-11-16 00:22 -------- d-----w- c:\programdata\MFAData

2011-11-08 20:10 . 2011-11-08 20:10 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-11-08 20:09 . 2011-11-08 20:09 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-08 19:57 . 2011-11-08 20:06 -------- d-----w- c:\users\Tsiphon\AppData\Local\Solid State Networks

2011-11-08 03:40 . 2011-11-08 03:40 -------- d-----w- c:\windows\system32\Macromed

2011-11-02 23:46 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\B85.tmp

2011-11-02 23:40 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\7213.tmp

2011-11-02 23:30 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\5060.tmp

2011-11-02 23:22 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\1AC0.tmp

2011-11-02 23:16 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\88FD.tmp

2011-11-02 23:11 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\1821.tmp

2011-11-02 23:11 . 2011-11-02 23:11 -------- d-----w- c:\program files (x86)\Sophos

2011-11-01 18:56 . 2011-11-01 18:56 388096 ----a-r- c:\users\Tsiphon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-10-31 07:06 . 2011-10-31 07:06 0 ----a-w- c:\windows\SysWow64\drivers\SET88DE.tmp

2011-10-31 07:06 . 2011-10-31 07:06 0 ----a-w- c:\windows\SysWow64\drivers\SET5C67.tmp

2011-10-31 07:06 . 2011-10-31 07:06 0 ----a-w- c:\windows\SysWow64\drivers\SET5AA1.tmp

2011-10-31 07:06 . 2011-10-31 07:06 0 ----a-w- c:\windows\SysWow64\drivers\SET584F.tmp

2011-10-31 07:06 . 2011-10-31 07:06 0 ----a-w- c:\windows\SysWow64\drivers\SET771.tmp

2011-10-31 07:06 . 2011-10-31 07:06 0 ----a-w- c:\windows\SysWow64\drivers\SET4E1.tmp

2011-10-31 07:06 . 2011-10-31 07:07 309320 ----a-w- c:\windows\SysWow64\drivers\TrufosAlt.sys

2011-10-31 07:06 . 2011-10-31 07:06 0 ----a-w- c:\windows\SysWow64\drivers\SETC86D.tmp

2011-10-31 07:05 . 2011-10-31 07:05 0 ----a-w- c:\windows\SysWow64\drivers\SET1747.tmp

2011-10-31 07:04 . 2011-10-31 07:04 0 ----a-w- c:\windows\SysWow64\drivers\SET3E2B.tmp

2011-10-31 07:04 . 2011-10-31 07:04 0 ----a-w- c:\windows\SysWow64\drivers\SET3C94.tmp

2011-10-31 07:04 . 2011-10-31 07:04 0 ----a-w- c:\windows\SysWow64\drivers\SET39E5.tmp

2011-10-31 07:04 . 2011-10-31 07:04 0 ----a-w- c:\windows\SysWow64\drivers\SET334F.tmp

2011-10-31 07:04 . 2011-10-31 07:04 0 ----a-w- c:\windows\SysWow64\drivers\SETDA09.tmp

2011-10-31 07:03 . 2011-10-31 07:03 0 ----a-w- c:\windows\SysWow64\drivers\SET432B.tmp

2011-10-31 07:03 . 2011-10-31 07:03 0 ----a-w- c:\windows\SysWow64\drivers\SET400F.tmp

2011-10-31 07:02 . 2011-10-31 07:02 0 ----a-w- c:\windows\SysWow64\drivers\SETB971.tmp

2011-10-31 07:02 . 2011-10-31 07:02 0 ----a-w- c:\windows\SysWow64\drivers\SETB6A2.tmp

2011-10-31 07:02 . 2011-10-31 07:02 0 ----a-w- c:\windows\SysWow64\drivers\SETAFBE.tmp

2011-10-31 06:58 . 2011-10-31 06:58 0 ----a-w- c:\windows\SysWow64\drivers\SETB450.tmp

2011-10-31 04:21 . 2011-10-31 04:21 -------- d-----w- c:\users\Tsiphon\AppData\Roaming\WinPatrol

2011-10-31 04:21 . 2011-10-31 04:21 -------- d-----w- c:\programdata\InstallMate

2011-10-31 04:21 . 2011-10-31 04:21 -------- d-----w- c:\program files (x86)\BillP Studios

2011-10-31 04:18 . 2011-11-02 08:48 -------- d-----w- c:\programdata\Comodo

2011-10-31 04:18 . 2011-10-31 04:18 -------- d-----w- c:\program files\COMODO

2011-10-31 04:17 . 2011-10-31 04:18 -------- d-----w- c:\programdata\Comodo Downloader

2011-10-29 08:24 . 2011-10-29 10:15 -------- d-----w- c:\users\Tsiphon\AppData\Roaming\Winamp

2011-10-28 22:54 . 2011-10-28 23:09 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner

2011-10-26 21:59 . 2011-10-26 21:59 -------- d-----w- c:\users\Tsiphon\AppData\Roaming\Malwarebytes

2011-10-26 21:59 . 2011-10-26 21:59 -------- d-----w- c:\programdata\Malwarebytes

2011-10-26 21:59 . 2011-10-27 02:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-10-26 21:59 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-26 21:56 . 2011-10-26 21:56 -------- d-----w- c:\users\Tsiphon\AppData\Roaming\WTablet

2011-10-21 14:14 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FDC2EED1-71B5-48C1-ADD4-7D759D933147}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-08 20:10 . 2010-04-30 21:21 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-10-07 23:47 . 2011-10-07 23:47 93200 ----a-w- c:\windows\system32\drivers\inspect.sys

2011-10-07 23:47 . 2011-10-07 23:47 42224 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-10-07 23:47 . 2011-10-07 23:47 574216 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-10-07 23:47 . 2011-10-07 23:47 16528 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-10-07 23:47 . 2011-10-07 23:47 41200 ----a-w- c:\windows\system32\cmdcsr.dll

2011-10-07 23:47 . 2011-10-07 23:47 300200 ----a-w- c:\windows\SysWow64\guard32.dll

2011-10-07 23:47 . 2011-10-07 23:47 388280 ----a-w- c:\windows\system32\guard64.dll

2011-08-31 04:05 . 2011-08-31 04:05 96104 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 04:05 . 2011-08-31 04:05 85864 ----a-w- c:\windows\system32\dnssd.dll

2011-08-31 04:05 . 2011-08-31 04:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-08-31 04:05 . 2011-08-31 04:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2011-11-18_22.53.06 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-05-15 06:45 . 2011-11-11 20:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-05-15 06:45 . 2011-11-18 23:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2011-10-26 00:09 . 2011-11-18 23:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat

- 2011-10-26 00:09 . 2011-10-31 07:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat

+ 2011-10-25 21:35 . 2011-11-18 23:14 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

- 2011-10-25 21:35 . 2011-10-31 07:45 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

+ 2010-09-28 04:48 . 2011-11-18 23:16 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat

- 2010-09-28 04:48 . 2011-11-11 20:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat

+ 2008-07-19 07:24 . 2011-11-19 21:26 30962 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4111605854-636613554-1496609690-1000_UserData.bin

+ 2011-06-10 04:10 . 2011-11-19 19:20 62078 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat

- 2011-06-10 04:10 . 2011-11-18 22:21 62078 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat

- 2008-07-19 06:58 . 2011-11-18 22:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-07-19 06:58 . 2011-11-19 21:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-07-19 06:58 . 2011-11-18 22:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-07-19 06:58 . 2011-11-19 21:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-07-19 06:58 . 2011-11-19 21:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-07-19 06:58 . 2011-11-18 22:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-05-20 06:17 . 2011-11-18 22:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-05-20 06:17 . 2011-11-19 21:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-05-20 06:17 . 2011-11-18 22:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-05-20 06:17 . 2011-11-19 21:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-11-18 23:13 . 2011-11-18 23:13 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{EC88D8A4-123A-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:13 . 2011-11-18 23:13 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{EC88D8A5-123A-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:58 . 2011-11-18 22:58 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DAF1FF9F-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:16 . 2011-11-18 23:16 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{62BA9134-123B-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:16 . 2011-11-18 23:16 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{62B67283-123B-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:16 . 2011-11-18 23:16 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{62B64B73-123B-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:54 . 2011-11-18 22:54 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4613A59E-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:15 . 2011-11-18 23:15 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{26E6DCE3-123B-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:00 . 2011-11-18 23:00 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2517EE9E-1239-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:07 . 2011-11-18 23:07 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{20EFFA5E-123A-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:14 . 2011-11-18 23:14 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{12C89054-123B-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:14 . 2011-11-18 23:14 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{12BAFBC4-123B-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:14 . 2011-11-18 23:14 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{12B81594-123B-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:14 . 2011-11-18 23:14 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{12B68EF4-123B-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:06 . 2011-11-18 23:06 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FA958ECA-1239-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:06 . 2011-11-18 23:06 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FA958EC3-1239-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:06 . 2011-11-18 23:06 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FA958EBB-1239-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:59 . 2011-11-18 22:59 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F591A44F-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:59 . 2011-11-18 22:59 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F591A44E-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:59 . 2011-11-18 22:59 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F591A44D-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:59 . 2011-11-18 22:59 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F591A44C-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:59 . 2011-11-18 22:59 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F591A44B-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:06 . 2011-11-18 23:06 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EF80087B-1239-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:59 . 2011-11-18 22:59 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EEA5CA90-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:59 . 2011-11-18 22:59 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EEA5CA8F-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:59 . 2011-11-18 22:59 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EEA5CA8E-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:59 . 2011-11-18 22:59 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EEA5CA8D-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:59 . 2011-11-18 22:59 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EEA5CA8C-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:59 . 2011-11-18 22:59 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EEA5CA8B-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:13 . 2011-11-18 23:13 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EC5F7ECC-123A-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:13 . 2011-11-18 23:13 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EC5F7EC5-123A-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:13 . 2011-11-18 23:13 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EC5F7EBE-123A-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:13 . 2011-11-18 23:13 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EC5F7EB7-123A-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:13 . 2011-11-18 23:13 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E66557F1-123A-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:58 . 2011-11-18 22:58 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DE3CBDCD-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:58 . 2011-11-18 22:58 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DE3CBDCC-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:58 . 2011-11-18 22:58 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DE3CBDCB-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:58 . 2011-11-18 22:58 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DAF1FFA0-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:58 . 2011-11-18 22:58 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D7FC3F43-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:58 . 2011-11-18 22:58 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D7FC3F42-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:58 . 2011-11-18 22:58 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D7FC3F41-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:05 . 2011-11-18 23:05 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D6BF0EEA-1239-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:05 . 2011-11-18 23:05 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D6BF0EE3-1239-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:05 . 2011-11-18 23:05 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D6BF0EDC-1239-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:58 . 2011-11-18 22:58 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D20266A7-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:58 . 2011-11-18 22:58 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D20266A6-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:58 . 2011-11-18 22:58 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D20266A5-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:58 . 2011-11-18 22:58 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D20266A4-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:58 . 2011-11-18 22:58 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D20266A3-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:58 . 2011-11-18 22:58 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D202669C-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:12 . 2011-11-18 23:12 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D18EB7E0-123A-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:05 . 2011-11-18 23:05 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CBC9459B-1239-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:05 . 2011-11-18 23:05 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CAD6330B-1239-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:58 . 2011-11-18 22:58 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C92D336B-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:05 . 2011-11-18 23:05 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C47A8B5B-1239-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:57 . 2011-11-18 22:57 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BA33952B-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:04 . 2011-11-18 23:04 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B786F64C-1239-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:57 . 2011-11-18 22:57 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B439E3B7-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:57 . 2011-11-18 22:57 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B439E3B0-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:57 . 2011-11-18 22:57 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B439E3A8-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:57 . 2011-11-18 22:57 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B439E3A1-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:04 . 2011-11-18 23:04 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B3DCDA13-1239-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:04 . 2011-11-18 23:04 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B3DCDA0C-1239-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:12 . 2011-11-18 23:12 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B2B699B6-123A-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:12 . 2011-11-18 23:12 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B2B699AF-123A-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:12 . 2011-11-18 23:12 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B2B699A8-123A-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:11 . 2011-11-18 23:11 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B2B699A0-123A-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:57 . 2011-11-18 22:57 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AE3FE3EC-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:04 . 2011-11-18 23:04 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A7F5D2FB-1239-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:56 . 2011-11-18 22:56 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{936A6240-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:56 . 2011-11-18 22:56 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{936A6239-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:56 . 2011-11-18 22:56 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{936A622C-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:11 . 2011-11-18 23:11 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{933D597E-123A-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:11 . 2011-11-18 23:11 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{933D5969-123A-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:10 . 2011-11-18 23:10 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{933D5960-123A-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:03 . 2011-11-18 23:03 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{908C2C01-1239-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:56 . 2011-11-18 22:56 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8C49E3E2-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:56 . 2011-11-18 22:56 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8C49E3DB-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:03 . 2011-11-18 23:03 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8A91B71C-1239-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:03 . 2011-11-18 23:03 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{844D19DB-1239-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:03 . 2011-11-18 23:03 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{81E9AE6B-1239-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:10 . 2011-11-18 23:10 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{73F49F0F-123A-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:10 . 2011-11-18 23:10 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{73F49F07-123A-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:10 . 2011-11-18 23:10 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{73F49F00-123A-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:55 . 2011-11-18 22:55 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6CF51B9F-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:55 . 2011-11-18 22:55 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6CF51B91-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:16 . 2011-11-18 23:16 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{69ABC220-123B-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:55 . 2011-11-18 22:55 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{66FBB823-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:55 . 2011-11-18 22:55 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{66FBB81C-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:02 . 2011-11-18 23:02 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{66772961-1239-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:02 . 2011-11-18 23:02 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{64EA47D3-1239-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:02 . 2011-11-18 23:02 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{64EA47CC-1239-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:16 . 2011-11-18 23:16 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{62BA9135-123B-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:16 . 2011-11-18 23:16 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{62B6728C-123B-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:16 . 2011-11-18 23:16 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{62B67284-123B-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:16 . 2011-11-18 23:16 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{62B64B74-123B-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:02 . 2011-11-18 23:02 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{607C665C-1239-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:16 . 2011-11-18 23:16 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{536194E1-123B-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:02 . 2011-11-18 23:02 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{530178E2-1239-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:02 . 2011-11-18 23:02 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{530178DB-1239-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:54 . 2011-11-18 22:54 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4CAFFFDF-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:54 . 2011-11-18 22:54 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4CAFFFD2-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:16 . 2011-11-18 23:16 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{48B38301-123B-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:54 . 2011-11-18 22:54 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4613A5A1-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 22:54 . 2011-11-18 22:54 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4613A59F-1238-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:08 . 2011-11-18 23:08 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4313E83C-123A-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:01 . 2011-11-18 23:01 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4256F64C-1239-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:08 . 2011-11-18 23:08 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3705F83C-123A-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:15 . 2011-11-18 23:15 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{26E6DCE4-123B-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:15 . 2011-11-18 23:15 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{256D8384-123B-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:15 . 2011-11-18 23:15 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{256D837D-123B-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:15 . 2011-11-18 23:15 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{256D8376-123B-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:15 . 2011-11-18 23:15 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{256D836F-123B-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:15 . 2011-11-18 23:15 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{256D8368-123B-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:00 . 2011-11-18 23:00 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2517EE9F-1239-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:07 . 2011-11-18 23:07 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1B84F450-123A-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:07 . 2011-11-18 23:07 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1B84F449-123A-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:07 . 2011-11-18 23:07 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1B84F441-123A-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:07 . 2011-11-18 23:07 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{134CC462-123A-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:07 . 2011-11-18 23:07 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{134CC45B-123A-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:14 . 2011-11-18 23:14 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{12C89055-123B-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:14 . 2011-11-18 23:14 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{12BAFBC5-123B-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:14 . 2011-11-18 23:14 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{12B81595-123B-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-18 23:14 . 2011-11-18 23:14 1536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{12B68EF5-123B-11E1-97B1-001D7D0BF8E1}.dat

+ 2011-11-19 21:51 . 2011-11-19 21:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-11-18 22:20 . 2011-11-18 22:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-11-19 21:51 . 2011-11-19 21:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-11-18 22:20 . 2011-11-18 22:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-01-23 15:52 . 2008-01-19 07:32 648192 c:\windows\SysWOW64\user32.dll

+ 2011-10-26 01:38 . 2011-11-18 23:16 851968 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat

+ 2008-07-22 10:21 . 2011-11-18 23:16 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-01-17 21:40 . 2011-11-19 21:08 765422 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2008-07-19 07:24 . 2011-11-19 21:26 106852 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 15:44 . 2011-11-19 21:26 142912 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-05-15 06:07 . 2011-11-19 21:21 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-05-15 06:07 . 2011-11-18 22:20 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2008-07-22 10:21 . 2011-11-18 23:16 2473984 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-07-22 10:21 . 2011-11-11 20:51 2473984 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-07-22 10:21 . 2011-11-11 20:51 1212416 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-07-22 10:21 . 2011-11-18 23:16 1212416 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-06-11 06:21 . 2011-11-18 22:21 4194304 c:\windows\Debug\msmqlog.bin

+ 2011-06-11 06:21 . 2011-11-19 21:51 4194304 c:\windows\Debug\msmqlog.bin

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 138240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]

"DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-06-25 1325848]

"AcronisTimounterMonitor"="c:\program files (x86)\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-25 904768]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"QuickTime Task"="c:\program files (x86)\QuickTime Alternative\QTTask.exe" [2011-07-05 421888]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon]

[bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]

[bU]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux8"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"LogitechQuickCamRibbon"="c:\program files (x86)\Logitech\QuickCam\Quickcam.exe" /hide

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 135664]

R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]

R3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0); [x]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-08-06 79360]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 135664]

R3 LVcKap64;Logitech AEC Driver; [x]

R3 LVPr2M64;Logitech LVPr2M64 Driver; [x]

R3 LVUSBS64;Logitech USB Monitor Filter; [x]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\B85.tmp [x]

R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [x]

R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.09\RivaTuner64.sys [2008-07-19 19952]

R3 rt61x64;Ralink RT61 Wireless Driver for Windows Vista; [x]

R3 scramby_out;Scramby Output;c:\windows\system32\drivers\scramby_out.sys [x]

R3 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-13 487280]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

R3 X6va003;X6va003;c:\users\Tsiphon\AppData\Local\Temp\003F29A.tmp [x]

R4 BsMobileCS;BsMobileCS;c:\program files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2010-03-09 143467]

R4 MSSQL$SOLARWINDS_ORION;SQL Server (SOLARWINDS_ORION); [x]

R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]

R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]

S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2008-06-25 605464]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]

S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-13 5790064]

S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [x]

S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]

S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]

S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]

S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 17:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 12:40]

.

2011-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 12:40]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

"RtHDVCpl"="RAVCpl64.exe" [2008-02-13 5684736]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 225792]

"Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-25 136472]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 9264456]

"combofix"="c:\combofix\CF6635.3XE" [2008-01-19 363008]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Tsiphon\AppData\Roaming\Mozilla\Firefox\Profiles\i4gr5jr6.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-10 - (no file)

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Solarwinds Trap Service]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SolarWinds: Collector DataProcessor]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Solarwinds: Job Broker]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Solarwinds: Job Engine]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Solarwinds: Job Engine v2]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Solarwinds: Job Scheduler]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Solarwinds: Job Scheduler v2]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Solarwinds: Worker Process]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Solarwinds: Worker Process v2]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\B85.tmp"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\X6va003]

"ImagePath"="\??\c:\users\Tsiphon\AppData\Local\Temp\003F29A.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9c,a2,f1,d4,15,82,c2,48,99,43,46,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9c,a2,f1,d4,15,82,c2,48,99,43,46,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9c,a2,f1,d4,15,82,c2,48,99,43,46,\

.

[HKEY_USERS\S-1-5-21-4111605854-636613554-1496609690-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:b0,24,0d,0e,50,c2,6b,70,02,29,1d,b9,9b,f3,6b,2f,2b,5d,22,b8,72,f1,89,

77,30,39,6a,87,2c,80,fe,83,ab,a8,68,9b,31,cd,34,b5,2e,58,6d,51,6f,3c,e1,3f,\

"??"=hex:de,c2,f1,00,6b,13,52,1e,8d,7b,f0,04,df,b8,e0,7f

.

[HKEY_USERS\S-1-5-21-4111605854-636613554-1496609690-1000\Software\SecuROM\License information*]

"datasecu"=hex:fa,84,73,12,ef,d2,44,36,38,4d,80,39,fc,50,df,aa,cd,eb,4b,10,d6,

0d,5b,f9,da,79,e0,3f,89,9a,b4,3c,4a,db,10,1e,e8,20,fd,88,02,da,16,3a,7a,b7,\

"rkeysecu"=hex:d0,71,9f,d7,18,0a,c6,cb,3e,d1,09,7e,f3,81,c3,2a

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

"CurrentPartnershipProtocol"=dword:00000003

"MinimumPartnershipProtocol"=dword:00000002

@=""

"EulaRequired"=dword:06010000

"DTPTNetworkType"="{0}"

"Dual-Home"=dword:00000001

"DisableCredentialSave"=dword:00000000

"RasTimeoutResponseWait"=dword:00000032

"RasTimeoutPause"=dword:00000005

"ConnectTypesAllowed"=dword:0000000a

"CheckPasswordTimeoutSeconds"=dword:00000014

"WaitV2TimeoutSeconds"=dword:00000004

"SerialPort"="Bluetooth"

"HasUsbDevice"=dword:00000000

"SerialBaudRate"=dword:0001c200

"DeviceType"=""

"DeviceOemInfo"=""

"DeviceVersion"=dword:04401504

"DeviceProcessorType"=dword:00000000

"DeviceProcessor"=""

"DisableIr"=dword:00000000

"GuestOnly"=dword:00000000

"MajorVersion"=dword:00000006

"MinorVersion"=dword:00000000

"InstalledDir"="c:\\Windows\\WindowsMobile"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

.

**************************************************************************

.

Completion time: 2011-11-19 15:59:57 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-19 21:59

ComboFix2.txt 2011-11-18 22:58

ComboFix3.txt 2011-11-11 21:53

ComboFix4.txt 2011-11-09 07:16

ComboFix5.txt 2011-11-19 21:28

.

Pre-Run: 36,364,541,952 bytes free

Post-Run: 35,957,202,944 bytes free

.

- - End Of File - - 80FF0C2B3EDA53F6DBCBD754D0927CE8

Link to post
Share on other sites

Here is the dds log.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_29

Run by Tsiphon at 16:00:31 on 2011-11-19

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.4094.2255 [GMT -6:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\system32\mqsvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\conime.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Windows\RAVCpl64.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe

C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe

mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

dRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15103/CTPID.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{B2707B3A-F1B2-4360-8B02-F14850833270} : DhcpNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe

mRun-x64: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Tsiphon\AppData\Roaming\Mozilla\Firefox\Profiles\i4gr5jr6.default\

.

============= SERVICES / DRIVERS ===============

.

R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\system32\Drivers\BtHidBus.sys --> C:\Windows\system32\Drivers\BtHidBus.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-26 366152]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-5-4 1153368]

R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2008-6-24 605464]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]

R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-5-25 5790064]

R3 btnetBUs;Bluetooth PAN Bus Service;C:\Windows\system32\Drivers\btnetBus.sys --> C:\Windows\system32\Drivers\btnetBus.sys [?]

R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

R3 IvtBtBUs;IVT Bluetooth Bus Service;C:\Windows\system32\Drivers\IvtBtBus.sys --> C:\Windows\system32\Drivers\IvtBtBus.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\system32\DRIVERS\vcsvad.sys --> C:\Windows\system32\DRIVERS\vcsvad.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-27 135664]

S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-8-6 79360]

S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-27 135664]

S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\B85.tmp --> C:\Windows\system32\B85.tmp [?]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-7-22 19968]

S3 PSSDK42;PSSDK42;\??\C:\Windows\system32\Drivers\pssdk42.sys --> C:\Windows\system32\Drivers\pssdk42.sys [?]

S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.09\RivaTuner64.sys [2008-4-28 19952]

S3 scramby_out;Scramby Output;C:\Windows\system32\drivers\scramby_out.sys --> C:\Windows\system32\drivers\scramby_out.sys [?]

S3 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-5-25 487280]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 BsMobileCS;BsMobileCS;C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2010-3-9 143467]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-3-24 93184]

S4 MSSQL$SOLARWINDS_ORION;SQL Server (SOLARWINDS_ORION); [x]

S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]

S4 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2011-11-19 21:52:53 -------- d-sh--w- C:\$RECYCLE.BIN

2011-11-19 21:08:41 648192 ----a-w- C:\Windows\SysWow64\user32.dll.bak

2011-11-16 23:04:50 -------- d-----w- C:\Program Files (x86)\VS Revo Group

2011-11-16 00:22:01 -------- d--h--w- C:\ProgramData\Common Files

2011-11-16 00:20:00 -------- d-----w- C:\ProgramData\MFAData

2011-11-08 20:09:20 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-08 19:57:55 -------- d-----w- C:\Users\Tsiphon\AppData\Local\Solid State Networks

2011-11-06 19:03:56 98816 ----a-w- C:\Windows\sed.exe

2011-11-06 19:03:56 518144 ----a-w- C:\Windows\SWREG.exe

2011-11-06 19:03:56 256000 ----a-w- C:\Windows\PEV.exe

2011-11-06 19:03:56 208896 ----a-w- C:\Windows\MBR.exe

2011-11-02 23:46:30 6144 ------w- C:\Windows\System32\B85.tmp

2011-11-02 23:40:23 6144 ------w- C:\Windows\System32\7213.tmp

2011-11-02 23:30:25 6144 ------w- C:\Windows\System32\5060.tmp

2011-11-02 23:22:41 6144 ------w- C:\Windows\System32\1AC0.tmp

2011-11-02 23:16:36 6144 ------w- C:\Windows\System32\88FD.tmp

2011-11-02 23:11:45 6144 ------w- C:\Windows\System32\1821.tmp

2011-11-02 23:11:14 -------- d-----w- C:\Program Files (x86)\Sophos

2011-11-01 18:56:45 388096 ----a-r- C:\Users\Tsiphon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-10-31 07:06:56 0 ----a-w- C:\Windows\SysWow64\drivers\SET88DE.tmp

2011-10-31 07:06:45 0 ----a-w- C:\Windows\SysWow64\drivers\SET5C67.tmp

2011-10-31 07:06:44 0 ----a-w- C:\Windows\SysWow64\drivers\SET5AA1.tmp

2011-10-31 07:06:44 0 ----a-w- C:\Windows\SysWow64\drivers\SET584F.tmp

2011-10-31 07:06:23 0 ----a-w- C:\Windows\SysWow64\drivers\SET771.tmp

2011-10-31 07:06:22 0 ----a-w- C:\Windows\SysWow64\drivers\SET4E1.tmp

2011-10-31 07:06:07 309320 ----a-w- C:\Windows\SysWow64\drivers\TrufosAlt.sys

2011-10-31 07:06:07 0 ----a-w- C:\Windows\SysWow64\drivers\SETC86D.tmp

2011-10-31 07:05:21 0 ----a-w- C:\Windows\SysWow64\drivers\SET1747.tmp

2011-10-31 07:04:26 0 ----a-w- C:\Windows\SysWow64\drivers\SET3E2B.tmp

2011-10-31 07:04:25 0 ----a-w- C:\Windows\SysWow64\drivers\SET3C94.tmp

2011-10-31 07:04:25 0 ----a-w- C:\Windows\SysWow64\drivers\SET39E5.tmp

2011-10-31 07:04:23 0 ----a-w- C:\Windows\SysWow64\drivers\SET334F.tmp

2011-10-31 07:04:00 0 ----a-w- C:\Windows\SysWow64\drivers\SETDA09.tmp

2011-10-31 07:03:22 0 ----a-w- C:\Windows\SysWow64\drivers\SET432B.tmp

2011-10-31 07:03:21 0 ----a-w- C:\Windows\SysWow64\drivers\SET400F.tmp

2011-10-31 07:02:46 0 ----a-w- C:\Windows\SysWow64\drivers\SETB971.tmp

2011-10-31 07:02:46 0 ----a-w- C:\Windows\SysWow64\drivers\SETB6A2.tmp

2011-10-31 07:02:44 0 ----a-w- C:\Windows\SysWow64\drivers\SETAFBE.tmp

2011-10-31 06:58:23 0 ----a-w- C:\Windows\SysWow64\drivers\SETB450.tmp

2011-10-31 04:21:13 -------- d-----w- C:\Users\Tsiphon\AppData\Roaming\WinPatrol

2011-10-31 04:21:03 -------- d-----w- C:\ProgramData\InstallMate

2011-10-31 04:21:03 -------- d-----w- C:\Program Files (x86)\BillP Studios

2011-10-31 04:18:21 -------- d-----w- C:\ProgramData\Comodo

2011-10-31 04:18:17 -------- d-----w- C:\Program Files\COMODO

2011-10-31 04:17:25 -------- d-----w- C:\ProgramData\Comodo Downloader

2011-10-28 22:54:51 -------- d-----w- C:\Program Files (x86)\Eusing Free Registry Cleaner

2011-10-26 21:59:25 -------- d-----w- C:\Users\Tsiphon\AppData\Roaming\Malwarebytes

2011-10-26 21:59:20 -------- d-----w- C:\ProgramData\Malwarebytes

2011-10-26 21:59:16 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-10-26 21:59:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-10-26 21:56:52 -------- d-----w- C:\Users\Tsiphon\AppData\Roaming\WTablet

2011-10-21 14:14:24 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FDC2EED1-71B5-48C1-ADD4-7D759D933147}\mpengine.dll

.

==================== Find3M ====================

.

2011-11-08 20:10:35 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-10-07 23:47:50 42224 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys

2011-10-07 23:47:48 574216 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys

2011-10-07 23:47:48 16528 ----a-w- C:\Windows\System32\drivers\cmderd.sys

2011-10-07 23:47:14 41200 ----a-w- C:\Windows\System32\cmdcsr.dll

2011-10-07 23:47:12 300200 ----a-w- C:\Windows\SysWow64\guard32.dll

2011-10-07 23:47:10 388280 ----a-w- C:\Windows\System32\guard64.dll

2011-08-31 04:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe

2011-08-31 04:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll

2011-08-31 04:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2011-08-31 04:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll

.

============= FINISH: 16:01:30.10 ===============

Attach.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.