Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Open Cloud AV issues - now also hijacked URL - using Hijack This - logged


  • This topic is locked This topic is locked
40 replies to this topic

#1 Nickolas F

Nickolas F

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 04 October 2011 - 12:20 AM

Hi, I am using an HP Pavilion, 32-bit laptop. I use Windows, and have been using IE 8 for a long time. About one week ago, I shifted over to the new Firefox. I tend to avoid risky sites. I actually work from my laptop, so I take things seriously. I've had AVG Free and never had any problem.

Two days ago, while my browser was pointed to a large, well-known site, the "Open Cloud AV" stuff began to appear. I didn't hit any link, so I don't know what happened there. It was patently clear to me that this was just another one of those long-time scams to "scan and find" corrupt files. I didn't buy it, didn't hit any of the links, and looked up exactly what it was it did.

Last night, I noticed that when I tried (via Firefox) to go to any site not pinned to my bar, the browser would freeze for a second, and then go to a different site. A simple tap of the back arrow took my back to where I wanted to go. It was trouble, and I knew it, but I could still use things.

After searching the web for different ways to get rid of OCAV, I got up early this morning and followed Bleeding Computer's instructions. When it was over, OCAV was gone, but there were more problems.

1. IE will not load. Nothing I do changes that. The URL bar opens blank and stays that way. If I click it and enter Facebook, Yahoo, or any place like that, it just hangs there and does nothing. It also doesn't want to close, and requires the Task Manager to do so.

2. Firefox IS working.

3. A "Malwarebytes Anti-Malware" warning flashes about every 15-20 seconds, telling me that Ping.exe or some website is unsafe. I'm not attempting to go to a website when it happens.

4. The moment I attempt to use IE, the CPU maxes out, and stays that way. When I finally get it closed, the CPU speed drops to its usual 8-9%.

5. Based on everything I could find out, the failure to load at Number 1 is because of a highjacked browser, similar to the old "about:blank" problem.

I've run AVG, Ad-Aware, Spybot Search & Destroy, and even did a second MalwareBytes scan. Absolutely nothing shows up as malware or spyware. I had no problem with RKill when I used it. It seems that everything should have been fixed. I downloaded Hijack This and got the log, but I am barely capable of peeking under the hood of this thing.

I'm working on no sleep, and my brain is fried. If I seem scattered, it's because I am.

I'm going to go ahead and put the log here. I appreciate any help I can get. I am nearly at the end of my rope and a paid project has come to a screeching halt. Outside of posting this, I don't know what else to do. I'll wait for whatever advice you have. Thank you!

-----------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:52:05 PM, on 10/3/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\AVG\AVG9\avgui.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {38542454-dfb6-44f5-b052-d4e071a3d073} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/60.10/uploader2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11172 bytes

BC AdBot (Login to Remove)

 


#2 Nickolas F

Nickolas F
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 04 October 2011 - 01:34 AM

Oh, and I forgot to add: apparently my entire Windows Firewall is gone. I checked the "Security" part of the control panel and was told that it was now gone. I have NEVER touched it. I wanted it in place. But any time I try to fix it, absolutely nothing happens. It doesn't quite freeze up, but the screen seems to just ignore what I do.

This seems to be some cascading sort of garbage that's doing me in.

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:29 PM

Posted 07 October 2011 - 01:41 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Nickolas F

Nickolas F
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 08 October 2011 - 06:04 PM

Gringo,

I followed the instructions, shut off the various security programs - AVG, Malwarebytes, Spybot, Ad-Aware - and ran ComboMix, as you instructed.

First thing - It took over 1.5 hours to run.
Second thing - It stalled at Stage 48 and 50 for a huge part of that time.
Third thing - It then told me it would require a deeper scan, and ran that. It took another 20-25 minutes.

I then copied the log, got the location, and couldn't open a Word file to save it. I tried IE and Firefox - I got the "Illegal operation attempted on a registry key..." message. Again I followed the instructions and restarted.

When I restarted, entered my password, and returned to the desktop, this is what I found:

1. My CPU was already running at 100%.
2. I was already infested with the THIRD version of the fake "virus cleaner" - following Open Cloud AV and AV Guard. This was called "Guard Online." It had already filled my Task Manager's Processes with 60-70 new "processes" - the ones that are named with nothing more than combos of letters and numbers.
3. My computer took forever to open up IE, but it DID open it up. That was one of the problems, and that seems to be solved.
4. I'm still seeing a flag that is telling me that I have no firewall.

So... I can open IE, but I'm still infested with bogus malware and still have no firewall. This is NOT a success. What now? I'm freaking out over here.

I'm in Safe Mode right now, and I'll leave it here as long as I can. But I may have to run the whole Rkill/Malwarebytes thing again to get rid of Guard Online. I'm waiting to hear what you suggest.


Nick

I've put the log below.


ComboFix 11-10-08.04 - Nickolas 10/08/2011 13:50:52.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.1007 [GMT -7:00]
Running from: c:\users\Nickolas\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Internet Explorer\1A15.tmp
c:\program files (x86)\Internet Explorer\3D0F.tmp
c:\program files (x86)\Internet Explorer\6FE2.tmp
c:\program files (x86)\Internet Explorer\F814.tmp
c:\programdata\JavaOnlineNotifier.dll
c:\users\Nickolas\AppData\Roaming\.#
c:\users\Nickolas\AppData\Roaming\b00yycAA1iv2oF4Open Cloud AV.ico
c:\users\Nickolas\AppData\Roaming\T0ucS1ibDoGaHsJOpen Cloud AV.ico
c:\users\Nickolas\AppData\Roaming\UA0ucS2ib3n4Q6WOpen Cloud AV.ico
c:\users\Nickolas\Desktop\Internet Explorer.lnk
c:\users\Public\videos\HP MediaSmart Demo.exe
c:\windows\$BLSTUN$
c:\windows\$BLSTUN$\apUninstall.exe
c:\windows\$BLSTUN$\lmATn.dll
c:\windows\$BLSTUN$\qgNNv.dll
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\00000002.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\80000032.@
c:\windows\assembly\tmp\U\80000064.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\system32\a11iivDD3o.exe
c:\windows\system32\AcAA11ivD2on4pH.exe
c:\windows\system32\ANNttxAA0uS2iDp.exe
c:\windows\system32\ARLL9hhTXqjCkzN.exe
c:\windows\system32\BekkIIBrzONyA0v.exe
c:\windows\system32\BIIIVrllNxP0c1b.exe
c:\windows\system32\brrzzONyxA0vS2.exe
c:\windows\system32\BsssWJ7EL8gZqYw.exe
c:\windows\system32\cIIIBrPNyxA1.exe
c:\windows\system32\config\systemprofile\AppData\Local\Google\GoogleUpdate\Googleupdt32.DLL
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.DLL
c:\windows\system32\config\systemprofile\AppData\Local\Sunbelt Software\SunbeltUpdate\Sunbeltupdt32.DLL
c:\windows\system32\config\systemprofile\AppData\Roaming\CWWWJ77dEL8ZhYw\uVeelOBtP0yc.exe
c:\windows\System64
c:\windows\SysWow64\AcAA11ivD2on4pH.exe
c:\windows\SysWow64\ARLL9hhTXqjCkzN.exe
c:\windows\SysWow64\BekkIIBrzONyA0v.exe
c:\windows\SysWow64\BIIIVrllNxP0c1b.exe
c:\windows\SysWow64\brrzzONyxA0vS2.exe
c:\windows\SysWow64\BsssWJ7EL8gZqYw.exe
c:\windows\SysWow64\cIIIBrPNyxA1.exe
c:\windows\SysWow64\cONtPPuSinGm6W7.exe
c:\windows\SysWow64\cRRZZqhYYXkUVlO.exe
c:\windows\SysWow64\DoooFpmH5sQ7dK8.exe
c:\windows\SysWow64\dRRL9TXUCeIOAv2.exe
c:\windows\SysWow64\ekUUVVOBtz0c1v2.exe
c:\windows\SysWow64\EwwwkUVelOBzPyA.exe
c:\windows\SysWow64\f5aaQQH6dW.exe
c:\windows\SysWow64\GiibD3oonGaHJ.exe
c:\windows\SysWow64\H000ycc11iD.exe
c:\windows\SysWow64\HqqqhYYCwkUrlBx.exe
c:\windows\SysWow64\hwwjjUCCelIrzNx.exe
c:\windows\SysWow64\IrrlBtx0y.exe
c:\windows\SysWow64\jfffRZZ9hTXjUel.exe
c:\windows\SysWow64\jHHH6sWWJ7fL8TZ.exe
c:\windows\SysWow64\jNyycA1uDbFpms6.exe
c:\windows\SysWow64\JWWJJ7ddL8gRqYX.exe
c:\windows\SysWow64\KHHH5ssJJK.exe
c:\windows\SysWow64\kNNyyx1vS2b3mG.exe
c:\windows\SysWow64\kPP00yccS1vDam.exe
c:\windows\SysWow64\kzzzP00yA1i.exe
c:\windows\SysWow64\LonnF44amH5.exe
c:\windows\SysWow64\m4aamHssJ7.exe
c:\windows\SysWow64\NBiH7EL8ZhY.exe
c:\windows\SysWow64\ODDD3onG4am6WJf.exe
c:\windows\SysWow64\PuuuvSS2oF3pm5.exe
c:\windows\SysWow64\PzOx0vS223nGaH.exe
c:\windows\SysWow64\R11uuvS2obF3pGa.exe
c:\windows\SysWow64\RFF33pmGG5QJ6W8.exe
c:\windows\SysWow64\rNtxxu1ib.exe
c:\windows\SysWow64\rpppnG44QH6WE9T.exe
c:\windows\SysWow64\SRRZZYjVltPFm.exe
c:\windows\SysWow64\TEELL8gTZhYwUVl.exe
c:\windows\SysWow64\THWf8hwrlOxPy1v.exe
c:\windows\SysWow64\TobbF4mmG5sJ6E8.exe
c:\windows\SysWow64\TOONNyxAA0vS.exe
c:\windows\SysWow64\TuuuvvS2ibF3nGa.exe
c:\windows\SysWow64\tyyxxA1uuv2ob3m.exe
c:\windows\SysWow64\u66ddEK8fRZh.exe
c:\windows\SysWow64\UaQQHH6sWK7.exe
c:\windows\SysWow64\VHH55sWJ7dE8RqY.exe
c:\windows\SysWow64\wE8ZhYXkelOBPy1.exe
c:\windows\SysWow64\wPP00yA11vDon4m.exe
c:\windows\SysWow64\wrrllOBtxPycSiD.exe
c:\windows\SysWow64\wTTTXqjjCekIzOt.exe
c:\windows\SysWow64\yFF44pmGG5QJ6E8.exe
c:\windows\SysWow64\YoobbF3pmG5aQ6W.exe
c:\windows\SysWow64\YwwjjUelIBzPyc1.exe
c:\windows\SysWow64\yXXXwjUCelIBzN.exe
c:\windows\SysWow64\z6ddEEK8fRZ9Twj.exe
c:\windows\SysWow64\ZA11uvD2obFpms6.exe
c:\windows\SysWow64\ZCCCkVOxP0cS.exe
c:\windows\TEMP\DXB5E7.tmp.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-08 to 2011-10-08 )))))))))))))))))))))))))))))))
.
.
2011-10-08 22:11 . 2011-10-08 22:11 3042304 ----a-w- c:\windows\SysWow64\FyyxA0uvSibFpGa.exe
2011-10-08 22:11 . 2011-10-08 22:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-08 22:11 . 2011-10-08 22:11 3042304 ----a-w- c:\windows\SysWow64\QXXwjUUelItzNc.exe
2011-10-08 22:09 . 2011-10-08 22:09 3042304 ----a-w- c:\windows\SysWow64\VS2ooFFpmG5Q6W8.exe
2011-10-08 22:08 . 2011-10-08 22:08 3042304 ----a-w- c:\windows\SysWow64\iucSSiiD3pn4Q6s.exe
2011-10-08 22:07 . 2011-10-08 22:07 3042304 ----a-w- c:\windows\SysWow64\yZqqhYCwkVrlBx0.exe
2011-10-08 22:07 . 2011-10-08 22:07 3042304 ----a-w- c:\windows\SysWow64\mVeelOBtz0yc1v2.exe
2011-10-08 22:06 . 2011-10-08 22:06 3042304 ----a-w- c:\windows\SysWow64\o8gRZqhYwkUeOBz.exe
2011-10-08 22:05 . 2011-10-08 22:05 3042304 ----a-w- c:\windows\SysWow64\j5ssQJ7dE8gR9Yw.exe
2011-10-08 22:04 . 2011-10-08 22:04 3042304 ----a-w- c:\windows\SysWow64\nyccS1ivDonFaHs.exe
2011-10-08 22:03 . 2011-10-08 22:03 3042304 ----a-w- c:\windows\SysWow64\sG55sQJ6dK8fZhX.exe
2011-10-08 22:02 . 2011-10-08 22:02 3042304 ----a-w- c:\windows\SysWow64\ZP0yycS1vD3nFaH.exe
2011-10-08 22:01 . 2011-10-08 22:01 3042304 ----a-w- c:\windows\SysWow64\NddWK77RL9TXjCk.exe
2011-10-08 22:00 . 2011-10-08 22:00 3042304 ----a-w- c:\windows\SysWow64\RnnF4amH5sJ.exe
2011-10-08 21:59 . 2011-10-08 21:59 3042304 ----a-w- c:\windows\SysWow64\kA1uuvD2bF4mGs.exe
2011-10-08 21:59 . 2011-10-08 21:59 3042304 ----a-w- c:\windows\SysWow64\OBtzz00cA1iDon4.exe
2011-10-08 21:58 . 2011-10-08 21:58 3042304 ----a-w- c:\windows\SysWow64\W2onn44pH5sJdEg.exe
2011-10-08 21:57 . 2011-10-08 21:57 3042304 ----a-w- c:\windows\SysWow64\uCeekIVrzNtx0c2.exe
2011-10-08 21:56 . 2011-10-08 21:56 3042304 ----a-w- c:\windows\SysWow64\HWJJ7dEL8RZqYwU.exe
2011-10-08 21:56 . 2011-10-08 21:56 3042304 ----a-w- c:\windows\SysWow64\OdWKKffL9hTqUek.exe
2011-10-08 21:55 . 2011-10-08 21:55 3042304 ----a-w- c:\windows\SysWow64\v2oobF3pG5aQ6W8.exe
2011-10-08 21:54 . 2011-10-08 21:54 3042304 ----a-w- c:\windows\SysWow64\DTTXXjjCelIrPy.exe
2011-10-08 21:53 . 2011-10-08 21:53 3042304 ----a-w- c:\windows\SysWow64\GK77RL9gXqjCkVr.exe
2011-10-08 21:52 . 2011-10-08 21:52 3042304 ----a-w- c:\windows\SysWow64\cTXqqjYCkIVrOtA.exe
2011-10-08 21:52 . 2011-10-08 21:52 3042304 ----a-w- c:\windows\SysWow64\vELL8gRZhYXwU.exe
2011-10-08 21:51 . 2011-10-08 21:51 3042304 ----a-w- c:\windows\SysWow64\RD22onF4mH5.exe
2011-10-08 21:50 . 2011-10-08 21:50 3042304 ----a-w- c:\windows\SysWow64\tXqjjCCkIBrOyA0.exe
2011-10-08 21:49 . 2011-10-08 21:49 3042304 ----a-w- c:\windows\SysWow64\DeelIBBzPNcAuDo.exe
2011-10-08 21:48 . 2011-10-08 21:48 3042304 ----a-w- c:\windows\SysWow64\NfELLggZqjYwIr.exe
2011-10-08 21:47 . 2011-10-08 21:47 3042304 ----a-w- c:\windows\SysWow64\d3oonG4am6sW7E8.exe
2011-10-08 21:47 . 2011-10-08 21:47 3042304 ----a-w- c:\windows\SysWow64\ufRLL9hTqjUe.exe
2011-10-08 21:45 . 2011-10-08 21:45 3042304 ----a-w- c:\windows\SysWow64\VUVeeOOBzP0cAiD.exe
2011-10-08 21:44 . 2011-10-08 21:44 3042304 ----a-w- c:\windows\SysWow64\KRZZ9hYXwUVeItP.exe
2011-10-08 21:44 . 2011-10-08 21:44 3042304 ----a-w- c:\windows\SysWow64\yVeelIBtPNyc1v2.exe
2011-10-08 21:43 . 2011-10-08 21:43 3042304 ----a-w- c:\windows\SysWow64\DggRRqqYXwUVlBz.exe
2011-10-08 21:42 . 2011-10-08 21:42 3042304 ----a-w- c:\windows\SysWow64\uHH6sWW7fE9g.exe
2011-10-08 21:41 . 2011-10-08 21:41 3042304 ----a-w- c:\windows\SysWow64\fBtzz00yA1iDo.exe
2011-10-08 21:40 . 2011-10-08 21:40 3042304 ----a-w- c:\windows\SysWow64\mELL9gTZqYCwIrO.exe
2011-10-08 21:40 . 2011-10-08 21:40 3042304 ----a-w- c:\windows\SysWow64\TONNtPPucSib3n4.exe
2011-10-08 21:39 . 2011-10-08 21:39 3042304 ----a-w- c:\windows\SysWow64\ZzPP0ycA1vD2n4m.exe
2011-10-08 21:38 . 2011-10-08 21:38 3042304 ----a-w- c:\windows\SysWow64\gYXXwkUVeOBtPyA.exe
2011-10-08 21:38 . 2011-10-08 21:38 3042304 ----a-w- c:\windows\SysWow64\ivD22obFpmGsQ.exe
2011-10-08 21:37 . 2011-10-08 21:37 3042304 ----a-w- c:\windows\SysWow64\iZqqhYCwkVrlBx0.exe
2011-10-08 21:36 . 2011-10-08 21:36 3042304 ----a-w- c:\windows\SysWow64\T8ffRZ9hT.exe
2011-10-08 21:35 . 2011-10-08 21:35 3042304 ----a-w- c:\windows\SysWow64\U5sQQ66EK8fZhX.exe
2011-10-08 21:35 . 2011-10-08 21:35 3042304 ----a-w- c:\windows\SysWow64\pCeelIBrzNyx1v2.exe
2011-10-08 21:34 . 2011-10-08 21:34 3042304 ----a-w- c:\windows\SysWow64\oBttzPNyc1uv2b.exe
2011-10-08 21:33 . 2011-10-08 21:33 3042304 ----a-w- c:\windows\SysWow64\gzzONtxA0uS2b3.exe
2011-10-08 21:32 . 2011-10-08 21:32 3042304 ----a-w- c:\windows\SysWow64\SJ66dEK8fZ9hXjC.exe
2011-10-08 21:32 . 2011-10-08 21:32 3042304 ----a-w- c:\windows\SysWow64\bVrllONtP0uc1b3.exe
2011-10-08 21:30 . 2011-10-08 21:30 3042304 ----a-w- c:\windows\SysWow64\rDD33nF4m.exe
2011-10-08 21:30 . 2011-10-08 21:30 3042304 ----a-w- c:\windows\SysWow64\s44aaHHsWJ7E8T.exe
2011-10-08 21:29 . 2011-10-08 21:29 3042304 ----a-w- c:\windows\SysWow64\aNyycA1uv2ob4m5.exe
2011-10-08 21:28 . 2011-10-08 21:28 3042304 ----a-w- c:\windows\SysWow64\u33pnGGaQHdWfLg.exe
2011-10-08 21:27 . 2011-10-08 21:27 3042304 ----a-w- c:\windows\SysWow64\sG5ssJJ6EKR9hXj.exe
2011-10-08 21:26 . 2011-10-08 21:26 3042304 ----a-w- c:\windows\SysWow64\deIIBtzPNcA1v2b.exe
2011-10-08 21:25 . 2011-10-08 21:25 3042304 ----a-w- c:\windows\SysWow64\PrlOOtxPycS1v3n.exe
2011-10-08 21:25 . 2011-10-08 21:25 3042304 ----a-w- c:\windows\SysWow64\vCellIBrPNyA1v2.exe
2011-10-08 21:24 . 2011-10-08 21:24 3042304 ----a-w- c:\windows\SysWow64\VNNtxA0uc.exe
2011-10-08 21:23 . 2011-10-08 21:23 3042304 ----a-w- c:\windows\SysWow64\n8fRR99hXjCk.exe
2011-10-08 21:22 . 2011-10-08 21:22 3042304 ----a-w- c:\windows\SysWow64\ogTTZqjYwkIVlNx.exe
2011-10-08 21:21 . 2011-10-08 21:21 3042304 ----a-w- c:\windows\SysWow64\q0ucc22bD3pGHsK.exe
2011-10-08 21:20 . 2011-10-08 21:20 3042304 ----a-w- c:\windows\SysWow64\vfRRL9gTXjYCkVz.exe
2011-10-08 21:20 . 2011-10-08 21:20 3042304 ----a-w- c:\windows\SysWow64\nffRL9gTXqYCkVz.exe
2011-10-08 21:19 . 2011-10-08 21:19 3042304 ----a-w- c:\windows\SysWow64\rBrzzNNxA1uSoF3.exe
2011-10-08 21:18 . 2011-10-08 21:18 3042304 ----a-w- c:\windows\SysWow64\DAA11vv2onFpHs.exe
2011-10-08 21:17 . 2011-10-08 21:17 3042304 ----a-w- c:\windows\SysWow64\KQ66dWK7fL9TqYe.exe
2011-10-08 21:16 . 2011-10-08 21:16 3042304 ----a-w- c:\windows\SysWow64\bUVVrlOBxP0ySiD.exe
2011-10-08 21:16 . 2011-10-08 21:16 3042304 ----a-w- c:\windows\SysWow64\PbDD3onG4mH6W7.exe
2011-10-08 21:15 . 2011-10-08 21:15 3042304 ----a-w- c:\windows\SysWow64\kibbD3pnGaQHW7.exe
2011-10-08 21:13 . 2011-10-08 21:13 3042304 ----a-w- c:\windows\SysWow64\XsQJJddK8fR9T.exe
2011-10-08 21:13 . 2011-10-08 21:13 3042304 ----a-w- c:\windows\SysWow64\xttxP0ucS1bDoG.exe
2011-10-08 21:12 . 2011-10-08 21:12 3042304 ----a-w- c:\windows\SysWow64\EG55sQJ6dK8fZhX.exe
2011-10-08 21:11 . 2011-10-08 21:11 3042304 ----a-w- c:\windows\SysWow64\DiibD3pnG4QHsK.exe
2011-10-08 21:10 . 2011-10-08 21:10 3042304 ----a-w- c:\windows\SysWow64\RllIIBtzPNycAuD.exe
2011-10-08 21:09 . 2011-10-08 21:09 3042304 ----a-w- c:\windows\SysWow64\XqqjUUCekIBzOyA.exe
2011-10-08 21:08 . 2011-10-08 21:08 3042304 ----a-w- c:\windows\SysWow64\QjjUUCelIBr.exe
2011-10-08 21:07 . 2011-10-08 21:07 3042304 ----a-w- c:\windows\SysWow64\dwwwkUUVelOtz0y.exe
2011-10-08 21:07 . 2011-10-08 21:07 3042304 ----a-w- c:\windows\SysWow64\uCwwkkIVrlONxPu.exe
2011-10-08 21:06 . 2011-10-08 21:06 3042304 ----a-w- c:\windows\SysWow64\YyyyxAA1uv2ob3m.exe
2011-10-08 21:05 . 2011-10-08 21:05 3042304 ----a-w- c:\windows\SysWow64\plllONNtxP0c.exe
2011-10-08 21:04 . 2011-10-08 21:04 3042304 ----a-w- c:\windows\SysWow64\hrrzzONtxA0u.exe
2011-10-08 21:03 . 2011-10-08 21:03 3042304 ----a-w- c:\windows\SysWow64\sqhhYXXwkUVlBz.exe
2011-10-08 21:02 . 2011-10-08 21:02 3042304 ----a-w- c:\windows\SysWow64\niiibDD3o.exe
2011-10-08 21:02 . 2011-10-08 21:02 3042304 ----a-w- c:\windows\SysWow64\mSS22ibbD3.exe
2011-10-08 21:01 . 2011-10-08 21:01 3042304 ----a-w- c:\windows\SysWow64\JPNNyxxA1uv2oF3.exe
2011-10-08 21:01 . 2011-10-08 21:01 3042304 ----a-w- c:\windows\SysWow64\ZdEEKK8fRZ9h.exe
2011-10-08 21:00 . 2011-10-08 21:00 3042304 ----a-w- c:\windows\SysWow64\ZDD33onnG.exe
2011-10-08 20:59 . 2011-10-08 20:59 3042304 ----a-w- c:\windows\SysWow64\fPPNNyxA1u.exe
2011-10-08 20:58 . 2011-10-08 20:58 3042304 ----a-w- c:\windows\SysWow64\W3ppnnG5aQH6WKf.exe
2011-10-08 20:57 . 2011-10-08 20:57 3042304 ----a-w- c:\windows\SysWow64\TvvvS22obF3m.exe
2011-10-08 20:57 . 2011-10-08 20:57 3042304 ----a-w- c:\windows\SysWow64\j33ppmGG5aQ6dKf.exe
2011-10-08 20:56 . 2011-10-08 20:56 3042304 ----a-w- c:\windows\SysWow64\a11iivDD3o.exe
2011-10-08 20:55 . 2011-10-08 20:55 3042304 ----a-w- c:\windows\SysWow64\sccSS1ibD3o.exe
2011-10-08 20:55 . 2011-10-08 20:55 3042304 ----a-w- c:\windows\SysWow64\QYYCCekkIVrONxA.exe
2011-10-08 20:54 . 2011-10-08 20:54 3042304 ----a-w- c:\windows\SysWow64\LNNNyxxA1uv2oFp.exe
2011-10-08 20:53 . 2011-10-08 20:53 3042304 ----a-w- c:\windows\SysWow64\VKKK8ffRL9hTqjC.exe
2011-10-08 20:52 . 2011-10-08 20:52 3042304 ----a-w- c:\windows\SysWow64\ANNttxAA0uS2iDp.exe
2011-10-08 20:36 . 2011-10-08 20:36 -------- d-----w- c:\programdata\WSTB
2011-10-08 07:54 . 2011-10-08 07:54 546816 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2011-10-08 07:54 . 2011-10-08 07:54 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-08 07:54 . 2011-10-08 07:54 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-08 07:54 . 2011-10-08 07:54 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2011-10-08 07:54 . 2011-10-08 07:54 160256 ----a-w- c:\windows\system32\wextract.exe
2011-10-08 07:54 . 2011-10-08 07:54 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-10-08 07:54 . 2011-10-08 07:54 66048 ----a-w- c:\program files\Internet Explorer\JSProfilerCore.dll
2011-10-08 07:54 . 2011-10-08 07:54 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-10-07 23:59 . 2011-10-08 07:39 -------- d-----w- c:\users\Nickolas\AppData\Roaming\vWPL1RoeJA
2011-10-07 23:58 . 2011-10-08 07:39 -------- d-----w- c:\users\Nickolas\AppData\Roaming\cKIbfrDEl2KIbfr
2011-10-07 23:57 . 2011-10-07 23:57 -------- d-----w- c:\users\Nickolas\AppData\Roaming\hRL9gTXqjCkVzNx
2011-10-07 23:56 . 2011-10-07 23:56 -------- d-----w- c:\users\Nickolas\AppData\Roaming\WnqSfPsw3Rydl4w
2011-10-07 23:55 . 2011-10-07 23:55 -------- d-----w- c:\users\Nickolas\AppData\Roaming\GH0Rbl82YQt83kH
2011-10-07 23:55 . 2011-10-07 23:55 -------- d-----w- c:\users\Nickolas\AppData\Roaming\JF9AWVQwDZcE
2011-10-07 23:55 . 2011-10-07 23:55 -------- d-----w- c:\users\Nickolas\AppData\Roaming\PbYnImrHBJzQIGC
2011-10-07 23:55 . 2011-10-07 23:55 -------- d-----w- c:\users\Nickolas\AppData\Roaming\fu92q3YokpVpwbh
2011-10-07 23:55 . 2011-10-07 23:55 -------- d-----w- c:\users\Nickolas\AppData\Roaming\kumh0Hhy5wvdebf
2011-10-07 23:55 . 2011-10-07 23:55 -------- d-----w- c:\users\Nickolas\AppData\Roaming\BNdPJBaInqS7OHe
2011-10-07 23:55 . 2011-10-07 23:57 -------- d-----w- c:\users\Nickolas\AppData\Roaming\ddl4TuWBnX2gSLx
2011-10-07 23:55 . 2011-10-07 23:55 -------- d-----w- c:\users\Nickolas\AppData\Roaming\LnRNQeb9xHVaIG
2011-10-07 23:55 . 2011-10-07 23:55 -------- d-----w- c:\users\Nickolas\AppData\Roaming\CEBmknhvZufxKN
2011-10-07 23:55 . 2011-10-07 23:55 -------- d-----w- c:\users\Nickolas\AppData\Roaming\gxQepZ1g1gc8N8u
2011-10-07 23:55 . 2011-10-07 23:55 -------- d-----w- c:\users\Nickolas\AppData\Roaming\zBFfO4ZuJrnqc7U
2011-10-07 23:55 . 2011-10-07 23:55 -------- d-----w- c:\users\Nickolas\AppData\Roaming\TufAKN6rm
2011-10-07 23:55 . 2011-10-07 23:55 -------- d-----w- c:\users\Nickolas\AppData\Roaming\bj29AdVpZuJrFYi
2011-10-07 09:33 . 2011-10-08 07:39 -------- d-----w- c:\users\Nickolas\AppData\Roaming\kVxiG7jlc4Lr1m
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 23:14 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-10-03 23:14 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-09-26 01:58 . 2011-08-07 09:23 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-12 17:32 . 2010-03-11 06:20 35664 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2011-08-21 03:39 . 2011-08-21 03:39 65536 ----a-r- c:\users\Nickolas\AppData\Roaming\Microsoft\Installer\{E52FE20A-8D42-4B25-8C69-63E0AA9DC2C1}\NewShortcut13_29A08217E4E34B148338A38AE49035C5.exe
2011-08-21 03:39 . 2011-08-21 03:39 65536 ----a-r- c:\users\Nickolas\AppData\Roaming\Microsoft\Installer\{E52FE20A-8D42-4B25-8C69-63E0AA9DC2C1}\NewShortcut12_E52D111283C64D2E90346906A612B4DC.exe
2011-08-21 03:39 . 2011-08-21 03:39 65536 ----a-r- c:\users\Nickolas\AppData\Roaming\Microsoft\Installer\{E52FE20A-8D42-4B25-8C69-63E0AA9DC2C1}\ARPPRODUCTICON.exe
2011-08-07 17:52 . 2011-08-07 17:52 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-21 21:59 . 2011-08-07 17:50 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-07-16 05:41 . 2011-08-10 16:02 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-10 16:02 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-10 16:02 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-10 16:02 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-10 16:02 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:21 . 2011-08-10 16:02 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:29 . 2011-08-10 16:02 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26 . 2011-08-10 16:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:25 . 2011-08-10 16:02 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:24 . 2011-08-10 16:02 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:24 . 2011-08-10 16:02 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:15 . 2011-08-10 16:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 16:02 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:21 . 2011-08-10 16:02 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:17 . 2011-08-10 16:02 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 16:02 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 16:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-12 18:34 . 2011-07-12 18:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:34 . 2011-07-12 18:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 18:34 . 2011-07-12 18:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 18:34 . 2011-07-12 18:34 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-12 18:20 . 2011-07-12 18:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-07-12 18:20 . 2011-07-12 18:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
"G11ivD2on4pm5sJ8234A"="c:\windows\system32\config\systemprofile\AppData\Roaming\CWWWJ77dEL8ZhYw\uVeelOBtP0yc.exe" [2011-10-08 3042304]
"ovvvS2iiF3p8234A"="c:\windows\system32\config\systemprofile\AppData\Roaming\Q888fRRL9hT\IqjjUCekIBrzNyA.exe" [2011-10-08 3042304]
"T44aaQHH6sW78234A"="c:\windows\system32\ANNttxAA0uS2iDp.exe" [2011-10-08 3042304]
"WIIIBrrzO8234A"="c:\windows\system32\VKKK8ffRL9hTqjC.exe" [2011-10-08 3042304]
"F555aJJ6dW8fL9T8234A"="c:\windows\system32\LNNNyxxA1uv2oFp.exe" [2011-10-08 3042304]
"cSS22ibbDpnG8234A"="c:\windows\system32\QYYCCekkIVrONxA.exe" [2011-10-08 3042304]
"g44aamH6sWJ7ELg8234A"="c:\windows\system32\sccSS1ibD3o.exe" [2011-10-08 3042304]
"I44aamHH5sJ7dLR8234A"="c:\windows\system32\a11iivDD3o.exe" [2011-10-08 3042304]
"WhhhTTXqjUCeIBz8234A"="c:\windows\system32\j33ppmGG5aQ6dKf.exe" [2011-10-08 3042304]
"VaaQQJ66dWKfR9h8234A"="c:\windows\system32\TvvvS22obF3m.exe" [2011-10-08 3042304]
"v99ggTqjYC8234A"="c:\windows\system32\W3ppnnG5aQH6WKf.exe" [2011-10-08 3042304]
"joobbF3pmG5adW88234A"="c:\windows\system32\fPPNNyxA1u.exe" [2011-10-08 3042304]
"SammHH6sWJ7fL8234A"="c:\windows\system32\ZDD33onnG.exe" [2011-10-08 3042304]
"fwwjjUCelIBrzNx8234A"="c:\windows\system32\ZdEEKK8fRZ9h.exe" [2011-10-08 3042304]
"AGG55aQQJ8234A"="c:\windows\system32\JPNNyxxA1uv2oF3.exe" [2011-10-08 3042304]
"UnGGG4aQH6sW7f8234A"="c:\windows\system32\mSS22ibbD3.exe" [2011-10-08 3042304]
"Y444ammH6sW7f8234A"="c:\windows\system32\niiibDD3o.exe" [2011-10-08 3042304]
"AAA11vv2o8234A"="c:\windows\system32\sqhhYXXwkUVlBz.exe" [2011-10-08 3042304]
"O22iibD33nG4aHs8234A"="c:\windows\system32\hrrzzONtxA0u.exe" [2011-10-08 3042304]
"d11iibD3onG4mHs8234A"="c:\windows\system32\plllONNtxP0c.exe" [2011-10-08 3042304]
"maaQJ66dWK8234A"="c:\windows\system32\YyyyxAA1uv2ob3m.exe" [2011-10-08 3042304]
"UbbDD3oon4am6sJ8234A"="c:\windows\system32\uCwwkkIVrlONxPu.exe" [2011-10-08 3042304]
"iivvDD2onF4pH8234A"="c:\windows\system32\dwwwkUUVelOtz0y.exe" [2011-10-08 3042304]
"pxxA11uvS2ob3pG8234A"="c:\windows\system32\QjjUUCelIBr.exe" [2011-10-08 3042304]
"GQQH6ddWKfRLgTq8234A"="c:\windows\system32\XqqjUUCekIBzOyA.exe" [2011-10-08 3042304]
"FF44ppmG5sJ68234A"="c:\windows\system32\RllIIBtzPNycAuD.exe" [2011-10-08 3042304]
"fL9TqjYCwI8234A"="c:\windows\system32\DiibD3pnG4QHsK.exe" [2011-10-08 3042304]
"NellIBrzNyx1uSo8234A"="c:\windows\system32\EG55sQJ6dK8fZhX.exe" [2011-10-08 3042304]
"XH6ssWJ7EL8234A"="c:\windows\system32\xttxP0ucS1bDoG.exe" [2011-10-08 3042304]
"yUUCCllBzPyx1v28234A"="c:\windows\system32\XsQJJddK8fR9T.exe" [2011-10-08 3042304]
"FTZjYCkIrONt8234A"="c:\windows\system32\kibbD3pnGaQHW7.exe" [2011-10-08 3042304]
"mggTZqqYCw8234A"="c:\windows\system32\PbDD3onG4mH6W7.exe" [2011-10-08 3042304]
"RF44amH5sJ7dLg8234A"="c:\windows\system32\bUVVrlOBxP0ySiD.exe" [2011-10-08 3042304]
"yxAuS2ibD3nGaHs8234A"="c:\windows\system32\KQ66dWK7fL9TqYe.exe" [2011-10-08 3042304]
"REEK8gRZ9hX8234A"="c:\windows\system32\DAA11vv2onFpHs.exe" [2011-10-08 3042304]
"jK8ffLL9TqjUeIr8234A"="c:\windows\system32\rBrzzNNxA1uSoF3.exe" [2011-10-08 3042304]
"QucSSiiD3pn4QH8234A"="c:\windows\system32\nffRL9gTXqYCkVz.exe" [2011-10-08 3042304]
"x2iibD3pG4aQ6W78234A"="c:\windows\system32\vfRRL9gTXjYCkVz.exe" [2011-10-08 3042304]
"IggTZqjYCwIVlNx8234A"="c:\windows\system32\q0ucc22bD3pGHsK.exe" [2011-10-08 3042304]
"TSS1ibD3on4aHsJ8234A"="c:\windows\system32\ogTTZqjYwkIVlNx.exe" [2011-10-08 3042304]
"lrzOOyyA0uv2bFp8234A"="c:\windows\system32\n8fRR99hXjCk.exe" [2011-10-08 3042304]
"hDD3pnn4aQ6sKfL8234A"="c:\windows\system32\VNNtxA0uc.exe" [2011-10-08 3042304]
"LppmG5aQJ6WKfLh8234A"="c:\windows\system32\vCellIBrPNyA1v2.exe" [2011-10-08 3042304]
"wssWW77EL8RZhXk8234A"="c:\windows\system32\PrlOOtxPycS1v3n.exe" [2011-10-08 3042304]
"g5sQQ66EK8fZhX8234A"="c:\windows\system32\deIIBtzPNcA1v2b.exe" [2011-10-08 3042304]
"fIIBrzPNyx1uSoF8234A"="c:\windows\system32\sG5ssJJ6EKR9hXj.exe" [2011-10-08 3042304]
"FkkIVrzONtA0c2b8234A"="c:\windows\system32\u33pnGGaQHdWfLg.exe" [2011-10-08 3042304]
"UdEKK8fR9hTXjC8234A"="c:\windows\system32\aNyycA1uv2ob4m5.exe" [2011-10-08 3042304]
"chYCCkkVr8234A"="c:\windows\system32\s44aaHHsWJ7E8T.exe" [2011-10-08 3042304]
"SJJ7dEL8gRqYwkV8234A"="c:\windows\system32\rDD33nF4m.exe" [2011-10-08 3042304]
"ZamHHssJ7fE8TZh8234A"="c:\windows\system32\bVrllONtP0uc1b3.exe" [2011-10-08 3042304]
"irzPPNyx1uvSoFp8234A"="c:\windows\system32\SJ66dEK8fZ9hXjC.exe" [2011-10-08 3042304]
"F4aQQ66sK8234A"="c:\windows\system32\gzzONtxA0uS2b3.exe" [2011-10-08 3042304]
"OmGG5sQJ6E8234A"="c:\windows\system32\oBttzPNyc1uv2b.exe" [2011-10-08 3042304]
"CmmG5aQJ6dK8R9T8234A"="c:\windows\system32\pCeelIBrzNyx1v2.exe" [2011-10-08 3042304]
"DeelIBrzPNx8234A"="c:\windows\system32\U5sQQ66EK8fZhX.exe" [2011-10-08 3042304]
"IUUCelIBrzNyAuS8234A"="c:\windows\system32\T8ffRZ9hT.exe" [2011-10-08 3042304]
"RivvD3on4amHsJd8234A"="c:\windows\system32\iZqqhYCwkVrlBx0.exe" [2011-10-08 3042304]
"eEEK8fRZ9hXwUeI8234A"="c:\windows\system32\ivD22obFpmGsQ.exe" [2011-10-08 3042304]
"tvDD2onFpmH5Q8234A"="c:\windows\system32\gYXXwkUVeOBtPyA.exe" [2011-10-08 3042304]
"AssQJ7dEK8RZ8234A"="c:\windows\system32\ZzPP0ycA1vD2n4m.exe" [2011-10-08 3042304]
"AHH6sWJ7fE8gZhC8234A"="c:\windows\system32\TONNtPPucSib3n4.exe" [2011-10-08 3042304]
"jxP00ucSibD3n4m8234A"="c:\windows\system32\mELL9gTZqYCwIrO.exe" [2011-10-08 3042304]
"o44pmH5sQJdE8R98234A"="c:\windows\system32\fBtzz00yA1iDo.exe" [2011-10-08 3042304]
"yqjjYCwkVrlOtPu8234A"="c:\windows\system32\uHH6sWW7fE9g.exe" [2011-10-08 3042304]
"EyycA1ivD2nFp8234A"="c:\windows\system32\DggRRqqYXwUVlBz.exe" [2011-10-08 3042304]
"XF4ppGGsQJ6E8RZ8234A"="c:\windows\system32\yVeelIBtPNyc1v2.exe" [2011-10-08 3042304]
"BAA1uvD2oF4pGsJ8234A"="c:\windows\system32\KRZZ9hYXwUVeItP.exe" [2011-10-08 3042304]
"rFF44mm5sQ7dKgZ8234A"="c:\windows\system32\VUVeeOOBzP0cAiD.exe" [2011-10-08 3042304]
"cBBrzONyxAuv2b38234A"="c:\windows\system32\ufRLL9hTqjUe.exe" [2011-10-08 3042304]
"eZZqqYYwkUrlBx8234A"="c:\windows\system32\d3oonG4am6sW7E8.exe" [2011-10-08 3042304]
"mNNtxP0ucS8234A"="c:\windows\system32\NfELLggZqjYwIr.exe" [2011-10-08 3042304]
"nG55sQJ6dK8fZTw8234A"="c:\windows\system32\DeelIBBzPNcAuDo.exe" [2011-10-08 3042304]
"a2ibbF3pG5aH68234A"="c:\windows\system32\tXqjjCCkIBrOyA0.exe" [2011-10-08 3042304]
"dJ7ddEK9hYXjVlB8234A"="c:\windows\system32\RD22onF4mH5.exe" [2011-10-08 3042304]
"kOBttPP0cA1vDoF8234A"="c:\windows\system32\vELL8gRZhYXwU.exe" [2011-10-08 3042304]
"sccS2ibD3nG8234A"="c:\windows\system32\cTXqqjYCkIVrOtA.exe" [2011-10-08 3042304]
"attxA0ucS2bDp8234A"="c:\windows\system32\GK77RL9gXqjCkVr.exe" [2011-10-08 3042304]
"IA11uvS2b8234A"="c:\windows\system32\DTTXXjjCelIrPy.exe" [2011-10-08 3042304]
"LhhTXqqUCeIBzNx8234A"="c:\windows\system32\v2oobF3pG5aQ6W8.exe" [2011-10-08 3042304]
"GzzONyxA0uS2b3n8234A"="c:\windows\system32\OdWKKffL9hTqUek.exe" [2011-10-08 3042304]
"YlOOBtzPycA1v2n8234A"="c:\windows\system32\HWJJ7dEL8RZqYwU.exe" [2011-10-08 3042304]
"d3ppnG4aQ6sW7E98234A"="c:\windows\system32\uCeekIVrzNtx0c2.exe" [2011-10-08 3042304]
"BhYXXjjVelItP8234A"="c:\windows\system32\W2onn44pH5sJdEg.exe" [2011-10-08 3042304]
"G55sQJJdEKgR98234A"="c:\windows\system32\OBtzz00cA1iDon4.exe" [2011-10-08 3042304]
"KddEE88RZ98234A"="c:\windows\system32\kA1uuvD2bF4mGs.exe" [2011-10-08 3042304]
"K8ggRZqhYwkUeOt8234A"="c:\windows\system32\RnnF4amH5sJ.exe" [2011-10-08 3042304]
"nVrrzONtA0uc2b38234A"="c:\windows\system32\NddWK77RL9TXjCk.exe" [2011-10-08 3042304]
"qJJ77EE8gRqh8234A"="c:\windows\system32\ZP0yycS1vD3nFaH.exe" [2011-10-08 3042304]
"kCeelIBrzNyx1v8234A"="c:\windows\system32\sG55sQJ6dK8fZhX.exe" [2011-10-08 3042304]
"h7dEEL8gZqhX8234A"="c:\windows\system32\nyccS1ivDonFaHs.exe" [2011-10-08 3042304]
"DlIIBzPNyA1uDo8234A"="c:\windows\system32\j5ssQJ7dE8gR9Yw.exe" [2011-10-08 3042304]
"a1iivD2oF4pm5Q78234A"="c:\windows\system32\o8gRZqhYwkUeOBz.exe" [2011-10-08 3042304]
"hFF44mm5sQ7d8234A"="c:\windows\system32\mVeelOBtz0yc1v2.exe" [2011-10-08 3042304]
"Wiivv33nF4mHsJd8234A"="c:\windows\system32\yZqqhYCwkVrlBx0.exe" [2011-10-08 3042304]
"p99gTqqYCwkVlNx8234A"="c:\windows\system32\iucSSiiD3pn4Q6s.exe" [2011-10-08 3042304]
"z9hhTXqjUekIrOy8234A"="c:\windows\system32\VS2ooFFpmG5Q6W8.exe" [2011-10-08 3042304]
"AuvvD2obF8234A"="c:\windows\system32\QXXwjUUelItzNc.exe" [2011-10-08 3042304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Macromedia Update"="c:\windows\system32\config\systemprofile\AppData\Local\Google\GoogleUpdate\Googleupdt32.DLL" [2011-10-06 132096]
"Malwarebytes' Update"="c:\windows\system32\config\systemprofile\AppData\Local\Sunbelt Software\SunbeltUpdate\Sunbeltupdt32.DLL" [2011-10-06 132096]
"AppDataLow Update"="c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.DLL" [2011-10-06 132096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-26 136176]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-26 136176]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-08-07 17152]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [x]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [x]
S1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2010-06-14 89600]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\AVG\AVG9\avgemc.exe [2010-07-21 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-07-18 308136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 20:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-26 07:50]
.
2011-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-26 07:50]
.
2011-09-27 c:\windows\Tasks\HPCeeScheduleForNickolas.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-24 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-24 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-24 408600]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-14 487424]
"combofix"="c:\combofix\CF10291.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Nickolas\AppData\Roaming\Mozilla\Firefox\Profiles\kjpi10i2.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{38542454-dfb6-44f5-b052-d4e071a3d073} - (no file)
Wow6432Node-HKLM-Run-PRZZ9hhTXwjCeIB8234A - c:\windows\system32\yFF44pmGG5QJ6E8.exe
Wow6432Node-HKLM-Run-bivvDD2onF4mHsQ8234A - c:\windows\system32\EwwwkUVelOBzPyA.exe
Wow6432Node-HKLM-Run-DFF33pnG5aQHdW78234A - c:\windows\system32\brrzzONyxA0vS2.exe
Wow6432Node-HKLM-Run-PyyycSS1iv3nFa8234A - c:\windows\system32\HqqqhYYCwkUrlBx.exe
Wow6432Node-HKLM-Run-a88ffRL99TXjCIB8234A - c:\windows\system32\YoobbF3pmG5aQ6W.exe
Wow6432Node-HKLM-Run-T66ddWKK88234A - c:\windows\system32\PuuuvSS2oF3pm5.exe
Wow6432Node-HKLM-Run-BaaaQJJ6dW8234A - c:\windows\system32\tyyxxA1uuv2ob3m.exe
Wow6432Node-HKLM-Run-EEEL88gZqhYXkUe8234A - c:\windows\system32\m4aamHssJ7.exe
Wow6432Node-HKLM-Run-UWJJ77dE8ZhYXkV8234A - c:\windows\system32\LonnF44amH5.exe
Wow6432Node-HKLM-Run-p6ddWWK7f8234A - c:\windows\system32\TuuuvvS2ibF3nGa.exe
Wow6432Node-HKLM-Run-P77ffRL9gTXqYC8234A - c:\windows\system32\f5aaQQH6dW.exe
Wow6432Node-HKLM-Run-XrrzzPNyxA1vS8234A - c:\windows\system32\jfffRZZ9hTXjUel.exe
Wow6432Node-HKLM-Run-uDDD2oobFpmG8234A - c:\windows\system32\YwwjjUelIBzPyc1.exe
Wow6432Node-HKLM-Run-JAA0uuvSibFp8234A - c:\windows\system32\ARLL9hhTXqjCkzN.exe
Wow6432Node-HKLM-Run-sCwwkUVrlx08234A - c:\windows\system32\jHHH6sWWJ7fL8TZ.exe
Wow6432Node-HKLM-Run-AoonF4pmmHsQJdK8234A - c:\windows\system32\kzzzP00yA1i.exe
Wow6432Node-HKLM-Run-XRRZZ9hYYwjUelB8234A - c:\windows\system32\KHHH5ssJJK.exe
Wow6432Node-HKLM-Run-yttxxP0ycSivDoF8234A - c:\windows\system32\TEELL8gTZhYwUVl.exe
Wow6432Node-HKLM-Run-AUUVVellOzPy8234A - c:\windows\system32\JWWJJ7ddL8gRqYX.exe
Wow6432Node-HKLM-Run-KssWWJ77EL8234A - c:\windows\system32\kPP00yccS1vDam.exe
Wow6432Node-HKLM-Run-s7EEKK8gRZ98234A - c:\windows\system32\AcAA11ivD2on4pH.exe
Wow6432Node-HKLM-Run-o3oonnG4amH8234A - c:\windows\system32\BIIIVrllNxP0c1b.exe
Wow6432Node-HKLM-Run-snnnF44amH58234A - c:\windows\system32\wrrllOBtxPycSiD.exe
Wow6432Node-HKLM-Run-tSS2oobF3pmGaJd8234A - c:\windows\system32\cIIIBrPNyxA1.exe
Wow6432Node-HKLM-Run-JooFFaaH58234A - c:\windows\system32\THWf8hwrlOxPy1v.exe
Wow6432Node-HKLM-Run-qKKK8ffRZ9TXjUe8234A - c:\windows\system32\ZA11uvD2obFpms6.exe
Wow6432Node-HKLM-Run-xbbbDoonG4am6sJ8234A - c:\windows\system32\ZCCCkVOxP0cS.exe
Wow6432Node-HKLM-Run-C111vvD3onF4m5s8234A - c:\windows\system32\IrrlBtx0y.exe
Wow6432Node-HKLM-Run-TDD22on4pm5Q7Kg8234A - c:\windows\system32\wE8ZhYXkelOBPy1.exe
Wow6432Node-HKLM-Run-WaQQJ66dW8234A - c:\windows\system32\kNNyyx1vS2b3mG.exe
Wow6432Node-HKLM-Run-oJJ66WWK8fL8234A - c:\windows\system32\R11uuvS2obF3pGa.exe
Wow6432Node-HKLM-Run-SEf9TwCIrPyx1vo8234A - c:\windows\system32\SRRZZYjVltPFm.exe
Wow6432Node-HKLM-Run-oaamsJ7dEL8gZXk8234A - c:\windows\system32\H000ycc11iD.exe
Wow6432Node-HKLM-Run-NL88gTTqhYCkrOB8234A - c:\windows\system32\cONtPPuSinGm6W7.exe
Wow6432Node-HKLM-Run-fZZ99hYXwjUeI8234A - c:\windows\system32\DoooFpmH5sQ7dK8.exe
Wow6432Node-HKLM-Run-S33onaasWJ7LThC8234A - c:\windows\system32\rNtxxu1ib.exe
Wow6432Node-HKLM-Run-lK888f9hTXClIPy8234A - c:\windows\system32\jNyycA1uDbFpms6.exe
Wow6432Node-HKLM-Run-nYYYCwwVrlONP0c8234A - c:\windows\system32\rpppnG44QH6WE9T.exe
Wow6432Node-HKLM-Run-bkkkUVVelOB8234A - c:\windows\system32\VHH55sWJ7dE8RqY.exe
Wow6432Node-HKLM-Run-bFppmH5J7d8gZX8234A - c:\windows\system32\ekUUVVOBtz0c1v2.exe
Wow6432Node-HKLM-Run-JcSS22DpaQHW8234A - c:\windows\system32\wTTTXqjjCekIzOt.exe
Wow6432Node-HKLM-Run-zelOBttzP08234A - c:\windows\system32\NBiH7EL8ZhY.exe
Wow6432Node-HKLM-Run-uLL88gTTZqYCwUV8234A - c:\windows\system32\EVlNtP0Sbo4Hs.exe
Wow6432Node-HKLM-Run-VTTjYkIrzNxu23G8234A - c:\windows\system32\wUCIOyuviF3GQdf.exe
Wow6432Node-HKLM-Run-Z1uSS2oob8234A - c:\windows\system32\hwwjjUCCelIrzNx.exe
Wow6432Node-HKLM-Run-obFF3nnaHdW8234A - c:\windows\system32\BekkIIBrzONyA0v.exe
Wow6432Node-HKLM-Run-GVVelOOBtz0yc1v8234A - c:\windows\system32\BsssWJ7EL8gZqYw.exe
Wow6432Node-HKLM-Run-ypp5aQQ6dWKfR9T8234A - c:\windows\system32\dRRL9TXUCeIOAv2.exe
Wow6432Node-HKLM-Run-TZZZYwkUV8234A - c:\windows\system32\GiibD3oonGaHJ.exe
Wow6432Node-HKLM-Run-mXXwwjUUelIBrPy8234A - c:\windows\system32\u66ddEK8fRZh.exe
Wow6432Node-HKLM-Run-pnnGG5aaQHdWKfL8234A - c:\windows\system32\TOONNyxAA0vS.exe
Wow6432Node-HKLM-Run-fvvSS2obF3pmGaJ8234A - c:\windows\system32\z6ddEEK8fRZ9Twj.exe
Wow6432Node-HKLM-Run-U000cA1ivD2oF4m8234A - c:\windows\system32\cRRZZqhYYXkUVlO.exe
Wow6432Node-HKLM-Run-RL88ggZqhCw8234A - c:\windows\system32\ODDD3onG4am6WJf.exe
Wow6432Node-HKLM-Run-PAAA11uvS2ob3pG8234A - c:\windows\system32\yXXXwjUCelIBzN.exe
Wow6432Node-HKLM-Run-AhhTTXwjjUelBzP8234A - c:\windows\system32\TobbF4mmG5sJ6E8.exe
Wow6432Node-HKLM-Run-bLLL9hhTXqj8234A - c:\windows\system32\RFF33pmGG5QJ6W8.exe
Wow6432Node-HKLM-Run-zEELL9ggTZjYCkI8234A - c:\windows\system32\UaQQHH6sWK7.exe
Wow6432Node-HKLM-Run-iJJJ77dEK8gR9hX8234A - c:\windows\system32\wPP00yA11vDon4m.exe
Wow6432Node-HKLM-Run-U777fRLTXqCkVr8234A - c:\windows\system32\PzOx0vS223nGaH.exe
Wow6432Node-HKLM-Run-S8ffRZ9hXwjUe8234A - c:\windows\system32\Y1uvvD2oF4pGsQ6.exe
Wow6432Node-HKU-Default-Run-JavaOnlineNotifier - c:\programdata\JavaOnlineNotifier.dll
WebBrowser-{38542454-DFB6-44F5-B052-D4E071A3D073} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-$BLSTUN$ - c:\windows\$BLSTUN$\apUninstall.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Utherverse VWW Client - c:\program files (x86)\Utherverse Digital Inc\Utherverse VWW Client\Branding\{FF92D786-2E61-4410-8E67-5BC370DB244D}\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\AVG\AVG9\avgcsrvx.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
.
**************************************************************************
.
Completion time: 2011-10-08 15:21:08 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-08 22:21
.
Pre-Run: 181,312,471,040 bytes free
Post-Run: 181,186,629,632 bytes free
.
- - End Of File - - 87456592B62136B12D75CDF660409012

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:29 PM

Posted 08 October 2011 - 08:18 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
c:\windows\SysWow64\FyyxA0uvSibFpGa.exe
c:\windows\SysWow64\QXXwjUUelItzNc.exe
c:\windows\SysWow64\VS2ooFFpmG5Q6W8.exe
c:\windows\SysWow64\iucSSiiD3pn4Q6s.exe
c:\windows\SysWow64\yZqqhYCwkVrlBx0.exe
c:\windows\SysWow64\mVeelOBtz0yc1v2.exe
c:\windows\SysWow64\o8gRZqhYwkUeOBz.exe
c:\windows\SysWow64\j5ssQJ7dE8gR9Yw.exe
c:\windows\SysWow64\nyccS1ivDonFaHs.exe
c:\windows\SysWow64\sG55sQJ6dK8fZhX.exe
c:\windows\SysWow64\ZP0yycS1vD3nFaH.exe
c:\windows\SysWow64\NddWK77RL9TXjCk.exe
c:\windows\SysWow64\RnnF4amH5sJ.exe
c:\windows\SysWow64\kA1uuvD2bF4mGs.exe
c:\windows\SysWow64\OBtzz00cA1iDon4.exe
c:\windows\SysWow64\W2onn44pH5sJdEg.exe
c:\windows\SysWow64\uCeekIVrzNtx0c2.exe
c:\windows\SysWow64\HWJJ7dEL8RZqYwU.exe
c:\windows\SysWow64\OdWKKffL9hTqUek.exe
c:\windows\SysWow64\v2oobF3pG5aQ6W8.exe
c:\windows\SysWow64\DTTXXjjCelIrPy.exe
c:\windows\SysWow64\GK77RL9gXqjCkVr.exe
c:\windows\SysWow64\cTXqqjYCkIVrOtA.exe
c:\windows\SysWow64\vELL8gRZhYXwU.exe
c:\windows\SysWow64\RD22onF4mH5.exe
c:\windows\SysWow64\tXqjjCCkIBrOyA0.exe
c:\windows\SysWow64\DeelIBBzPNcAuDo.exe
c:\windows\SysWow64\NfELLggZqjYwIr.exe
c:\windows\SysWow64\d3oonG4am6sW7E8.exe
c:\windows\SysWow64\ufRLL9hTqjUe.exe
c:\windows\SysWow64\VUVeeOOBzP0cAiD.exe
c:\windows\SysWow64\KRZZ9hYXwUVeItP.exe
c:\windows\SysWow64\yVeelIBtPNyc1v2.exe
c:\windows\SysWow64\DggRRqqYXwUVlBz.exe
c:\windows\SysWow64\uHH6sWW7fE9g.exe
c:\windows\SysWow64\fBtzz00yA1iDo.exe
c:\windows\SysWow64\mELL9gTZqYCwIrO.exe
c:\windows\SysWow64\TONNtPPucSib3n4.exe
c:\windows\SysWow64\ZzPP0ycA1vD2n4m.exe
c:\windows\SysWow64\gYXXwkUVeOBtPyA.exe
c:\windows\SysWow64\ivD22obFpmGsQ.exe
c:\windows\SysWow64\iZqqhYCwkVrlBx0.exe
c:\windows\SysWow64\T8ffRZ9hT.exe
c:\windows\SysWow64\U5sQQ66EK8fZhX.exe
c:\windows\SysWow64\pCeelIBrzNyx1v2.exe
c:\windows\SysWow64\oBttzPNyc1uv2b.exe
c:\windows\SysWow64\gzzONtxA0uS2b3.exe
c:\windows\SysWow64\SJ66dEK8fZ9hXjC.exe
c:\windows\SysWow64\bVrllONtP0uc1b3.exe
c:\windows\SysWow64\rDD33nF4m.exe
c:\windows\SysWow64\s44aaHHsWJ7E8T.exe
c:\windows\SysWow64\aNyycA1uv2ob4m5.exe
c:\windows\SysWow64\u33pnGGaQHdWfLg.exe
c:\windows\SysWow64\sG5ssJJ6EKR9hXj.exe
c:\windows\SysWow64\deIIBtzPNcA1v2b.exe
c:\windows\SysWow64\PrlOOtxPycS1v3n.exe
c:\windows\SysWow64\vCellIBrPNyA1v2.exe
c:\windows\SysWow64\VNNtxA0uc.exe
c:\windows\SysWow64\n8fRR99hXjCk.exe
c:\windows\SysWow64\ogTTZqjYwkIVlNx.exe
c:\windows\SysWow64\q0ucc22bD3pGHsK.exe
c:\windows\SysWow64\vfRRL9gTXjYCkVz.exe
c:\windows\SysWow64\nffRL9gTXqYCkVz.exe
c:\windows\SysWow64\rBrzzNNxA1uSoF3.exe
c:\windows\SysWow64\DAA11vv2onFpHs.exe
c:\windows\SysWow64\KQ66dWK7fL9TqYe.exe
c:\windows\SysWow64\bUVVrlOBxP0ySiD.exe
c:\windows\SysWow64\PbDD3onG4mH6W7.exe
c:\windows\SysWow64\kibbD3pnGaQHW7.exe
c:\windows\SysWow64\XsQJJddK8fR9T.exe
c:\windows\SysWow64\xttxP0ucS1bDoG.exe
c:\windows\SysWow64\EG55sQJ6dK8fZhX.exe
c:\windows\SysWow64\DiibD3pnG4QHsK.exe
c:\windows\SysWow64\RllIIBtzPNycAuD.exe
c:\windows\SysWow64\XqqjUUCekIBzOyA.exe
c:\windows\SysWow64\QjjUUCelIBr.exe
c:\windows\SysWow64\dwwwkUUVelOtz0y.exe
c:\windows\SysWow64\uCwwkkIVrlONxPu.exe
c:\windows\SysWow64\YyyyxAA1uv2ob3m.exe
c:\windows\SysWow64\plllONNtxP0c.exe
c:\windows\SysWow64\hrrzzONtxA0u.exe
c:\windows\SysWow64\sqhhYXXwkUVlBz.exe
c:\windows\SysWow64\niiibDD3o.exe
c:\windows\SysWow64\mSS22ibbD3.exe
c:\windows\SysWow64\JPNNyxxA1uv2oF3.exe
c:\windows\SysWow64\ZdEEKK8fRZ9h.exe
c:\windows\SysWow64\ZDD33onnG.exe
c:\windows\SysWow64\fPPNNyxA1u.exe
c:\windows\SysWow64\W3ppnnG5aQH6WKf.exe
c:\windows\SysWow64\TvvvS22obF3m.exe
c:\windows\SysWow64\j33ppmGG5aQ6dKf.exe
c:\windows\SysWow64\a11iivDD3o.exe
c:\windows\SysWow64\sccSS1ibD3o.exe
c:\windows\SysWow64\QYYCCekkIVrONxA.exe
c:\windows\SysWow64\LNNNyxxA1uv2oFp.exe
c:\windows\SysWow64\VKKK8ffRL9hTqjC.exe
c:\windows\SysWow64\ANNttxAA0uS2iDp.exe


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Nickolas F

Nickolas F
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 08 October 2011 - 08:48 PM

Gringo,

Wow. That seemed to work! According to Windows, my firewall is back and working. My task manager is holding at 4-5% in regular mode, and the only warnings I'm getting are to turn my anti-virus protection back on. I'm still putting the log here, and anything else you need me to do I am DELIGHTED to do!

Nick

ComboFix 11-10-08.05 - Nickolas 10/08/2011 18:25:47.2.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.3160 [GMT -7:00]
Running from: c:\users\Nickolas\Downloads\ComboFix.exe
Command switches used :: c:\users\Nickolas\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\SysWow64\a11iivDD3o.exe"
"c:\windows\SysWow64\ANNttxAA0uS2iDp.exe"
"c:\windows\SysWow64\aNyycA1uv2ob4m5.exe"
"c:\windows\SysWow64\bUVVrlOBxP0ySiD.exe"
"c:\windows\SysWow64\bVrllONtP0uc1b3.exe"
"c:\windows\SysWow64\cTXqqjYCkIVrOtA.exe"
"c:\windows\SysWow64\d3oonG4am6sW7E8.exe"
"c:\windows\SysWow64\DAA11vv2onFpHs.exe"
"c:\windows\SysWow64\DeelIBBzPNcAuDo.exe"
"c:\windows\SysWow64\deIIBtzPNcA1v2b.exe"
"c:\windows\SysWow64\DggRRqqYXwUVlBz.exe"
"c:\windows\SysWow64\DiibD3pnG4QHsK.exe"
"c:\windows\SysWow64\DTTXXjjCelIrPy.exe"
"c:\windows\SysWow64\dwwwkUUVelOtz0y.exe"
"c:\windows\SysWow64\EG55sQJ6dK8fZhX.exe"
"c:\windows\SysWow64\fBtzz00yA1iDo.exe"
"c:\windows\SysWow64\fPPNNyxA1u.exe"
"c:\windows\SysWow64\FyyxA0uvSibFpGa.exe"
"c:\windows\SysWow64\GK77RL9gXqjCkVr.exe"
"c:\windows\SysWow64\gYXXwkUVeOBtPyA.exe"
"c:\windows\SysWow64\gzzONtxA0uS2b3.exe"
"c:\windows\SysWow64\hrrzzONtxA0u.exe"
"c:\windows\SysWow64\HWJJ7dEL8RZqYwU.exe"
"c:\windows\SysWow64\iucSSiiD3pn4Q6s.exe"
"c:\windows\SysWow64\ivD22obFpmGsQ.exe"
"c:\windows\SysWow64\iZqqhYCwkVrlBx0.exe"
"c:\windows\SysWow64\j33ppmGG5aQ6dKf.exe"
"c:\windows\SysWow64\j5ssQJ7dE8gR9Yw.exe"
"c:\windows\SysWow64\JPNNyxxA1uv2oF3.exe"
"c:\windows\SysWow64\kA1uuvD2bF4mGs.exe"
"c:\windows\SysWow64\kibbD3pnGaQHW7.exe"
"c:\windows\SysWow64\KQ66dWK7fL9TqYe.exe"
"c:\windows\SysWow64\KRZZ9hYXwUVeItP.exe"
"c:\windows\SysWow64\LNNNyxxA1uv2oFp.exe"
"c:\windows\SysWow64\mELL9gTZqYCwIrO.exe"
"c:\windows\SysWow64\mSS22ibbD3.exe"
"c:\windows\SysWow64\mVeelOBtz0yc1v2.exe"
"c:\windows\SysWow64\n8fRR99hXjCk.exe"
"c:\windows\SysWow64\NddWK77RL9TXjCk.exe"
"c:\windows\SysWow64\NfELLggZqjYwIr.exe"
"c:\windows\SysWow64\nffRL9gTXqYCkVz.exe"
"c:\windows\SysWow64\niiibDD3o.exe"
"c:\windows\SysWow64\nyccS1ivDonFaHs.exe"
"c:\windows\SysWow64\o8gRZqhYwkUeOBz.exe"
"c:\windows\SysWow64\oBttzPNyc1uv2b.exe"
"c:\windows\SysWow64\OBtzz00cA1iDon4.exe"
"c:\windows\SysWow64\OdWKKffL9hTqUek.exe"
"c:\windows\SysWow64\ogTTZqjYwkIVlNx.exe"
"c:\windows\SysWow64\PbDD3onG4mH6W7.exe"
"c:\windows\SysWow64\pCeelIBrzNyx1v2.exe"
"c:\windows\SysWow64\plllONNtxP0c.exe"
"c:\windows\SysWow64\PrlOOtxPycS1v3n.exe"
"c:\windows\SysWow64\q0ucc22bD3pGHsK.exe"
"c:\windows\SysWow64\QjjUUCelIBr.exe"
"c:\windows\SysWow64\QXXwjUUelItzNc.exe"
"c:\windows\SysWow64\QYYCCekkIVrONxA.exe"
"c:\windows\SysWow64\rBrzzNNxA1uSoF3.exe"
"c:\windows\SysWow64\RD22onF4mH5.exe"
"c:\windows\SysWow64\rDD33nF4m.exe"
"c:\windows\SysWow64\RllIIBtzPNycAuD.exe"
"c:\windows\SysWow64\RnnF4amH5sJ.exe"
"c:\windows\SysWow64\s44aaHHsWJ7E8T.exe"
"c:\windows\SysWow64\sccSS1ibD3o.exe"
"c:\windows\SysWow64\sG55sQJ6dK8fZhX.exe"
"c:\windows\SysWow64\sG5ssJJ6EKR9hXj.exe"
"c:\windows\SysWow64\SJ66dEK8fZ9hXjC.exe"
"c:\windows\SysWow64\sqhhYXXwkUVlBz.exe"
"c:\windows\SysWow64\T8ffRZ9hT.exe"
"c:\windows\SysWow64\TONNtPPucSib3n4.exe"
"c:\windows\SysWow64\TvvvS22obF3m.exe"
"c:\windows\SysWow64\tXqjjCCkIBrOyA0.exe"
"c:\windows\SysWow64\u33pnGGaQHdWfLg.exe"
"c:\windows\SysWow64\U5sQQ66EK8fZhX.exe"
"c:\windows\SysWow64\uCeekIVrzNtx0c2.exe"
"c:\windows\SysWow64\uCwwkkIVrlONxPu.exe"
"c:\windows\SysWow64\ufRLL9hTqjUe.exe"
"c:\windows\SysWow64\uHH6sWW7fE9g.exe"
"c:\windows\SysWow64\v2oobF3pG5aQ6W8.exe"
"c:\windows\SysWow64\vCellIBrPNyA1v2.exe"
"c:\windows\SysWow64\vELL8gRZhYXwU.exe"
"c:\windows\SysWow64\vfRRL9gTXjYCkVz.exe"
"c:\windows\SysWow64\VKKK8ffRL9hTqjC.exe"
"c:\windows\SysWow64\VNNtxA0uc.exe"
"c:\windows\SysWow64\VS2ooFFpmG5Q6W8.exe"
"c:\windows\SysWow64\VUVeeOOBzP0cAiD.exe"
"c:\windows\SysWow64\W2onn44pH5sJdEg.exe"
"c:\windows\SysWow64\W3ppnnG5aQH6WKf.exe"
"c:\windows\SysWow64\XqqjUUCekIBzOyA.exe"
"c:\windows\SysWow64\XsQJJddK8fR9T.exe"
"c:\windows\SysWow64\xttxP0ucS1bDoG.exe"
"c:\windows\SysWow64\yVeelIBtPNyc1v2.exe"
"c:\windows\SysWow64\YyyyxAA1uv2ob3m.exe"
"c:\windows\SysWow64\yZqqhYCwkVrlBx0.exe"
"c:\windows\SysWow64\ZDD33onnG.exe"
"c:\windows\SysWow64\ZdEEKK8fRZ9h.exe"
"c:\windows\SysWow64\ZP0yycS1vD3nFaH.exe"
"c:\windows\SysWow64\ZzPP0ycA1vD2n4m.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Internet Explorer\3303.tmp
c:\program files (x86)\Internet Explorer\58CA.tmp
c:\program files (x86)\Internet Explorer\B8D4.tmp
c:\users\Nickolas\AppData\Roaming\aanuVhEF1ITKQDx\kpxCHuV8HAe.exe
c:\users\Nickolas\AppData\Roaming\ahI03dTIAD\Gt37w04dwc.exe
c:\users\Nickolas\AppData\Roaming\aTVxDWqObWhxosg\s1nHdgXlNvFsKTU.exe
c:\users\Nickolas\AppData\Roaming\B7NGhvZi8y\XJOWAL1hoY2wpe5.exe
c:\users\Nickolas\AppData\Roaming\bN4TtG8xnEV2El2\gGjSWeSWO4qy5U4.exe
c:\users\Nickolas\AppData\Roaming\bN4TtG8xnEV2El2\njSWeSWO4qy5.exe
c:\users\Nickolas\AppData\Roaming\bX9LJmo4ouOwE5n\yS22b1ccNzz.exe
c:\users\Nickolas\AppData\Roaming\cqkzcbnsLwtxA0c\yooGGaH5Jf9.exe
c:\users\Nickolas\AppData\Roaming\CxnTyGTN4hP3fIi\IxKw1JjAG7Yz3Wj.exe
c:\users\Nickolas\AppData\Roaming\cZvhFl6x93wHtE1\te5zKvgDIsx8Dwp.exe
c:\users\Nickolas\AppData\Roaming\ehXeBzt0ivvFnH\KCz0baH6Rqwt1.exe
c:\users\Nickolas\AppData\Roaming\EisY04EXto\t13KjOS5fj.exe
c:\users\Nickolas\AppData\Roaming\FakAF6gkADQgO1a\APFglvQ9lvQTzo6.exe
c:\users\Nickolas\AppData\Roaming\fcGTym8C05\lKqlS47hlS4d.exe
c:\users\Nickolas\AppData\Roaming\Fu6YcGjAHw1JqxH\ApEri5T26UDdCAo.exe
c:\users\Nickolas\AppData\Roaming\fUmBdxLiUsyhpBK\fTacUgGvrj6oPXd.exe
c:\users\Nickolas\AppData\Roaming\fYUByuSS1obbpoF\arejqZRKQp.exe
c:\users\Nickolas\AppData\Roaming\GgN4TtG8xn\N2El28r3fzG.exe
c:\users\Nickolas\AppData\Roaming\gqrDsLI0npd\Wz1onsLhwlySoHQ.exe
c:\users\Nickolas\AppData\Roaming\h2Wk15jua8jxnWh\RbdjPFEU048ev6q.exe
c:\users\Nickolas\AppData\Roaming\hJqrcnJqecFQZVN\a8jzSG8qzS.exe
c:\users\Nickolas\AppData\Roaming\hmdRqkAbGJf9ZwB\YkOxSpsdRjUlBPA.exe
c:\users\Nickolas\AppData\Roaming\HzbWYNmRkcF\VTO3JXNb6qy5.exe
c:\users\Nickolas\AppData\Roaming\iexplore.exe
c:\users\Nickolas\AppData\Roaming\Ii8zmwuKBmXuKrp\osVoRP5wu6lbLy.exe
c:\users\Nickolas\AppData\Roaming\IZzpZz3Rz3Rz3gt\jOnLloEloKI3LOp.exe
c:\users\Nickolas\AppData\Roaming\JScP0ycAutttBII\JqEmFboSiicy1vu.exe
c:\users\Nickolas\AppData\Roaming\k1QjNDsKriHYcm\eFWTOuQglDJXOpf.exe
c:\users\Nickolas\AppData\Roaming\kohoXFYnYDZSEBH\gwo90RuftWxse4V.exe
c:\users\Nickolas\AppData\Roaming\kTXklPAomQ6\fcDomJKWfTkeIBI.exe
c:\users\Nickolas\AppData\Roaming\kTXklPAomQ6\t9jrNuS2paaH78Y.exe
c:\users\Nickolas\AppData\Roaming\KwOzyb4sLRUBuDn\NKgCrvpQW9ZYVPv.exe
c:\users\Nickolas\AppData\Roaming\lcGLl3JVu\JEeuQLkyG.exe
c:\users\Nickolas\AppData\Roaming\LGaHWf9XYkVOxu\Z3nQd7LTjeVOxu2.exe
c:\users\Nickolas\AppData\Roaming\LqYXjqXgqLKKdQG\geVUjYYhqhXwXXZ.exe
c:\users\Nickolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guard Online
c:\users\Nickolas\AppData\Roaming\mqqZ8LKKKfE7m4b\EH5mF2Su0xtlVeC.exe
c:\users\Nickolas\AppData\Roaming\mRNGTx5Xxajum\c5Yc5XAQj2Kk3Lz.exe
c:\users\Nickolas\AppData\Roaming\munJqlSF7hO1pEX\tdTBumKqrvnKqzS.exe
c:\users\Nickolas\AppData\Roaming\mWj0nKUxDJVD8I3\KQ8ecFQECxo5Kjk.exe
c:\users\Nickolas\AppData\Roaming\mWj0nKUxDJVD8I3\RecFQECxo5Kjkxv.exe
c:\users\Nickolas\AppData\Roaming\mxD6gU03sRVynJ9\j4dTBumKqrvnKqz.exe
c:\users\Nickolas\AppData\Roaming\N9PbKhODdXtFZB\eFWTOuQglDJXOpf.exe
c:\users\Nickolas\AppData\Roaming\NmqPski7VDEev6\aWkifNaZx4ZPm.exe
c:\users\Nickolas\AppData\Roaming\NR4ukgHcXJiuIJD\Z7Ah5xqaNfvUQy9.exe
c:\users\Nickolas\AppData\Roaming\YvuuxlUXhfWHHmF\zON0PyNOIgE7sm2.exe
c:\windows\assembly\tmp\U
c:\windows\system32\config\systemprofile\AppData\Local\Google\GoogleUpdate\Googleupdt32.DLL
c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.DLL
c:\windows\system32\config\systemprofile\AppData\Local\Sunbelt Software\SunbeltUpdate\Sunbeltupdt32.DLL
c:\windows\SysWow64\a11iivDD3o.exe
c:\windows\SysWow64\ANNttxAA0uS2iDp.exe
c:\windows\SysWow64\aNyycA1uv2ob4m5.exe
c:\windows\SysWow64\bUVVrlOBxP0ySiD.exe
c:\windows\SysWow64\bVrllONtP0uc1b3.exe
c:\windows\SysWow64\cTXqqjYCkIVrOtA.exe
c:\windows\SysWow64\d3oonG4am6sW7E8.exe
c:\windows\SysWow64\DAA11vv2onFpHs.exe
c:\windows\SysWow64\DeelIBBzPNcAuDo.exe
c:\windows\SysWow64\deIIBtzPNcA1v2b.exe
c:\windows\SysWow64\DggRRqqYXwUVlBz.exe
c:\windows\SysWow64\DiibD3pnG4QHsK.exe
c:\windows\SysWow64\DTTXXjjCelIrPy.exe
c:\windows\SysWow64\dwwwkUUVelOtz0y.exe
c:\windows\SysWow64\EG55sQJ6dK8fZhX.exe
c:\windows\SysWow64\fBtzz00yA1iDo.exe
c:\windows\SysWow64\fPPNNyxA1u.exe
c:\windows\SysWow64\FyyxA0uvSibFpGa.exe
c:\windows\SysWow64\GK77RL9gXqjCkVr.exe
c:\windows\SysWow64\gYXXwkUVeOBtPyA.exe
c:\windows\SysWow64\gzzONtxA0uS2b3.exe
c:\windows\SysWow64\hrrzzONtxA0u.exe
c:\windows\SysWow64\HWJJ7dEL8RZqYwU.exe
c:\windows\SysWow64\iucSSiiD3pn4Q6s.exe
c:\windows\SysWow64\ivD22obFpmGsQ.exe
c:\windows\SysWow64\iZqqhYCwkVrlBx0.exe
c:\windows\SysWow64\j33ppmGG5aQ6dKf.exe
c:\windows\SysWow64\j5ssQJ7dE8gR9Yw.exe
c:\windows\SysWow64\JPNNyxxA1uv2oF3.exe
c:\windows\SysWow64\kA1uuvD2bF4mGs.exe
c:\windows\SysWow64\kibbD3pnGaQHW7.exe
c:\windows\SysWow64\KQ66dWK7fL9TqYe.exe
c:\windows\SysWow64\KRZZ9hYXwUVeItP.exe
c:\windows\SysWow64\LNNNyxxA1uv2oFp.exe
c:\windows\SysWow64\mELL9gTZqYCwIrO.exe
c:\windows\SysWow64\mSS22ibbD3.exe
c:\windows\SysWow64\mVeelOBtz0yc1v2.exe
c:\windows\SysWow64\n8fRR99hXjCk.exe
c:\windows\SysWow64\NddWK77RL9TXjCk.exe
c:\windows\SysWow64\NfELLggZqjYwIr.exe
c:\windows\SysWow64\nffRL9gTXqYCkVz.exe
c:\windows\SysWow64\niiibDD3o.exe
c:\windows\SysWow64\nyccS1ivDonFaHs.exe
c:\windows\SysWow64\o8gRZqhYwkUeOBz.exe
c:\windows\SysWow64\oBttzPNyc1uv2b.exe
c:\windows\SysWow64\OBtzz00cA1iDon4.exe
c:\windows\SysWow64\OdWKKffL9hTqUek.exe
c:\windows\SysWow64\ogTTZqjYwkIVlNx.exe
c:\windows\SysWow64\PbDD3onG4mH6W7.exe
c:\windows\SysWow64\pCeelIBrzNyx1v2.exe
c:\windows\SysWow64\plllONNtxP0c.exe
c:\windows\SysWow64\PrlOOtxPycS1v3n.exe
c:\windows\SysWow64\q0ucc22bD3pGHsK.exe
c:\windows\SysWow64\QjjUUCelIBr.exe
c:\windows\SysWow64\QXXwjUUelItzNc.exe
c:\windows\SysWow64\QYYCCekkIVrONxA.exe
c:\windows\SysWow64\rBrzzNNxA1uSoF3.exe
c:\windows\SysWow64\RD22onF4mH5.exe
c:\windows\SysWow64\rDD33nF4m.exe
c:\windows\SysWow64\RllIIBtzPNycAuD.exe
c:\windows\SysWow64\RnnF4amH5sJ.exe
c:\windows\SysWow64\s44aaHHsWJ7E8T.exe
c:\windows\SysWow64\sccSS1ibD3o.exe
c:\windows\SysWow64\sG55sQJ6dK8fZhX.exe
c:\windows\SysWow64\sG5ssJJ6EKR9hXj.exe
c:\windows\SysWow64\SJ66dEK8fZ9hXjC.exe
c:\windows\SysWow64\sqhhYXXwkUVlBz.exe
c:\windows\SysWow64\T8ffRZ9hT.exe
c:\windows\SysWow64\TONNtPPucSib3n4.exe
c:\windows\SysWow64\TvvvS22obF3m.exe
c:\windows\SysWow64\tXqjjCCkIBrOyA0.exe
c:\windows\SysWow64\u33pnGGaQHdWfLg.exe
c:\windows\SysWow64\U5sQQ66EK8fZhX.exe
c:\windows\SysWow64\uCeekIVrzNtx0c2.exe
c:\windows\SysWow64\uCwwkkIVrlONxPu.exe
c:\windows\SysWow64\ufRLL9hTqjUe.exe
c:\windows\SysWow64\uHH6sWW7fE9g.exe
c:\windows\SysWow64\v2oobF3pG5aQ6W8.exe
c:\windows\SysWow64\vCellIBrPNyA1v2.exe
c:\windows\SysWow64\vELL8gRZhYXwU.exe
c:\windows\SysWow64\vfRRL9gTXjYCkVz.exe
c:\windows\SysWow64\VKKK8ffRL9hTqjC.exe
c:\windows\SysWow64\VNNtxA0uc.exe
c:\windows\SysWow64\VS2ooFFpmG5Q6W8.exe
c:\windows\SysWow64\VUVeeOOBzP0cAiD.exe
c:\windows\SysWow64\W2onn44pH5sJdEg.exe
c:\windows\SysWow64\W3ppnnG5aQH6WKf.exe
c:\windows\SysWow64\XqqjUUCekIBzOyA.exe
c:\windows\SysWow64\XsQJJddK8fR9T.exe
c:\windows\SysWow64\xttxP0ucS1bDoG.exe
c:\windows\SysWow64\yVeelIBtPNyc1v2.exe
c:\windows\SysWow64\YyyyxAA1uv2ob3m.exe
c:\windows\SysWow64\yZqqhYCwkVrlBx0.exe
c:\windows\SysWow64\ZDD33onnG.exe
c:\windows\SysWow64\ZdEEKK8fRZ9h.exe
c:\windows\SysWow64\ZP0yycS1vD3nFaH.exe
c:\windows\SysWow64\ZzPP0ycA1vD2n4m.exe
.
----- File Replicators -----
.
c:\users\Nickolas\AppData\Roaming\aanuVhEF1ITKQDx\kpxCHuV8HAe.exe
c:\users\Nickolas\AppData\Roaming\ahI03dTIAD\Gt37w04dwc.exe
c:\users\Nickolas\AppData\Roaming\aTVxDWqObWhxosg\s1nHdgXlNvFsKTU.exe
c:\users\Nickolas\AppData\Roaming\B7NGhvZi8y\XJOWAL1hoY2wpe5.exe
c:\users\Nickolas\AppData\Roaming\bN4TtG8xnEV2El2\gGjSWeSWO4qy5U4.exe
c:\users\Nickolas\AppData\Roaming\bN4TtG8xnEV2El2\njSWeSWO4qy5.exe
c:\users\Nickolas\AppData\Roaming\bX9LJmo4ouOwE5n\yS22b1ccNzz.exe
c:\users\Nickolas\AppData\Roaming\cqkzcbnsLwtxA0c\yooGGaH5Jf9.exe
c:\users\Nickolas\AppData\Roaming\CxnTyGTN4hP3fIi\IxKw1JjAG7Yz3Wj.exe
c:\users\Nickolas\AppData\Roaming\cZvhFl6x93wHtE1\te5zKvgDIsx8Dwp.exe
c:\users\Nickolas\AppData\Roaming\ehXeBzt0ivvFnH\KCz0baH6Rqwt1.exe
c:\users\Nickolas\AppData\Roaming\EisY04EXto\t13KjOS5fj.exe
c:\users\Nickolas\AppData\Roaming\FakAF6gkADQgO1a\APFglvQ9lvQTzo6.exe
c:\users\Nickolas\AppData\Roaming\fcGTym8C05\lKqlS47hlS4d.exe
c:\users\Nickolas\AppData\Roaming\Fu6YcGjAHw1JqxH\ApEri5T26UDdCAo.exe
c:\users\Nickolas\AppData\Roaming\fUmBdxLiUsyhpBK\fTacUgGvrj6oPXd.exe
c:\users\Nickolas\AppData\Roaming\fYUByuSS1obbpoF\arejqZRKQp.exe
c:\users\Nickolas\AppData\Roaming\GgN4TtG8xn\N2El28r3fzG.exe
c:\users\Nickolas\AppData\Roaming\gqrDsLI0npd\Wz1onsLhwlySoHQ.exe
c:\users\Nickolas\AppData\Roaming\h2Wk15jua8jxnWh\RbdjPFEU048ev6q.exe
c:\users\Nickolas\AppData\Roaming\hJqrcnJqecFQZVN\a8jzSG8qzS.exe
c:\users\Nickolas\AppData\Roaming\hmdRqkAbGJf9ZwB\YkOxSpsdRjUlBPA.exe
c:\users\Nickolas\AppData\Roaming\HzbWYNmRkcF\VTO3JXNb6qy5.exe
c:\users\Nickolas\AppData\Roaming\iexplore.exe
c:\users\Nickolas\AppData\Roaming\Ii8zmwuKBmXuKrp\osVoRP5wu6lbLy.exe
c:\users\Nickolas\AppData\Roaming\IZzpZz3Rz3Rz3gt\jOnLloEloKI3LOp.exe
c:\users\Nickolas\AppData\Roaming\JScP0ycAutttBII\JqEmFboSiicy1vu.exe
c:\users\Nickolas\AppData\Roaming\k1QjNDsKriHYcm\eFWTOuQglDJXOpf.exe
c:\users\Nickolas\AppData\Roaming\kohoXFYnYDZSEBH\gwo90RuftWxse4V.exe
c:\users\Nickolas\AppData\Roaming\kTXklPAomQ6\fcDomJKWfTkeIBI.exe
c:\users\Nickolas\AppData\Roaming\kTXklPAomQ6\t9jrNuS2paaH78Y.exe
c:\users\Nickolas\AppData\Roaming\KwOzyb4sLRUBuDn\NKgCrvpQW9ZYVPv.exe
c:\users\Nickolas\AppData\Roaming\lcGLl3JVu\JEeuQLkyG.exe
c:\users\Nickolas\AppData\Roaming\LGaHWf9XYkVOxu\Z3nQd7LTjeVOxu2.exe
c:\users\Nickolas\AppData\Roaming\LqYXjqXgqLKKdQG\geVUjYYhqhXwXXZ.exe
c:\users\Nickolas\AppData\Roaming\mqqZ8LKKKfE7m4b\EH5mF2Su0xtlVeC.exe
c:\users\Nickolas\AppData\Roaming\mRNGTx5Xxajum\c5Yc5XAQj2Kk3Lz.exe
c:\users\Nickolas\AppData\Roaming\munJqlSF7hO1pEX\tdTBumKqrvnKqzS.exe
c:\users\Nickolas\AppData\Roaming\mWj0nKUxDJVD8I3\KQ8ecFQECxo5Kjk.exe
c:\users\Nickolas\AppData\Roaming\mWj0nKUxDJVD8I3\RecFQECxo5Kjkxv.exe
c:\users\Nickolas\AppData\Roaming\mxD6gU03sRVynJ9\j4dTBumKqrvnKqz.exe
c:\users\Nickolas\AppData\Roaming\N9PbKhODdXtFZB\eFWTOuQglDJXOpf.exe
c:\users\Nickolas\AppData\Roaming\NmqPski7VDEev6\aWkifNaZx4ZPm.exe
c:\users\Nickolas\AppData\Roaming\NR4ukgHcXJiuIJD\Z7Ah5xqaNfvUQy9.exe
c:\users\Nickolas\AppData\Roaming\ntRpBE192qDj\aaVpVGearQzKx.exe
c:\users\Nickolas\AppData\Roaming\PQhzbWjypfkSHZN\J7C0FLV1s9todwy.exe
c:\users\Nickolas\AppData\Roaming\QfgqXUIyAiF5Kh\YyomQ66WLKRLXZh.exe
c:\users\Nickolas\AppData\Roaming\qIbfr3LlDgPHkD8\Pjv8y5U2RNQwbLt.exe
c:\users\Nickolas\AppData\Roaming\qn7Ytb8Bb8C0HCc\APmqPski7VDEev6.exe
c:\users\Nickolas\AppData\Roaming\qVltPy1Dn4HQd8Z\rPuFs6fXlNv3Q8T.exe
c:\users\Nickolas\AppData\Roaming\REZqeVrezNN0u1\gT9Ld7s3SAj85F.exe
c:\users\Nickolas\AppData\Roaming\t0cSFn6EZUBt1\RdfLTqhUwCIzOt.exe
c:\users\Nickolas\AppData\Roaming\T7ZktuosE\z0os8Utb5EXzS.exe
c:\users\Nickolas\AppData\Roaming\To3ma6KRhqCIrNA\ri3GQd7LTjeVOxu.exe
c:\users\Nickolas\AppData\Roaming\tpa79qCVlzAc3mJ\EwzuoF3oH5QQKK7.exe
c:\users\Nickolas\AppData\Roaming\TqN37IcHZOvWYzn\mtb8Bb8C0HCcHqP.exe
c:\users\Nickolas\AppData\Roaming\VQKgwBconasE\egkPS5Gm78h.exe
c:\users\Nickolas\AppData\Roaming\waCifBaYiE\A5U2RNQwbLtHwvK.exe
c:\users\Nickolas\AppData\Roaming\waCifBaYiE\qU2RNQwbLtHwvKt.exe
c:\users\Nickolas\AppData\Roaming\way70Ec81g\AbjFC5ValHOJ.exe
c:\users\Nickolas\AppData\Roaming\wgIPo69ku4\iuWk2Z0g1Etmq.exe
c:\users\Nickolas\AppData\Roaming\wgIPo69ku4\sVnLzdAfxpXuKkF.exe
c:\users\Nickolas\AppData\Roaming\WOJt7zdyWxf0EuL\Ast6NRvgbq3YoX4.exe
c:\users\Nickolas\AppData\Roaming\WZKJa4mmaoDuyrk\XXRfd4oDAy.exe
c:\users\Nickolas\AppData\Roaming\xkarQlWPEPE\wGI6NsBEcgvho.exe
c:\users\Nickolas\AppData\Roaming\XLV1a8r15Z\EvsZBDQhzbWjypf.exe
c:\users\Nickolas\AppData\Roaming\xUeCjqYRRR8dQ30\BlekkwCwUUUYYwh.exe
c:\users\Nickolas\AppData\Roaming\Y8Uca8UAp8eAp8e\KRku5LeuGEIc4Ew.exe
c:\users\Nickolas\AppData\Roaming\yTzb6qNDHghVt13\Xc2mJ8YVtu.exe
c:\users\Nickolas\AppData\Roaming\yTzb6qNDHghVt13\zBc2mJ8YVtu469l.exe
c:\users\Nickolas\AppData\Roaming\YvuuxlUXhfWHHmF\ZnnammGGFulk.exe
c:\users\Nickolas\AppData\Roaming\YvuuxlUXhfWHHmF\zON0PyNOIgE7sm2.exe
c:\users\Nickolas\AppData\Roaming\Z4QKTwOzyb4sLRU\GDns5KgCrv.exe
c:\users\Nickolas\AppData\Roaming\zIq7acjdpy94c\ts1lh5cV8F0j8ai.exe
c:\users\Nickolas\AppData\Roaming\zkcQ9V1HZOD7VDE\ltb6wN38eua9.exe
c:\users\Nickolas\AppData\Roaming\zPPxPAoF46EZw\gOtyopHKLqw.exe
c:\users\Nickolas\AppData\Roaming\Zy1Dbp5JE\rXlrNxu2Fma6.exe
c:\windows\System32\a11iivDD3o.exe
c:\windows\System32\ANNttxAA0uS2iDp.exe
c:\windows\System32\aNyycA1uv2ob4m5.exe
c:\windows\System32\bUVVrlOBxP0ySiD.exe
c:\windows\System32\bVrllONtP0uc1b3.exe
c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6X5QL2V0\1397[1].exe
c:\windows\System32\config\systemprofile\AppData\Roaming\CWWWJ77dEL8ZhYw\uVeelOBtP0yc.exe
c:\windows\System32\config\systemprofile\AppData\Roaming\p99gTZqjYCkIrOt\OPP0ucS1ib.exe
c:\windows\System32\config\systemprofile\AppData\Roaming\Q888fRRL9hT\IqjjUCekIBrzNyA.exe
c:\windows\System32\cTXqqjYCkIVrOtA.exe
c:\windows\System32\d3oonG4am6sW7E8.exe
c:\windows\System32\DAA11vv2onFpHs.exe
c:\windows\System32\DeelIBBzPNcAuDo.exe
c:\windows\System32\deIIBtzPNcA1v2b.exe
c:\windows\System32\DggRRqqYXwUVlBz.exe
c:\windows\System32\DiibD3pnG4QHsK.exe
c:\windows\System32\DTTXXjjCelIrPy.exe
c:\windows\System32\dwwwkUUVelOtz0y.exe
c:\windows\System32\EG55sQJ6dK8fZhX.exe
c:\windows\System32\fBtzz00yA1iDo.exe
c:\windows\System32\fPPNNyxA1u.exe
c:\windows\System32\FyyxA0uvSibFpGa.exe
c:\windows\System32\GK77RL9gXqjCkVr.exe
c:\windows\System32\gYXXwkUVeOBtPyA.exe
c:\windows\System32\gzzONtxA0uS2b3.exe
c:\windows\System32\hrrzzONtxA0u.exe
c:\windows\System32\HWJJ7dEL8RZqYwU.exe
c:\windows\System32\iucSSiiD3pn4Q6s.exe
c:\windows\System32\ivD22obFpmGsQ.exe
c:\windows\System32\iZqqhYCwkVrlBx0.exe
c:\windows\System32\j33ppmGG5aQ6dKf.exe
c:\windows\System32\j5ssQJ7dE8gR9Yw.exe
c:\windows\System32\JPNNyxxA1uv2oF3.exe
c:\windows\System32\kA1uuvD2bF4mGs.exe
c:\windows\System32\kibbD3pnGaQHW7.exe
c:\windows\System32\KQ66dWK7fL9TqYe.exe
c:\windows\System32\KRZZ9hYXwUVeItP.exe
c:\windows\System32\LNNNyxxA1uv2oFp.exe
c:\windows\System32\mELL9gTZqYCwIrO.exe
c:\windows\System32\mSS22ibbD3.exe
c:\windows\System32\mVeelOBtz0yc1v2.exe
c:\windows\System32\n8fRR99hXjCk.exe
c:\windows\System32\NddWK77RL9TXjCk.exe
c:\windows\System32\NfELLggZqjYwIr.exe
c:\windows\System32\nffRL9gTXqYCkVz.exe
c:\windows\System32\niiibDD3o.exe
c:\windows\System32\nyccS1ivDonFaHs.exe
c:\windows\System32\o8gRZqhYwkUeOBz.exe
c:\windows\System32\oBttzPNyc1uv2b.exe
c:\windows\System32\OBtzz00cA1iDon4.exe
c:\windows\System32\OdWKKffL9hTqUek.exe
c:\windows\System32\ogTTZqjYwkIVlNx.exe
c:\windows\System32\PbDD3onG4mH6W7.exe
c:\windows\System32\pCeelIBrzNyx1v2.exe
c:\windows\System32\plllONNtxP0c.exe
c:\windows\System32\PrlOOtxPycS1v3n.exe
c:\windows\System32\q0ucc22bD3pGHsK.exe
c:\windows\System32\QjjUUCelIBr.exe
c:\windows\System32\QXXwjUUelItzNc.exe
c:\windows\System32\QYYCCekkIVrONxA.exe
c:\windows\System32\rBrzzNNxA1uSoF3.exe
c:\windows\System32\RD22onF4mH5.exe
c:\windows\System32\rDD33nF4m.exe
c:\windows\System32\RllIIBtzPNycAuD.exe
c:\windows\System32\RnnF4amH5sJ.exe
c:\windows\System32\s44aaHHsWJ7E8T.exe
c:\windows\System32\sccSS1ibD3o.exe
c:\windows\System32\sG55sQJ6dK8fZhX.exe
c:\windows\System32\sG5ssJJ6EKR9hXj.exe
c:\windows\System32\SJ66dEK8fZ9hXjC.exe
c:\windows\System32\sqhhYXXwkUVlBz.exe
c:\windows\System32\T8ffRZ9hT.exe
c:\windows\System32\TONNtPPucSib3n4.exe
c:\windows\System32\TvvvS22obF3m.exe
c:\windows\System32\tXqjjCCkIBrOyA0.exe
c:\windows\System32\u33pnGGaQHdWfLg.exe
c:\windows\System32\U5sQQ66EK8fZhX.exe
c:\windows\System32\uCeekIVrzNtx0c2.exe
c:\windows\System32\uCwwkkIVrlONxPu.exe
c:\windows\System32\ufRLL9hTqjUe.exe
c:\windows\System32\uHH6sWW7fE9g.exe
c:\windows\System32\v2oobF3pG5aQ6W8.exe
c:\windows\System32\vCellIBrPNyA1v2.exe
c:\windows\System32\vELL8gRZhYXwU.exe
c:\windows\System32\vfRRL9gTXjYCkVz.exe
c:\windows\System32\VKKK8ffRL9hTqjC.exe
c:\windows\System32\VNNtxA0uc.exe
c:\windows\System32\VS2ooFFpmG5Q6W8.exe
c:\windows\System32\VUVeeOOBzP0cAiD.exe
c:\windows\System32\W2onn44pH5sJdEg.exe
c:\windows\System32\W3ppnnG5aQH6WKf.exe
c:\windows\System32\XqqjUUCekIBzOyA.exe
c:\windows\System32\XsQJJddK8fR9T.exe
c:\windows\System32\xttxP0ucS1bDoG.exe
c:\windows\System32\yVeelIBtPNyc1v2.exe
c:\windows\System32\YyyyxAA1uv2ob3m.exe
c:\windows\System32\yZqqhYCwkVrlBx0.exe
c:\windows\System32\ZDD33onnG.exe
c:\windows\System32\ZdEEKK8fRZ9h.exe
c:\windows\System32\ZP0yycS1vD3nFaH.exe
c:\windows\System32\ZzPP0ycA1vD2n4m.exe
c:\windows\SysWOW64\a11iivDD3o.exe
c:\windows\SysWOW64\ANNttxAA0uS2iDp.exe
c:\windows\SysWOW64\aNyycA1uv2ob4m5.exe
c:\windows\SysWOW64\bUVVrlOBxP0ySiD.exe
c:\windows\SysWOW64\bVrllONtP0uc1b3.exe
c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6X5QL2V0\1397[1].exe
c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\CWWWJ77dEL8ZhYw\uVeelOBtP0yc.exe
c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\p99gTZqjYCkIrOt\OPP0ucS1ib.exe
c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Q888fRRL9hT\IqjjUCekIBrzNyA.exe
c:\windows\SysWOW64\cTXqqjYCkIVrOtA.exe
c:\windows\SysWOW64\d3oonG4am6sW7E8.exe
c:\windows\SysWOW64\DAA11vv2onFpHs.exe
c:\windows\SysWOW64\DeelIBBzPNcAuDo.exe
c:\windows\SysWOW64\deIIBtzPNcA1v2b.exe
c:\windows\SysWOW64\DggRRqqYXwUVlBz.exe
c:\windows\SysWOW64\DiibD3pnG4QHsK.exe
c:\windows\SysWOW64\DTTXXjjCelIrPy.exe
c:\windows\SysWOW64\dwwwkUUVelOtz0y.exe
c:\windows\SysWOW64\EG55sQJ6dK8fZhX.exe
c:\windows\SysWOW64\fBtzz00yA1iDo.exe
c:\windows\SysWOW64\fPPNNyxA1u.exe
c:\windows\SysWOW64\FyyxA0uvSibFpGa.exe
c:\windows\SysWOW64\GK77RL9gXqjCkVr.exe
c:\windows\SysWOW64\gYXXwkUVeOBtPyA.exe
c:\windows\SysWOW64\gzzONtxA0uS2b3.exe
c:\windows\SysWOW64\hrrzzONtxA0u.exe
c:\windows\SysWOW64\HWJJ7dEL8RZqYwU.exe
c:\windows\SysWOW64\iucSSiiD3pn4Q6s.exe
c:\windows\SysWOW64\ivD22obFpmGsQ.exe
c:\windows\SysWOW64\iZqqhYCwkVrlBx0.exe
c:\windows\SysWOW64\j33ppmGG5aQ6dKf.exe
c:\windows\SysWOW64\j5ssQJ7dE8gR9Yw.exe
c:\windows\SysWOW64\JPNNyxxA1uv2oF3.exe
c:\windows\SysWOW64\kA1uuvD2bF4mGs.exe
c:\windows\SysWOW64\kibbD3pnGaQHW7.exe
c:\windows\SysWOW64\KQ66dWK7fL9TqYe.exe
c:\windows\SysWOW64\KRZZ9hYXwUVeItP.exe
c:\windows\SysWOW64\LNNNyxxA1uv2oFp.exe
c:\windows\SysWOW64\mELL9gTZqYCwIrO.exe
c:\windows\SysWOW64\mSS22ibbD3.exe
c:\windows\SysWOW64\mVeelOBtz0yc1v2.exe
c:\windows\SysWOW64\n8fRR99hXjCk.exe
c:\windows\SysWOW64\NddWK77RL9TXjCk.exe
c:\windows\SysWOW64\NfELLggZqjYwIr.exe
c:\windows\SysWOW64\nffRL9gTXqYCkVz.exe
c:\windows\SysWOW64\niiibDD3o.exe
c:\windows\SysWOW64\nyccS1ivDonFaHs.exe
c:\windows\SysWOW64\o8gRZqhYwkUeOBz.exe
c:\windows\SysWOW64\oBttzPNyc1uv2b.exe
c:\windows\SysWOW64\OBtzz00cA1iDon4.exe
c:\windows\SysWOW64\OdWKKffL9hTqUek.exe
c:\windows\SysWOW64\ogTTZqjYwkIVlNx.exe
c:\windows\SysWOW64\PbDD3onG4mH6W7.exe
c:\windows\SysWOW64\pCeelIBrzNyx1v2.exe
c:\windows\SysWOW64\plllONNtxP0c.exe
c:\windows\SysWOW64\PrlOOtxPycS1v3n.exe
c:\windows\SysWOW64\q0ucc22bD3pGHsK.exe
c:\windows\SysWOW64\QjjUUCelIBr.exe
c:\windows\SysWOW64\QXXwjUUelItzNc.exe
c:\windows\SysWOW64\QYYCCekkIVrONxA.exe
c:\windows\SysWOW64\rBrzzNNxA1uSoF3.exe
c:\windows\SysWOW64\RD22onF4mH5.exe
c:\windows\SysWOW64\rDD33nF4m.exe
c:\windows\SysWOW64\RllIIBtzPNycAuD.exe
c:\windows\SysWOW64\RnnF4amH5sJ.exe
c:\windows\SysWOW64\s44aaHHsWJ7E8T.exe
c:\windows\SysWOW64\sccSS1ibD3o.exe
c:\windows\SysWOW64\sG55sQJ6dK8fZhX.exe
c:\windows\SysWOW64\sG5ssJJ6EKR9hXj.exe
c:\windows\SysWOW64\SJ66dEK8fZ9hXjC.exe
c:\windows\SysWOW64\sqhhYXXwkUVlBz.exe
c:\windows\SysWOW64\T8ffRZ9hT.exe
c:\windows\SysWOW64\TONNtPPucSib3n4.exe
c:\windows\SysWOW64\TvvvS22obF3m.exe
c:\windows\SysWOW64\tXqjjCCkIBrOyA0.exe
c:\windows\SysWOW64\u33pnGGaQHdWfLg.exe
c:\windows\SysWOW64\U5sQQ66EK8fZhX.exe
c:\windows\SysWOW64\uCeekIVrzNtx0c2.exe
c:\windows\SysWOW64\uCwwkkIVrlONxPu.exe
c:\windows\SysWOW64\ufRLL9hTqjUe.exe
c:\windows\SysWOW64\uHH6sWW7fE9g.exe
c:\windows\SysWOW64\v2oobF3pG5aQ6W8.exe
c:\windows\SysWOW64\vCellIBrPNyA1v2.exe
c:\windows\SysWOW64\vELL8gRZhYXwU.exe
c:\windows\SysWOW64\vfRRL9gTXjYCkVz.exe
c:\windows\SysWOW64\VKKK8ffRL9hTqjC.exe
c:\windows\SysWOW64\VNNtxA0uc.exe
c:\windows\SysWOW64\VS2ooFFpmG5Q6W8.exe
c:\windows\SysWOW64\VUVeeOOBzP0cAiD.exe
c:\windows\SysWOW64\W2onn44pH5sJdEg.exe
c:\windows\SysWOW64\W3ppnnG5aQH6WKf.exe
c:\windows\SysWOW64\XqqjUUCekIBzOyA.exe
c:\windows\SysWOW64\XsQJJddK8fR9T.exe
c:\windows\SysWOW64\xttxP0ucS1bDoG.exe
c:\windows\SysWOW64\yVeelIBtPNyc1v2.exe
c:\windows\SysWOW64\YyyyxAA1uv2ob3m.exe
c:\windows\SysWOW64\yZqqhYCwkVrlBx0.exe
c:\windows\SysWOW64\ZDD33onnG.exe
c:\windows\SysWOW64\ZdEEKK8fRZ9h.exe
c:\windows\SysWOW64\ZP0yycS1vD3nFaH.exe
c:\windows\SysWOW64\ZzPP0ycA1vD2n4m.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-09 to 2011-10-09 )))))))))))))))))))))))))))))))
.
.
2011-10-08 22:44 . 2011-10-08 22:44 -------- d-----w- c:\users\Nickolas\AppData\Roaming\UF9ufu7lHV5zJBm
2011-10-08 22:43 . 2011-10-09 01:33 -------- d-----w- c:\users\Nickolas\AppData\Roaming\NR4ukgHcXJiuIJD
2011-10-08 22:43 . 2011-10-08 22:43 -------- d-----w- c:\users\Nickolas\AppData\Roaming\yHQd8ZYjeBP
2011-10-08 22:43 . 2011-10-08 22:43 -------- d-----w- c:\users\Nickolas\AppData\Roaming\UbkQOf1hFUs
2011-10-08 22:43 . 2011-10-08 22:43 -------- d-----w- c:\users\Nickolas\AppData\Roaming\Uz3Rzp9NpLlbWhx
2011-10-08 22:43 . 2011-10-08 22:43 -------- d-----w- c:\users\Nickolas\AppData\Roaming\yhjeIzNx0Si3GQ6
2011-10-08 22:43 . 2011-10-08 22:43 -------- d-----w- c:\users\Nickolas\AppData\Roaming\P7sQHs6apbb
2011-10-08 22:43 . 2011-10-08 22:43 -------- d-----w- c:\users\Nickolas\AppData\Roaming\WDeJAw5xXaOfcZn
2011-10-08 22:43 . 2011-10-08 22:43 -------- d-----w- c:\users\Nickolas\AppData\Roaming\gS1ivvb3bnovvSi
2011-10-08 22:43 . 2011-10-08 22:43 -------- d-----w- c:\users\Nickolas\AppData\Roaming\bVeIBzOtPPIIBVl
2011-10-08 22:43 . 2011-10-08 22:43 -------- d-----w- c:\users\Nickolas\AppData\Roaming\c54G4mGGQs77sGG
2011-10-08 22:43 . 2011-10-08 22:43 -------- d-----w- c:\users\Nickolas\AppData\Roaming\LwnXohvfAWzQkD9
2011-10-08 22:42 . 2011-10-09 01:33 -------- d-----w- c:\users\Nickolas\AppData\Roaming\T7ZktuosE
2011-10-08 22:42 . 2011-10-08 22:42 -------- d-----w- c:\users\Nickolas\AppData\Roaming\fQInC3qvZ18ydzH
2011-10-08 22:42 . 2011-10-09 01:33 -------- d-----w- c:\users\Nickolas\AppData\Roaming\mWj0nKUxDJVD8I3
2011-10-08 22:42 . 2011-10-08 22:42 -------- d-----w- c:\users\Nickolas\AppData\Roaming\ExLiUsyhpBKbOTa
2011-10-08 22:42 . 2011-10-09 01:33 -------- d-----w- c:\users\Nickolas\AppData\Roaming\fUmBdxLiUsyhpBK
2011-10-08 22:42 . 2011-10-08 22:42 -------- d-----w- c:\users\Nickolas\AppData\Roaming\v8cKN6rQBGCpY
2011-10-08 22:42 . 2011-10-09 01:33 -------- d-----w- c:\users\Nickolas\AppData\Roaming\HzbWYNmRkcF
2011-10-08 22:42 . 2011-10-08 22:42 -------- d-----w- c:\users\Nickolas\AppData\Roaming\NY0agluHTO2dCAn
2011-10-08 22:42 . 2011-10-08 22:42 -------- d-----w- c:\users\Nickolas\AppData\Roaming\fyGq0Ww1JU
2011-10-08 22:42 . 2011-10-08 22:42 -------- d-----w- c:\users\Nickolas\AppData\Roaming\H4VsAU6AhL2joV
2011-10-08 22:42 . 2011-10-09 01:33 -------- d-----w- c:\users\Nickolas\AppData\Roaming\h2Wk15jua8jxnWh
2011-10-08 22:40 . 2011-10-08 22:40 -------- d-----w- c:\users\Nickolas\AppData\Roaming\y09iwmOdu9beHtL
2011-10-08 22:39 . 2011-10-09 01:33 -------- d-----w- c:\users\Nickolas\AppData\Roaming\JScP0ycAutttBII
2011-10-08 22:38 . 2011-10-08 22:38 -------- d-----w- c:\users\Nickolas\AppData\Roaming\sY4lLoOK2lWvTD
2011-10-08 22:38 . 2011-10-08 22:38 -------- d-----w- c:\users\Nickolas\AppData\Roaming\p0mYymhNGhNpRBb
2011-10-08 22:38 . 2011-10-08 22:38 -------- d-----w- c:\users\Nickolas\AppData\Roaming\P43oDu10AxUYhRK
2011-10-08 22:38 . 2011-10-08 22:38 -------- d-----w- c:\users\Nickolas\AppData\Roaming\aSeGenCGCDZAKN6
2011-10-08 22:38 . 2011-10-08 22:38 -------- d-----w- c:\users\Nickolas\AppData\Roaming\p5yR2CQN9bwa0hm
2011-10-08 22:38 . 2011-10-08 22:38 -------- d-----w- c:\users\Nickolas\AppData\Roaming\LRpkarstdyTGBQV
2011-10-08 22:38 . 2011-10-08 22:38 -------- d-----w- c:\users\Nickolas\AppData\Roaming\jde2Wk1WCy
2011-10-08 22:38 . 2011-10-08 22:38 -------- d-----w- c:\users\Nickolas\AppData\Roaming\ArP1uSi2boF4pGG
2011-10-08 22:36 . 2011-10-08 22:36 -------- d-----w- c:\users\Nickolas\AppData\Roaming\qStlhEQpS
2011-10-08 22:35 . 2011-10-09 01:33 -------- d-----w- c:\users\Nickolas\AppData\Roaming\bX9LJmo4ouOwE5n
2011-10-08 22:35 . 2011-10-08 22:35 -------- d-----w- c:\users\Nickolas\AppData\Roaming\hp2PUfaDyBjX
2011-10-08 20:36 . 2011-10-08 20:36 -------- d-----w- c:\programdata\WSTB
2011-10-08 07:54 . 2011-10-08 07:54 546816 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2011-10-08 07:54 . 2011-10-08 07:54 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-08 07:54 . 2011-10-08 07:54 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-08 07:54 . 2011-10-08 07:54 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2011-10-08 07:54 . 2011-10-08 07:54 160256 ----a-w- c:\windows\system32\wextract.exe
2011-10-08 07:54 . 2011-10-08 07:54 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-10-08 07:54 . 2011-10-08 07:54 66048 ----a-w- c:\program files\Internet Explorer\JSProfilerCore.dll
2011-10-08 07:54 . 2011-10-08 07:54 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-10-07 23:59 . 2011-10-08 07:39 -------- d-----w- c:\users\Nickolas\AppData\Roaming\vWPL1RoeJA
2011-10-07 23:58 . 2011-10-08 07:39 -------- d-----w- c:\users\Nickolas\AppData\Roaming\cKIbfrDEl2KIbfr
2011-10-07 23:57 . 2011-10-07 23:57 -------- d-----w- c:\users\Nickolas\AppData\Roaming\hRL9gTXqjCkVzNx
2011-10-07 23:56 . 2011-10-07 23:56 -------- d-----w- c:\users\Nickolas\AppData\Roaming\WnqSfPsw3Rydl4w
2011-10-07 23:55 . 2011-10-07 23:55 -------- d-----w- c:\users\Nickolas\AppData\Roaming\GH0Rbl82YQt83kH
2011-10-07 23:55 . 2011-10-07 23:55 -------- d-----w- c:\users\Nickolas\AppData\Roaming\JF9AWVQwDZcE
2011-10-07 23:55 . 2011-10-07 23:55 -------- d-----w- c:\users\Nickolas\AppData\Roaming\PbYnImrHBJzQIGC
2011-10-07 23:55 . 2011-10-07 23:55 -------- d-----w- c:\users\Nickolas\AppData\Roaming\fu92q3YokpVpwbh
2011-10-07 23:55 . 2011-10-07 23:55 -------- d-----w- c:\users\Nickolas\AppData\Roaming\kumh0Hhy5wvdebf
2011-10-07 23:55 . 2011-10-07 23:55 -------- d-----w- c:\users\Nickolas\AppData\Roaming\BNdPJBaInqS7OHe
2011-10-07 23:55 . 2011-10-07 23:57 -------- d-----w- c:\users\Nickolas\AppData\Roaming\ddl4TuWBnX2gSLx
2011-10-07 23:55 . 2011-10-07 23:55 -------- d-----w- c:\users\Nickolas\AppData\Roaming\LnRNQeb9xHVaIG
2011-10-07 23:55 . 2011-10-07 23:55 -------- d-----w- c:\users\Nickolas\AppData\Roaming\CEBmknhvZufxKN
2011-10-07 23:55 . 2011-10-07 23:55 -------- d-----w- c:\users\Nickolas\AppData\Roaming\gxQepZ1g1gc8N8u
2011-10-07 23:55 . 2011-10-07 23:55 -------- d-----w- c:\users\Nickolas\AppData\Roaming\zBFfO4ZuJrnqc7U
2011-10-07 23:55 . 2011-10-07 23:55 -------- d-----w- c:\users\Nickolas\AppData\Roaming\TufAKN6rm
2011-10-07 23:55 . 2011-10-07 23:55 -------- d-----w- c:\users\Nickolas\AppData\Roaming\bj29AdVpZuJrFYi
2011-10-07 09:33 . 2011-10-08 07:39 -------- d-----w- c:\users\Nickolas\AppData\Roaming\kVxiG7jlc4Lr1m
2011-10-07 09:32 . 2011-10-07 09:32 -------- d-----w- c:\users\Nickolas\AppData\Roaming\Zx6IpXu7x
2011-10-07 09:31 . 2011-10-08 07:39 -------- d-----w- c:\users\Nickolas\AppData\Roaming\CnrsvOZpIKbVf3l
2011-10-07 09:30 . 2011-10-07 09:30 -------- d-----w- c:\users\Nickolas\AppData\Roaming\w3m7gYOyvnmJ8Ye
2011-10-07 09:29 . 2011-10-07 09:29 -------- d-----w- c:\users\Nickolas\AppData\Roaming\FeHVpj2fzakn
2011-10-07 09:28 . 2011-10-07 09:28 -------- d-----w- c:\users\Nickolas\AppData\Roaming\SpgeushzbW
2011-10-07 09:15 . 2011-10-07 09:15 -------- d-----w- c:\users\Nickolas\AppData\Roaming\NiFn5QWR9XjeVOu
2011-10-07 09:15 . 2011-10-07 09:15 -------- d-----w- c:\users\Nickolas\AppData\Roaming\lbGdLjVubG6fTYV
2011-10-07 09:15 . 2011-10-07 09:15 -------- d-----w- c:\users\Nickolas\AppData\Roaming\b0Sbp5d7LTjeVO
2011-10-07 09:15 . 2011-10-07 09:15 -------- d-----w- c:\users\Nickolas\AppData\Roaming\RglS4dhO1pdYB1
2011-10-07 09:15 . 2011-10-07 09:15 -------- d-----w- c:\users\Nickolas\AppData\Roaming\pqlcmEhl0v4QRwI
2011-10-07 09:15 . 2011-10-07 09:15 -------- d-----w- c:\users\Nickolas\AppData\Roaming\dwVBPcvo45JERhw
2011-10-07 09:15 . 2011-10-07 09:15 -------- d-----w- c:\users\Nickolas\AppData\Roaming\OJfTCzAiGdLjVx2
2011-10-07 09:15 . 2011-10-07 09:15 -------- d-----w- c:\users\Nickolas\AppData\Roaming\RCrx1n6fZwtSosL
2011-10-07 09:11 . 2011-10-07 09:11 -------- d-----w- c:\users\Nickolas\AppData\Roaming\NmKwzS58jOS5W9X
2011-10-07 09:11 . 2011-10-07 09:11 -------- d-----w- c:\users\Nickolas\AppData\Roaming\eTB0pH7LTje
2011-10-07 09:05 . 2011-10-07 09:05 -------- d-----w- c:\users\Nickolas\AppData\Roaming\KhVx1FsLqwetc
2011-10-07 09:05 . 2011-10-07 09:05 -------- d-----w- c:\users\Nickolas\AppData\Roaming\xmsWJE8ZhCkVOtP
2011-10-07 09:05 . 2011-10-07 09:05 -------- d-----w- c:\users\Nickolas\AppData\Roaming\jsWJE8ZhCk
2011-10-07 09:05 . 2011-10-07 09:05 -------- d-----w- c:\users\Nickolas\AppData\Roaming\aFH9IA369wtbmEh
2011-10-07 09:05 . 2011-10-07 09:05 -------- d-----w- c:\users\Nickolas\AppData\Roaming\jXrvG8jrunWXz
2011-10-07 09:05 . 2011-10-07 09:05 -------- d-----w- c:\users\Nickolas\AppData\Roaming\HuFna6KRgqCIztA
2011-10-07 09:03 . 2011-10-08 07:39 -------- d-----w- c:\users\Nickolas\AppData\Roaming\bZPm9NGhNFKC0GE
2011-10-07 09:02 . 2011-10-07 09:02 -------- d-----w- c:\users\Nickolas\AppData\Roaming\yKIbZzGhNnRVp9N
2011-10-06 01:36 . 2011-10-06 04:34 101376 ----a-w- c:\windows\SysWow64\srrstr.dll
2011-10-04 04:30 . 2011-10-04 04:30 388096 ----a-r- c:\users\Nickolas\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-04 04:30 . 2011-10-04 04:30 -------- d-----w- c:\program files (x86)\Trend Micro
2011-10-04 01:26 . 2011-10-04 01:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-04 00:40 . 2011-10-08 20:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-04 00:40 . 2011-10-04 00:42 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-10-03 23:10 . 2011-10-03 23:10 -------- d-----w- c:\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2011-10-03 22:54 . 2011-10-03 22:54 -------- d-----w- c:\windows\system32\SPReview
2011-10-03 21:43 . 2011-10-03 21:43 -------- d-----w- c:\users\Nickolas\AppData\Roaming\Malwarebytes
2011-10-03 21:40 . 2011-10-03 21:40 -------- d-----w- c:\programdata\Malwarebytes
2011-10-03 21:40 . 2011-09-01 00:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-03 21:16 . 2011-10-03 21:16 -------- d-----w- c:\users\Nickolas\AppData\Roaming\T0ucS1ibDoGaHsJ
2011-10-03 21:16 . 2011-10-03 21:16 -------- d-----w- c:\users\Nickolas\AppData\Roaming\qqjYCwkIVlNx
2011-10-03 09:26 . 2011-08-07 17:52 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-10-02 19:39 . 2011-10-02 19:39 -------- d-----w- c:\users\Nickolas\AppData\Roaming\UA0ucS2ib3n4Q6W
2011-10-02 19:39 . 2011-10-02 19:39 -------- d-----w- c:\users\Nickolas\AppData\Roaming\afRL9gTXqYeIrOt
2011-10-02 19:34 . 2011-10-02 19:34 -------- d-----w- c:\users\Nickolas\AppData\Roaming\b00yycAA1iv2oF4
2011-10-02 19:34 . 2011-10-02 19:34 -------- d-----w- c:\users\Nickolas\AppData\Roaming\twwkkUVVelBtz
2011-10-02 19:34 . 2011-10-03 22:43 -------- d-----w- c:\users\Nickolas\AppData\Roaming\Z99ggTXXqjYekVr
2011-10-02 19:34 . 2011-10-02 19:34 -------- d-----w- c:\users\Nickolas\AppData\Roaming\hpnnGG5aQ
2011-09-29 16:20 . 2011-09-29 16:22 -------- d-----w- C:\628115aeb294d674fa3a27
2011-09-25 23:19 . 2011-09-25 23:19 -------- d-----w- c:\users\Nickolas\AppData\Local\Mozilla
2011-09-24 02:32 . 2011-09-24 02:33 -------- d-----w- c:\program files\iTunes
2011-09-24 02:32 . 2011-09-24 02:32 -------- d-----w- c:\program files\iPod
2011-09-24 02:30 . 2011-09-24 02:30 -------- d-----w- c:\program files\Bonjour
2011-09-24 02:30 . 2011-09-24 02:30 -------- d-----w- c:\program files (x86)\Bonjour
2011-09-24 02:29 . 2011-09-24 02:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-09-24 02:29 . 2011-09-24 02:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-09-24 02:29 . 2011-09-24 02:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-09-24 02:29 . 2011-09-24 02:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-09-24 02:29 . 2011-09-24 02:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-09-24 02:29 . 2011-09-24 02:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-09-24 02:29 . 2011-09-24 02:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-09-24 02:29 . 2011-09-24 02:29 -------- d-----w- c:\program files (x86)\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 23:14 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-10-03 23:14 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-09-26 01:58 . 2011-08-07 09:23 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-12 17:32 . 2010-03-11 06:20 35664 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2011-08-21 03:39 . 2011-08-21 03:39 65536 ----a-r- c:\users\Nickolas\AppData\Roaming\Microsoft\Installer\{E52FE20A-8D42-4B25-8C69-63E0AA9DC2C1}\NewShortcut13_29A08217E4E34B148338A38AE49035C5.exe
2011-08-21 03:39 . 2011-08-21 03:39 65536 ----a-r- c:\users\Nickolas\AppData\Roaming\Microsoft\Installer\{E52FE20A-8D42-4B25-8C69-63E0AA9DC2C1}\NewShortcut12_E52D111283C64D2E90346906A612B4DC.exe
2011-08-21 03:39 . 2011-08-21 03:39 65536 ----a-r- c:\users\Nickolas\AppData\Roaming\Microsoft\Installer\{E52FE20A-8D42-4B25-8C69-63E0AA9DC2C1}\ARPPRODUCTICON.exe
2011-08-07 17:52 . 2011-08-07 17:52 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-21 21:59 . 2011-08-07 17:50 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-07-16 05:41 . 2011-08-10 16:02 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-10 16:02 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-10 16:02 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-10 16:02 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-10 16:02 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:21 . 2011-08-10 16:02 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:21 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:29 . 2011-08-10 16:02 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26 . 2011-08-10 16:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:25 . 2011-08-10 16:02 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:24 . 2011-08-10 16:02 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:24 . 2011-08-10 16:02 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:15 . 2011-08-10 16:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 16:02 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:21 . 2011-08-10 16:02 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:17 . 2011-08-10 16:02 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 16:02 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 16:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-12 18:34 . 2011-07-12 18:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:34 . 2011-07-12 18:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 18:34 . 2011-07-12 18:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 18:34 . 2011-07-12 18:34 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-12 18:20 . 2011-07-12 18:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-07-12 18:20 . 2011-07-12 18:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-08_22.14.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-27 21:35 . 2011-10-08 22:36 51144 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-08 22:37 45556 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-10 20:16 . 2011-10-08 22:45 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-10 20:16 . 2011-10-08 20:12 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-10-08 20:12 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-08 22:45 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-11 04:27 . 2011-10-08 22:38 2286 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-710015600-33390846-3289928336-1001_UserData.bin
- 2011-10-08 22:13 . 2011-10-08 22:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-08 22:47 . 2011-10-08 22:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-08 22:47 . 2011-10-08 22:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-08 22:13 . 2011-10-08 22:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-10-08 20:16 624178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-10-08 22:21 624178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-10-08 22:21 106522 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-10-08 20:16 106522 c:\windows\system32\perfc009.dat
- 2010-03-10 20:16 . 2011-10-08 20:12 196608 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-10 20:16 . 2011-10-08 22:45 196608 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 05:01 . 2011-10-08 22:46 362856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-10-08 22:12 362856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-03-11 05:51 . 2011-10-08 22:46 2043604 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-710015600-33390846-3289928336-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Macromedia Update"="c:\windows\system32\config\systemprofile\AppData\Local\Google\GoogleUpdate\Googleupdt32.DLL" [2011-10-06 132096]
"Malwarebytes' Update"="c:\windows\system32\config\systemprofile\AppData\Local\Sunbelt Software\SunbeltUpdate\Sunbeltupdt32.DLL" [2011-10-06 132096]
"AppDataLow Update"="c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.DLL" [2011-10-06 132096]
.
c:\users\Nickolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
crss.exe [2011-10-8 69120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [x]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [x]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2010-06-14 89600]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\AVG\AVG9\avgemc.exe [2010-07-21 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-07-18 308136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-26 136176]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-26 136176]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-08-07 17152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 20:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-26 07:50]
.
2011-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-26 07:50]
.
2011-09-27 c:\windows\Tasks\HPCeeScheduleForNickolas.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-24 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-24 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-24 408600]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-14 487424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Nickolas\AppData\Roaming\Mozilla\Firefox\Profiles\kjpi10i2.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-fOBzPPuu00Auuui8234A - c:\users\Nickolas\AppData\Roaming\bX9LJmo4ouOwE5n\yS22b1ccNzz.exe
Wow6432Node-HKCU-Run-vlOtS3pb322bD8234A - c:\users\Nickolas\AppData\Roaming\QfgqXUIyAiF5Kh\YyomQ66WLKRLXZh.exe
Wow6432Node-HKCU-Run-wyub3mWE6dQQsJd8234A - c:\users\Nickolas\AppData\Roaming\t0cSFn6EZUBt1\RdfLTqhUwCIzOt.exe
Wow6432Node-HKCU-Run-wBtrCYwkVe8234A - c:\users\Nickolas\AppData\Roaming\cqkzcbnsLwtxA0c\yooGGaH5Jf9.exe
Wow6432Node-HKCU-Run-O9UelPi1uNNxP0N8234A - c:\users\Nickolas\AppData\Roaming\tpa79qCVlzAc3mJ\EwzuoF3oH5QQKK7.exe
Wow6432Node-HKCU-Run-vktcvoG6LZt1op68234A - c:\users\Nickolas\AppData\Roaming\gqrDsLI0npd\Wz1onsLhwlySoHQ.exe
Wow6432Node-HKCU-Run-txSio5KLqkrOP1i8234A - c:\users\Nickolas\AppData\Roaming\Z4QKTwOzyb4sLRU\GDns5KgCrv.exe
Wow6432Node-HKCU-Run-TzcS3a6hXeBtSDn8234A - c:\users\Nickolas\AppData\Roaming\KwOzyb4sLRUBuDn\NKgCrvpQW9ZYVPv.exe
Wow6432Node-HKCU-Run-toFmmaHs5mGmpp38234A - c:\users\Nickolas\AppData\Roaming\hmdRqkAbGJf9ZwB\YkOxSpsdRjUlBPA.exe
Wow6432Node-HKCU-Run-jQSIgmckdpukq8234A - c:\users\Nickolas\AppData\Roaming\aanuVhEF1ITKQDx\kpxCHuV8HAe.exe
Wow6432Node-HKCU-Run-gqRQ1OYdFyCWDVJ8234A - c:\users\Nickolas\AppData\Roaming\YvuuxlUXhfWHHmF\ZnnammGGFulk.exe
Wow6432Node-HKCU-Run-NsDOgmyXHuZ40kR8234A - c:\users\Nickolas\AppData\Roaming\zIq7acjdpy94c\ts1lh5cV8F0j8ai.exe
Wow6432Node-HKCU-Run-JmxCWDVJ1lhEpyq8234A - c:\users\Nickolas\AppData\Roaming\YvuuxlUXhfWHHmF\zON0PyNOIgE7sm2.exe
Wow6432Node-HKCU-Run-zBjTfavPlX8234A - c:\users\Nickolas\AppData\Roaming\fYUByuSS1obbpoF\arejqZRKQp.exe
Wow6432Node-HKCU-Run-Klh63yq61UX8mvz8234A - c:\users\Nickolas\AppData\Roaming\YvuuxlUXhfWHHmF\zON0PyNOIgE7sm2.exe
Wow6432Node-HKCU-Run-SVNyD2bbbDn5ERX8234A - c:\users\Nickolas\AppData\Roaming\zPPxPAoF46EZw\gOtyopHKLqw.exe
Wow6432Node-HKCU-Run-VLLWGStU9aSx8234A - c:\users\Nickolas\AppData\Roaming\REZqeVrezNN0u1\gT9Ld7s3SAj85F.exe
Wow6432Node-HKCU-Run-N2BjTfavPlX6b0k8234A - c:\users\Nickolas\AppData\Roaming\fYUByuSS1obbpoF\arejqZRKQp.exe
Wow6432Node-HKCU-Run-oU87HoylXfm0OqJ8234A - c:\users\Nickolas\AppData\Roaming\fYUByuSS1obbpoF\arejqZRKQp.exe
Wow6432Node-HKCU-Run-pqjYlzASDnmQdER8234A - c:\users\Nickolas\AppData\Roaming\kTXklPAomQ6\t9jrNuS2paaH78Y.exe
Wow6432Node-HKCU-Run-Ezxuinpmaa4nDiA8234A - c:\users\Nickolas\AppData\Roaming\kTXklPAomQ6\fcDomJKWfTkeIBI.exe
Wow6432Node-HKCU-Run-zfjO1a7hO14dY8234A - c:\users\Nickolas\AppData\Roaming\munJqlSF7hO1pEX\tdTBumKqrvnKqzS.exe
Wow6432Node-HKCU-Run-qQfjO1a7hO14dYO8234A - c:\users\Nickolas\AppData\Roaming\mxD6gU03sRVynJ9\j4dTBumKqrvnKqz.exe
Wow6432Node-HKCU-Run-A1mRtFRrbKNn9eN8234A - c:\users\Nickolas\AppData\Roaming\Y8Uca8UAp8eAp8e\KRku5LeuGEIc4Ew.exe
Wow6432Node-HKCU-Run-ReqTLKK8Rf7ssQQ8234A - c:\users\Nickolas\AppData\Roaming\WZKJa4mmaoDuyrk\XXRfd4oDAy.exe
Wow6432Node-HKCU-Run-tupWXV036g8234A - c:\users\Nickolas\AppData\Roaming\FakAF6gkADQgO1a\APFglvQ9lvQTzo6.exe
Wow6432Node-HKCU-Run-TaRUN2nHTzb6qND8234A - c:\users\Nickolas\AppData\Roaming\aTVxDWqObWhxosg\s1nHdgXlNvFsKTU.exe
Wow6432Node-HKCU-Run-TGKqrSnJqrcs8234A - c:\users\Nickolas\AppData\Roaming\EisY04EXto\t13KjOS5fj.exe
Wow6432Node-HKCU-Run-ZBazdxKPfygi92X8234A - c:\users\Nickolas\AppData\Roaming\WOJt7zdyWxf0EuL\Ast6NRvgbq3YoX4.exe
Wow6432Node-HKCU-Run-maLvagN4Tt8234A - c:\users\Nickolas\AppData\Roaming\yTzb6qNDHghVt13\zBc2mJ8YVtu469l.exe
Wow6432Node-HKCU-Run-EcfuLFCGI68234A - c:\users\Nickolas\AppData\Roaming\way70Ec81g\AbjFC5ValHOJ.exe
Wow6432Node-HKCU-Run-LEl28r3fzGjSWeS8234A - c:\users\Nickolas\AppData\Roaming\yTzb6qNDHghVt13\Xc2mJ8YVtu.exe
Wow6432Node-HKCU-Run-pWeSWO4qy5U4Y168234A - c:\users\Nickolas\AppData\Roaming\GgN4TtG8xn\N2El28r3fzG.exe
Wow6432Node-HKCU-Run-EY16lpTA6kbLNmw8234A - c:\users\Nickolas\AppData\Roaming\bN4TtG8xnEV2El2\njSWeSWO4qy5.exe
Wow6432Node-HKCU-Run-r16lpTA6kbLNmwi8234A - c:\users\Nickolas\AppData\Roaming\bN4TtG8xnEV2El2\gGjSWeSWO4qy5U4.exe
Wow6432Node-HKCU-Run-uwkwhhf6HoiNzBk8234A - c:\users\Nickolas\AppData\Roaming\mqqZ8LKKKfE7m4b\EH5mF2Su0xtlVeC.exe
Wow6432Node-HKCU-Run-WKk16Y0HZ8234A - c:\users\Nickolas\AppData\Roaming\Ii8zmwuKBmXuKrp\osVoRP5wu6lbLy.exe
Wow6432Node-HKCU-Run-fjrcnKqlishxoWh8234A - c:\users\Nickolas\AppData\Roaming\hJqrcnJqecFQZVN\a8jzSG8qzS.exe
Wow6432Node-HKCU-Run-Yz1nHdRwINv4sEZ8234A - c:\users\Nickolas\AppData\Roaming\fcGTym8C05\lKqlS47hlS4d.exe
Wow6432Node-HKCU-Run-Uz2JXPo6qNn8234A - c:\users\Nickolas\AppData\Roaming\ahI03dTIAD\Gt37w04dwc.exe
Wow6432Node-HKCU-Run-Sna6KEgqCIlt08234A - c:\users\Nickolas\AppData\Roaming\To3ma6KRhqCIrNA\ri3GQd7LTjeVOxu.exe
Wow6432Node-HKCU-Run-Oc3Q7gCl0b8234A - c:\users\Nickolas\AppData\Roaming\qVltPy1Dn4HQd8Z\rPuFs6fXlNv3Q8T.exe
Wow6432Node-HKCU-Run-XTjeBzy0Sbp5HWf8234A - c:\users\Nickolas\AppData\Roaming\Zy1Dbp5JE\rXlrNxu2Fma6.exe
Wow6432Node-HKCU-Run-mDfrmU27r3TxmCv8234A - c:\users\Nickolas\AppData\Roaming\qIbfr3LlDgPHkD8\Pjv8y5U2RNQwbLt.exe
Wow6432Node-HKCU-Run-shAWBngxQY17lnh8234A - c:\users\Nickolas\AppData\Roaming\waCifBaYiE\A5U2RNQwbLtHwvK.exe
Wow6432Node-HKCU-Run-XkFLOGqusU3RyJl8234A - c:\users\Nickolas\AppData\Roaming\waCifBaYiE\qU2RNQwbLtHwvKt.exe
Wow6432Node-HKCU-Run-VcS0yxyxP0AvFFn8234A - c:\users\Nickolas\AppData\Roaming\JScP0ycAutttBII\JqEmFboSiicy1vu.exe
Wow6432Node-HKCU-Run-iHZN37C0FLV1s9t8234A - c:\users\Nickolas\AppData\Roaming\XLV1a8r15Z\EvsZBDQhzbWjypf.exe
Wow6432Node-HKCU-Run-h544HsdfRghwVCB8234A - c:\users\Nickolas\AppData\Roaming\LqYXjqXgqLKKdQG\geVUjYYhqhXwXXZ.exe
Wow6432Node-HKCU-Run-wkIUltx0SbopmGH8234A - c:\users\Nickolas\AppData\Roaming\xUeCjqYRRR8dQ30\BlekkwCwUUUYYwh.exe
Wow6432Node-HKCU-Run-keu59ri6qtofkc8234A - c:\users\Nickolas\AppData\Roaming\PQhzbWjypfkSHZN\J7C0FLV1s9todwy.exe
Wow6432Node-HKCU-Run-Gjumhy5Yc5XAQj28234A - c:\users\Nickolas\AppData\Roaming\IZzpZz3Rz3Rz3gt\jOnLloEloKI3LOp.exe
Wow6432Node-HKCU-Run-L9O3LloLOn8B2dj8234A - c:\users\Nickolas\AppData\Roaming\mRNGTx5Xxajum\c5Yc5XAQj2Kk3Lz.exe
Wow6432Node-HKCU-Run-GHZOiHglSmglv7X8234A - c:\users\Nickolas\AppData\Roaming\zkcQ9V1HZOD7VDE\ltb6wN38eua9.exe
Wow6432Node-HKCU-Run-rO9ihFeJcZbC8234A - c:\users\Nickolas\AppData\Roaming\cZvhFl6x93wHtE1\te5zKvgDIsx8Dwp.exe
Wow6432Node-HKCU-Run-t8gqwltPAiaEYB08234A - c:\users\Nickolas\AppData\Roaming\ehXeBzt0ivvFnH\KCz0baH6Rqwt1.exe
Wow6432Node-HKCU-Run-LPski7VDEev6CSW8234A - c:\users\Nickolas\AppData\Roaming\TqN37IcHZOvWYzn\mtb8Bb8C0HCcHqP.exe
Wow6432Node-HKCU-Run-YSWkifNaZx4ZPm98234A - c:\users\Nickolas\AppData\Roaming\qn7Ytb8Bb8C0HCc\APmqPski7VDEev6.exe
Wow6432Node-HKCU-Run-vpXPbdjyp7e04Lr8234A - c:\users\Nickolas\AppData\Roaming\NmqPski7VDEev6\aWkifNaZx4ZPm.exe
Wow6432Node-HKCU-Run-v3sZIy3JqeSfNoZ8234A - c:\users\Nickolas\AppData\Roaming\VQKgwBconasE\egkPS5Gm78h.exe
Wow6432Node-HKCU-Run-ttf1qFl7cZFen8234A - c:\users\Nickolas\AppData\Roaming\B7NGhvZi8y\XJOWAL1hoY2wpe5.exe
Wow6432Node-HKCU-Run-KpqiLzpgNF8234A - c:\users\Nickolas\AppData\Roaming\wgIPo69ku4\iuWk2Z0g1Etmq.exe
Wow6432Node-HKCU-Run-mB5TxaZP4TN4hc58234A - c:\users\Nickolas\AppData\Roaming\wgIPo69ku4\sVnLzdAfxpXuKkF.exe
Wow6432Node-HKCU-Run-aiZoXFjmIHzHl6O8234A - c:\users\Nickolas\AppData\Roaming\ntRpBE192qDj\aaVpVGearQzKx.exe
Wow6432Node-HKCU-Run-L5IaVaVWPRv8234A - c:\users\Nickolas\AppData\Roaming\xkarQlWPEPE\wGI6NsBEcgvho.exe
Wow6432Node-HKCU-Run-WQOdOW08c8234A - c:\users\Nickolas\AppData\Roaming\kohoXFYnYDZSEBH\gwo90RuftWxse4V.exe
Wow6432Node-HKCU-Run-r3Wki5quHZIu8234A - c:\users\Nickolas\AppData\Roaming\Fu6YcGjAHw1JqxH\ApEri5T26UDdCAo.exe
Wow6432Node-HKCU-Run-cdwA6YPDJqrSmRI8234A - c:\users\Nickolas\AppData\Roaming\lcGLl3JVu\JEeuQLkyG.exe
Wow6432Node-HKCU-Run-FNaZBu5gk0F8CA48234A - c:\users\Nickolas\AppData\Roaming\CxnTyGTN4hP3fIi\IxKw1JjAG7Yz3Wj.exe
Wow6432Node-HKCU-Run-LIcagUybKC08234A - c:\users\Nickolas\AppData\Roaming\N9PbKhODdXtFZB\eFWTOuQglDJXOpf.exe
Wow6432Node-HKCU-Run-RIcagUybKC08234A - c:\users\Nickolas\AppData\Roaming\k1QjNDsKriHYcm\eFWTOuQglDJXOpf.exe
Wow6432Node-HKCU-Run-lsReumglvGEU8234A - c:\users\Nickolas\AppData\Roaming\h2Wk15jua8jxnWh\RbdjPFEU048ev6q.exe
Wow6432Node-HKCU-Run-GsXNpLIyF68234A - c:\users\Nickolas\AppData\Roaming\HzbWYNmRkcF\VTO3JXNb6qy5.exe
Wow6432Node-HKCU-Run-FkgKaywd28234A - c:\users\Nickolas\AppData\Roaming\fUmBdxLiUsyhpBK\fTacUgGvrj6oPXd.exe
Wow6432Node-HKCU-Run-uF69CxipWjl1FJh8234A - c:\users\Nickolas\AppData\Roaming\mWj0nKUxDJVD8I3\KQ8ecFQECxo5Kjk.exe
Wow6432Node-HKCU-Run-A9CxipWjl1FJhIO8234A - c:\users\Nickolas\AppData\Roaming\mWj0nKUxDJVD8I3\RecFQECxo5Kjkxv.exe
Wow6432Node-HKCU-Run-h79Crt0128234A - c:\users\Nickolas\AppData\Roaming\T7ZktuosE\z0os8Utb5EXzS.exe
Wow6432Node-HKCU-Run-oKcToUmOdPd8234A - c:\users\Nickolas\AppData\Roaming\NR4ukgHcXJiuIJD\Z7Ah5xqaNfvUQy9.exe
Wow6432Node-HKCU-Run-Vna6Kf9ZYkrNxu18234A - c:\users\Nickolas\AppData\Roaming\LGaHWf9XYkVOxu\Z3nQd7LTjeVOxu2.exe
Wow6432Node-HKLM-Run-G11ivD2on4pm5sJ8234A - c:\windows\system32\config\systemprofile\AppData\Roaming\CWWWJ77dEL8ZhYw\uVeelOBtP0yc.exe
Wow6432Node-HKLM-Run-ovvvS2iiF3p8234A - c:\windows\system32\config\systemprofile\AppData\Roaming\Q888fRRL9hT\IqjjUCekIBrzNyA.exe
Wow6432Node-HKLM-Run-T44aaQHH6sW78234A - c:\windows\system32\ANNttxAA0uS2iDp.exe
Wow6432Node-HKLM-Run-WIIIBrrzO8234A - c:\windows\system32\VKKK8ffRL9hTqjC.exe
Wow6432Node-HKLM-Run-F555aJJ6dW8fL9T8234A - c:\windows\system32\LNNNyxxA1uv2oFp.exe
Wow6432Node-HKLM-Run-cSS22ibbDpnG8234A - c:\windows\system32\QYYCCekkIVrONxA.exe
Wow6432Node-HKLM-Run-g44aamH6sWJ7ELg8234A - c:\windows\system32\sccSS1ibD3o.exe
Wow6432Node-HKLM-Run-I44aamHH5sJ7dLR8234A - c:\windows\system32\a11iivDD3o.exe
Wow6432Node-HKLM-Run-WhhhTTXqjUCeIBz8234A - c:\windows\system32\j33ppmGG5aQ6dKf.exe
Wow6432Node-HKLM-Run-VaaQQJ66dWKfR9h8234A - c:\windows\system32\TvvvS22obF3m.exe
Wow6432Node-HKLM-Run-v99ggTqjYC8234A - c:\windows\system32\W3ppnnG5aQH6WKf.exe
Wow6432Node-HKLM-Run-joobbF3pmG5adW88234A - c:\windows\system32\fPPNNyxA1u.exe
Wow6432Node-HKLM-Run-SammHH6sWJ7fL8234A - c:\windows\system32\ZDD33onnG.exe
Wow6432Node-HKLM-Run-fwwjjUCelIBrzNx8234A - c:\windows\system32\ZdEEKK8fRZ9h.exe
Wow6432Node-HKLM-Run-AGG55aQQJ8234A - c:\windows\system32\JPNNyxxA1uv2oF3.exe
Wow6432Node-HKLM-Run-UnGGG4aQH6sW7f8234A - c:\windows\system32\mSS22ibbD3.exe
Wow6432Node-HKLM-Run-Y444ammH6sW7f8234A - c:\windows\system32\niiibDD3o.exe
Wow6432Node-HKLM-Run-AAA11vv2o8234A - c:\windows\system32\sqhhYXXwkUVlBz.exe
Wow6432Node-HKLM-Run-O22iibD33nG4aHs8234A - c:\windows\system32\hrrzzONtxA0u.exe
Wow6432Node-HKLM-Run-d11iibD3onG4mHs8234A - c:\windows\system32\plllONNtxP0c.exe
Wow6432Node-HKLM-Run-maaQJ66dWK8234A - c:\windows\system32\YyyyxAA1uv2ob3m.exe
Wow6432Node-HKLM-Run-UbbDD3oon4am6sJ8234A - c:\windows\system32\uCwwkkIVrlONxPu.exe
Wow6432Node-HKLM-Run-iivvDD2onF4pH8234A - c:\windows\system32\dwwwkUUVelOtz0y.exe
Wow6432Node-HKLM-Run-pxxA11uvS2ob3pG8234A - c:\windows\system32\QjjUUCelIBr.exe
Wow6432Node-HKLM-Run-GQQH6ddWKfRLgTq8234A - c:\windows\system32\XqqjUUCekIBzOyA.exe
Wow6432Node-HKLM-Run-FF44ppmG5sJ68234A - c:\windows\system32\RllIIBtzPNycAuD.exe
Wow6432Node-HKLM-Run-fL9TqjYCwI8234A - c:\windows\system32\DiibD3pnG4QHsK.exe
Wow6432Node-HKLM-Run-NellIBrzNyx1uSo8234A - c:\windows\system32\EG55sQJ6dK8fZhX.exe
Wow6432Node-HKLM-Run-XH6ssWJ7EL8234A - c:\windows\system32\xttxP0ucS1bDoG.exe
Wow6432Node-HKLM-Run-yUUCCllBzPyx1v28234A - c:\windows\system32\XsQJJddK8fR9T.exe
Wow6432Node-HKLM-Run-FTZjYCkIrONt8234A - c:\windows\system32\kibbD3pnGaQHW7.exe
Wow6432Node-HKLM-Run-mggTZqqYCw8234A - c:\windows\system32\PbDD3onG4mH6W7.exe
Wow6432Node-HKLM-Run-RF44amH5sJ7dLg8234A - c:\windows\system32\bUVVrlOBxP0ySiD.exe
Wow6432Node-HKLM-Run-yxAuS2ibD3nGaHs8234A - c:\windows\system32\KQ66dWK7fL9TqYe.exe
Wow6432Node-HKLM-Run-REEK8gRZ9hX8234A - c:\windows\system32\DAA11vv2onFpHs.exe
Wow6432Node-HKLM-Run-jK8ffLL9TqjUeIr8234A - c:\windows\system32\rBrzzNNxA1uSoF3.exe
Wow6432Node-HKLM-Run-QucSSiiD3pn4QH8234A - c:\windows\system32\nffRL9gTXqYCkVz.exe
Wow6432Node-HKLM-Run-x2iibD3pG4aQ6W78234A - c:\windows\system32\vfRRL9gTXjYCkVz.exe
Wow6432Node-HKLM-Run-IggTZqjYCwIVlNx8234A - c:\windows\system32\q0ucc22bD3pGHsK.exe
Wow6432Node-HKLM-Run-TSS1ibD3on4aHsJ8234A - c:\windows\system32\ogTTZqjYwkIVlNx.exe
Wow6432Node-HKLM-Run-lrzOOyyA0uv2bFp8234A - c:\windows\system32\n8fRR99hXjCk.exe
Wow6432Node-HKLM-Run-hDD3pnn4aQ6sKfL8234A - c:\windows\system32\VNNtxA0uc.exe
Wow6432Node-HKLM-Run-LppmG5aQJ6WKfLh8234A - c:\windows\system32\vCellIBrPNyA1v2.exe
Wow6432Node-HKLM-Run-wssWW77EL8RZhXk8234A - c:\windows\system32\PrlOOtxPycS1v3n.exe
Wow6432Node-HKLM-Run-g5sQQ66EK8fZhX8234A - c:\windows\system32\deIIBtzPNcA1v2b.exe
Wow6432Node-HKLM-Run-fIIBrzPNyx1uSoF8234A - c:\windows\system32\sG5ssJJ6EKR9hXj.exe
Wow6432Node-HKLM-Run-FkkIVrzONtA0c2b8234A - c:\windows\system32\u33pnGGaQHdWfLg.exe
Wow6432Node-HKLM-Run-UdEKK8fR9hTXjC8234A - c:\windows\system32\aNyycA1uv2ob4m5.exe
Wow6432Node-HKLM-Run-chYCCkkVr8234A - c:\windows\system32\s44aaHHsWJ7E8T.exe
Wow6432Node-HKLM-Run-SJJ7dEL8gRqYwkV8234A - c:\windows\system32\rDD33nF4m.exe
Wow6432Node-HKLM-Run-ZamHHssJ7fE8TZh8234A - c:\windows\system32\bVrllONtP0uc1b3.exe
Wow6432Node-HKLM-Run-irzPPNyx1uvSoFp8234A - c:\windows\system32\SJ66dEK8fZ9hXjC.exe
Wow6432Node-HKLM-Run-F4aQQ66sK8234A - c:\windows\system32\gzzONtxA0uS2b3.exe
Wow6432Node-HKLM-Run-OmGG5sQJ6E8234A - c:\windows\system32\oBttzPNyc1uv2b.exe
Wow6432Node-HKLM-Run-CmmG5aQJ6dK8R9T8234A - c:\windows\system32\pCeelIBrzNyx1v2.exe
Wow6432Node-HKLM-Run-DeelIBrzPNx8234A - c:\windows\system32\U5sQQ66EK8fZhX.exe
Wow6432Node-HKLM-Run-IUUCelIBrzNyAuS8234A - c:\windows\system32\T8ffRZ9hT.exe
Wow6432Node-HKLM-Run-RivvD3on4amHsJd8234A - c:\windows\system32\iZqqhYCwkVrlBx0.exe
Wow6432Node-HKLM-Run-eEEK8fRZ9hXwUeI8234A - c:\windows\system32\ivD22obFpmGsQ.exe
Wow6432Node-HKLM-Run-tvDD2onFpmH5Q8234A - c:\windows\system32\gYXXwkUVeOBtPyA.exe
Wow6432Node-HKLM-Run-AssQJ7dEK8RZ8234A - c:\windows\system32\ZzPP0ycA1vD2n4m.exe
Wow6432Node-HKLM-Run-AHH6sWJ7fE8gZhC8234A - c:\windows\system32\TONNtPPucSib3n4.exe
Wow6432Node-HKLM-Run-jxP00ucSibD3n4m8234A - c:\windows\system32\mELL9gTZqYCwIrO.exe
Wow6432Node-HKLM-Run-o44pmH5sQJdE8R98234A - c:\windows\system32\fBtzz00yA1iDo.exe
Wow6432Node-HKLM-Run-yqjjYCwkVrlOtPu8234A - c:\windows\system32\uHH6sWW7fE9g.exe
Wow6432Node-HKLM-Run-EyycA1ivD2nFp8234A - c:\windows\system32\DggRRqqYXwUVlBz.exe
Wow6432Node-HKLM-Run-XF4ppGGsQJ6E8RZ8234A - c:\windows\system32\yVeelIBtPNyc1v2.exe
Wow6432Node-HKLM-Run-BAA1uvD2oF4pGsJ8234A - c:\windows\system32\KRZZ9hYXwUVeItP.exe
Wow6432Node-HKLM-Run-rFF44mm5sQ7dKgZ8234A - c:\windows\system32\VUVeeOOBzP0cAiD.exe
Wow6432Node-HKLM-Run-cBBrzONyxAuv2b38234A - c:\windows\system32\ufRLL9hTqjUe.exe
Wow6432Node-HKLM-Run-eZZqqYYwkUrlBx8234A - c:\windows\system32\d3oonG4am6sW7E8.exe
Wow6432Node-HKLM-Run-mNNtxP0ucS8234A - c:\windows\system32\NfELLggZqjYwIr.exe
Wow6432Node-HKLM-Run-nG55sQJ6dK8fZTw8234A - c:\windows\system32\DeelIBBzPNcAuDo.exe
Wow6432Node-HKLM-Run-a2ibbF3pG5aH68234A - c:\windows\system32\tXqjjCCkIBrOyA0.exe
Wow6432Node-HKLM-Run-dJ7ddEK9hYXjVlB8234A - c:\windows\system32\RD22onF4mH5.exe
Wow6432Node-HKLM-Run-kOBttPP0cA1vDoF8234A - c:\windows\system32\vELL8gRZhYXwU.exe
Wow6432Node-HKLM-Run-sccS2ibD3nG8234A - c:\windows\system32\cTXqqjYCkIVrOtA.exe
Wow6432Node-HKLM-Run-attxA0ucS2bDp8234A - c:\windows\system32\GK77RL9gXqjCkVr.exe
Wow6432Node-HKLM-Run-IA11uvS2b8234A - c:\windows\system32\DTTXXjjCelIrPy.exe
Wow6432Node-HKLM-Run-LhhTXqqUCeIBzNx8234A - c:\windows\system32\v2oobF3pG5aQ6W8.exe
Wow6432Node-HKLM-Run-GzzONyxA0uS2b3n8234A - c:\windows\system32\OdWKKffL9hTqUek.exe
Wow6432Node-HKLM-Run-YlOOBtzPycA1v2n8234A - c:\windows\system32\HWJJ7dEL8RZqYwU.exe
Wow6432Node-HKLM-Run-d3ppnG4aQ6sW7E98234A - c:\windows\system32\uCeekIVrzNtx0c2.exe
Wow6432Node-HKLM-Run-BhYXXjjVelItP8234A - c:\windows\system32\W2onn44pH5sJdEg.exe
Wow6432Node-HKLM-Run-G55sQJJdEKgR98234A - c:\windows\system32\OBtzz00cA1iDon4.exe
Wow6432Node-HKLM-Run-KddEE88RZ98234A - c:\windows\system32\kA1uuvD2bF4mGs.exe
Wow6432Node-HKLM-Run-K8ggRZqhYwkUeOt8234A - c:\windows\system32\RnnF4amH5sJ.exe
Wow6432Node-HKLM-Run-nVrrzONtA0uc2b38234A - c:\windows\system32\NddWK77RL9TXjCk.exe
Wow6432Node-HKLM-Run-qJJ77EE8gRqh8234A - c:\windows\system32\ZP0yycS1vD3nFaH.exe
Wow6432Node-HKLM-Run-kCeelIBrzNyx1v8234A - c:\windows\system32\sG55sQJ6dK8fZhX.exe
Wow6432Node-HKLM-Run-h7dEEL8gZqhX8234A - c:\windows\system32\nyccS1ivDonFaHs.exe
Wow6432Node-HKLM-Run-DlIIBzPNyA1uDo8234A - c:\windows\system32\j5ssQJ7dE8gR9Yw.exe
Wow6432Node-HKLM-Run-a1iivD2oF4pm5Q78234A - c:\windows\system32\o8gRZqhYwkUeOBz.exe
Wow6432Node-HKLM-Run-hFF44mm5sQ7d8234A - c:\windows\system32\mVeelOBtz0yc1v2.exe
Wow6432Node-HKLM-Run-Wiivv33nF4mHsJd8234A - c:\windows\system32\yZqqhYCwkVrlBx0.exe
Wow6432Node-HKLM-Run-p99gTqqYCwkVlNx8234A - c:\windows\system32\iucSSiiD3pn4Q6s.exe
Wow6432Node-HKLM-Run-z9hhTXqjUekIrOy8234A - c:\windows\system32\VS2ooFFpmG5Q6W8.exe
Wow6432Node-HKLM-Run-AuvvD2obF8234A - c:\windows\system32\QXXwjUUelItzNc.exe
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-10-08 18:39:58
ComboFix-quarantined-files.txt 2011-10-09 01:39
ComboFix2.txt 2011-10-08 22:21
.
Pre-Run: 181,404,737,536 bytes free
Post-Run: 181,730,340,864 bytes free
.
- - End Of File - - B8FFB841AA84E63A55AA1CC4F2B5FA6E

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:29 PM

Posted 11 October 2011 - 11:05 AM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\Nickolas\AppData\Roaming\UF9ufu7lHV5zJBm
c:\users\Nickolas\AppData\Roaming\NR4ukgHcXJiuIJD
c:\users\Nickolas\AppData\Roaming\yHQd8ZYjeBP
c:\users\Nickolas\AppData\Roaming\UbkQOf1hFUs
c:\users\Nickolas\AppData\Roaming\Uz3Rzp9NpLlbWhx
c:\users\Nickolas\AppData\Roaming\yhjeIzNx0Si3GQ6
c:\users\Nickolas\AppData\Roaming\P7sQHs6apbb
c:\users\Nickolas\AppData\Roaming\WDeJAw5xXaOfcZn
c:\users\Nickolas\AppData\Roaming\gS1ivvb3bnovvSi
c:\users\Nickolas\AppData\Roaming\bVeIBzOtPPIIBVl
c:\users\Nickolas\AppData\Roaming\c54G4mGGQs77sGG
c:\users\Nickolas\AppData\Roaming\LwnXohvfAWzQkD9
c:\users\Nickolas\AppData\Roaming\T7ZktuosE
c:\users\Nickolas\AppData\Roaming\fQInC3qvZ18ydzH
c:\users\Nickolas\AppData\Roaming\mWj0nKUxDJVD8I3
c:\users\Nickolas\AppData\Roaming\ExLiUsyhpBKbOTa
c:\users\Nickolas\AppData\Roaming\fUmBdxLiUsyhpBK
c:\users\Nickolas\AppData\Roaming\v8cKN6rQBGCpY
c:\users\Nickolas\AppData\Roaming\HzbWYNmRkcF
c:\users\Nickolas\AppData\Roaming\NY0agluHTO2dCAn
c:\users\Nickolas\AppData\Roaming\fyGq0Ww1JU
c:\users\Nickolas\AppData\Roaming\H4VsAU6AhL2joV
c:\users\Nickolas\AppData\Roaming\h2Wk15jua8jxnWh
c:\users\Nickolas\AppData\Roaming\y09iwmOdu9beHtL
c:\users\Nickolas\AppData\Roaming\JScP0ycAutttBII
c:\users\Nickolas\AppData\Roaming\sY4lLoOK2lWvTD
c:\users\Nickolas\AppData\Roaming\p0mYymhNGhNpRBb
c:\users\Nickolas\AppData\Roaming\P43oDu10AxUYhRK
c:\users\Nickolas\AppData\Roaming\aSeGenCGCDZAKN6
c:\users\Nickolas\AppData\Roaming\p5yR2CQN9bwa0hm
c:\users\Nickolas\AppData\Roaming\LRpkarstdyTGBQV
c:\users\Nickolas\AppData\Roaming\jde2Wk1WCy
c:\users\Nickolas\AppData\Roaming\ArP1uSi2boF4pGG
c:\users\Nickolas\AppData\Roaming\qStlhEQpS
c:\users\Nickolas\AppData\Roaming\bX9LJmo4ouOwE5n
c:\users\Nickolas\AppData\Roaming\hp2PUfaDyBjX
c:\users\Nickolas\AppData\Roaming\vWPL1RoeJA
c:\users\Nickolas\AppData\Roaming\cKIbfrDEl2KIbfr
c:\users\Nickolas\AppData\Roaming\hRL9gTXqjCkVzNx
c:\users\Nickolas\AppData\Roaming\WnqSfPsw3Rydl4w
c:\users\Nickolas\AppData\Roaming\GH0Rbl82YQt83kH
c:\users\Nickolas\AppData\Roaming\JF9AWVQwDZcE
c:\users\Nickolas\AppData\Roaming\PbYnImrHBJzQIGC
c:\users\Nickolas\AppData\Roaming\fu92q3YokpVpwbh
c:\users\Nickolas\AppData\Roaming\kumh0Hhy5wvdebf
c:\users\Nickolas\AppData\Roaming\BNdPJBaInqS7OHe
c:\users\Nickolas\AppData\Roaming\ddl4TuWBnX2gSLx
c:\users\Nickolas\AppData\Roaming\LnRNQeb9xHVaIG
c:\users\Nickolas\AppData\Roaming\CEBmknhvZufxKN
c:\users\Nickolas\AppData\Roaming\gxQepZ1g1gc8N8u
c:\users\Nickolas\AppData\Roaming\zBFfO4ZuJrnqc7U
c:\users\Nickolas\AppData\Roaming\TufAKN6rm
c:\users\Nickolas\AppData\Roaming\bj29AdVpZuJrFYi
c:\users\Nickolas\AppData\Roaming\kVxiG7jlc4Lr1m
c:\users\Nickolas\AppData\Roaming\Zx6IpXu7x
c:\users\Nickolas\AppData\Roaming\CnrsvOZpIKbVf3l
c:\users\Nickolas\AppData\Roaming\w3m7gYOyvnmJ8Ye
c:\users\Nickolas\AppData\Roaming\FeHVpj2fzakn
c:\users\Nickolas\AppData\Roaming\SpgeushzbW
c:\users\Nickolas\AppData\Roaming\NiFn5QWR9XjeVOu
c:\users\Nickolas\AppData\Roaming\lbGdLjVubG6fTYV
c:\users\Nickolas\AppData\Roaming\b0Sbp5d7LTjeVO
c:\users\Nickolas\AppData\Roaming\RglS4dhO1pdYB1
c:\users\Nickolas\AppData\Roaming\pqlcmEhl0v4QRwI
c:\users\Nickolas\AppData\Roaming\dwVBPcvo45JERhw
c:\users\Nickolas\AppData\Roaming\OJfTCzAiGdLjVx2
c:\users\Nickolas\AppData\Roaming\RCrx1n6fZwtSosL
c:\users\Nickolas\AppData\Roaming\NmKwzS58jOS5W9X
c:\users\Nickolas\AppData\Roaming\eTB0pH7LTje
c:\users\Nickolas\AppData\Roaming\KhVx1FsLqwetc
c:\users\Nickolas\AppData\Roaming\xmsWJE8ZhCkVOtP
c:\users\Nickolas\AppData\Roaming\jsWJE8ZhCk
c:\users\Nickolas\AppData\Roaming\aFH9IA369wtbmEh
c:\users\Nickolas\AppData\Roaming\jXrvG8jrunWXz
c:\users\Nickolas\AppData\Roaming\HuFna6KRgqCIztA
c:\users\Nickolas\AppData\Roaming\bZPm9NGhNFKC0GE
c:\users\Nickolas\AppData\Roaming\yKIbZzGhNnRVp9N
c:\users\Nickolas\AppData\Roaming\UA0ucS2ib3n4Q6W
c:\users\Nickolas\AppData\Roaming\afRL9gTXqYeIrOt
c:\users\Nickolas\AppData\Roaming\b00yycAA1iv2oF4
c:\users\Nickolas\AppData\Roaming\twwkkUVVelBtz
c:\users\Nickolas\AppData\Roaming\Z99ggTXXqjYekVr
c:\users\Nickolas\AppData\Roaming\hpnnGG5aQ

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Nickolas F

Nickolas F
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 11 October 2011 - 11:16 AM

Gringo, you want me to run that today - October 11? I'm a bit confused. Things seem to be okay, and there's been a three-day gap between when I posted and when you posted. Let me know this is what you want, and I'll do it. But I'm a bit wary of doing that now, without being certain you're aware of how we're doing.

Nickolas

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:29 PM

Posted 11 October 2011 - 11:36 AM

Yes those are still part of the infection


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Nickolas F

Nickolas F
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 11 October 2011 - 12:07 PM

Thanks for the clarification. I'll run that as soon as I get back from today's road trip. Thank you!

Nick

#11 Nickolas F

Nickolas F
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 12 October 2011 - 04:22 AM

Okay, problem!

I copied the lines, put them on notepad, and dragged them to ComboFix. I let it run. Just after it started, it said, "Are you trying to run CFScript? CFScript is misspelled." Given no other choice, I hit Okay. The entire thing shut down and went no further. What happened?

Nick

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:29 PM

Posted 12 October 2011 - 04:26 AM

try it once more


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Nickolas F

Nickolas F
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 12 October 2011 - 04:36 AM

I just did. I dragged the new notepad script over to it again (since I have no way of knowing if it's worked any other time), and tried it again. Same thing. "CFScript appears to be misspelt."

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:29 PM

Posted 12 October 2011 - 05:54 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Nickolas F

Nickolas F
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 12 October 2011 - 03:11 PM

Okay, I've run OTL. I did it without disabling my anti-spyware, anti-malware, and anti-virus.

This is the contents of OTL.txt...

OTL logfile created on: 10/12/2011 12:58:24 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Nickolas\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 58.42% Memory free
7.61 Gb Paging File | 5.03 Gb Available in Paging File | 66.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.60 Gb Total Space | 168.65 Gb Free Space | 59.26% Space Free | Partition Type: NTFS
Drive D: | 13.20 Gb Total Space | 2.19 Gb Free Space | 16.57% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 95.88 Mb Free Space | 96.52% Space Free | Partition Type: FAT32

Computer Name: NICKOLAS-PC | User Name: Nickolas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Nickolas\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7f94f6b13f92f1e093716d3e15bf86d1\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\b7d1c271ec6b4df64c95563fc81ffc2f\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c60906a715473ceccf93f0559527e84d\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8b3b6ed74cb3d94695b0eaf94a362d42\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5566b57732d9edea236f54d06149835a\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (avg9emc) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (RTL8187) -- C:\Windows\SysNative\drivers\RTL8187.sys (Realtek Semiconductor Corporation )
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-710015600-33390846-3289928336-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKU\S-1-5-21-710015600-33390846-3289928336-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-710015600-33390846-3289928336-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-710015600-33390846-3289928336-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50545

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0
FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9
FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1
FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/10 21:53:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/03 19:37:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/10 21:53:01 | 000,000,000 | ---D | M]

[2011/06/09 11:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nickolas\AppData\Roaming\Mozilla\Extensions
[2011/06/09 11:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nickolas\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
[2011/10/08 18:11:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nickolas\AppData\Roaming\Mozilla\Firefox\Profiles\kjpi10i2.default\extensions
[2011/10/03 19:37:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
File not found (No name found) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
File not found (No name found) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
File not found (No name found) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
File not found (No name found) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
File not found (No name found) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
File not found (No name found) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG
[2011/09/28 23:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/28 17:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/05 06:30:14 | 000,002,223 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\websearch.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/10/08 18:33:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-710015600-33390846-3289928336-1001\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\.DEFAULT..\Run: [AppDataLow Update] C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.DLL (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Macromedia Update] C:\Windows\SysWow64\config\systemprofile\AppData\Local\Google\GoogleUpdate\Googleupdt32.DLL (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Malwarebytes' Update] C:\Windows\SysWow64\config\systemprofile\AppData\Local\Sunbelt Software\SunbeltUpdate\Sunbeltupdt32.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [AppDataLow Update] C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [Macromedia Update] C:\Windows\SysWow64\config\systemprofile\AppData\Local\Google\GoogleUpdate\Googleupdt32.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [Malwarebytes' Update] C:\Windows\SysWow64\config\systemprofile\AppData\Local\Sunbelt Software\SunbeltUpdate\Sunbeltupdt32.DLL (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-710015600-33390846-3289928336-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-710015600-33390846-3289928336-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/60.10/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49EF537B-5BA7-499A-9B19-460BBF0580FC}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/12 02:34:53 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/11 09:01:26 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\0A124
[2011/10/11 09:00:52 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\6580A
[2011/10/08 18:41:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/08 18:40:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/08 15:45:47 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\igvoFmsJdKgZIPu
[2011/10/08 15:45:04 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\IQJ7dEg9XjltyAu
[2011/10/08 15:45:03 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\nOBxyS1vDoFa
[2011/10/08 15:45:03 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\DonFamH5s7E8RhX
[2011/10/08 15:45:02 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\ArlOtPucSiaHs7L
[2011/10/08 15:45:02 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\ArlONtPcSiDoa6J
[2011/10/08 15:44:59 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\ZweB01Dnp57g9XU
[2011/10/08 15:44:59 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\TJdEL8gZYkeB01D
[2011/10/08 15:44:57 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\V0ucS1ibDoGa6W7
[2011/10/08 15:44:57 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\FibD3oG4a6W7E8Z
[2011/10/08 15:44:46 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\LGaHWf9XYkVOxu
[2011/10/08 15:44:41 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\UF9ufu7lHV5zJBm
[2011/10/08 15:44:41 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\lF3na6KRT
[2011/10/08 15:44:41 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\i1Sbpma6KRhqCIz
[2011/10/08 15:44:40 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Sp5Jd8ZTjeBPy1S
[2011/10/08 15:44:39 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Sms7ELgqXU
[2011/10/08 15:44:39 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\SFms7ELgqX
[2011/10/08 15:44:37 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\f9XYkrNxu2DnaHs
[2011/10/08 15:44:34 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\in4HW7LRhwVtAop
[2011/10/08 15:44:33 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\rs7LTjwIlt0SiDG
[2011/10/08 15:44:30 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\mwVIzyA1u2
[2011/10/08 15:44:29 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\SkNc3m7Twrt0c1D
[2011/10/08 15:44:29 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\RNc3m7Twrt0
[2011/10/08 15:44:27 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\m8ARbjGBQt
[2011/10/08 15:44:25 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\l8cKydNHknYbLv8
[2011/10/08 15:44:23 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\EIGhvgvY2hSLv7N
[2011/10/08 15:44:21 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\bpCpC3TSEAZ
[2011/10/08 15:44:12 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\FCeVOtAci
[2011/10/08 15:44:10 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\fJ7dEL8gRqYkeBP
[2011/10/08 15:44:06 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\XQRhjerNAvo35
[2011/10/08 15:44:06 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Pm8hjerNAvo
[2011/10/08 15:44:06 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\oPNcu2Fms6KRhwC
[2011/10/08 15:44:06 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Nm8hjerNAvo
[2011/10/08 15:44:04 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\kdcZbeQyRik
[2011/10/08 15:43:55 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\NR4ukgHcXJiuIJD
[2011/10/08 15:43:51 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\yHQd8ZYjeBP
[2011/10/08 15:43:51 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\UbkQOf1hFUs
[2011/10/08 15:43:45 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Uz3Rzp9NpLlbWhx
[2011/10/08 15:43:43 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\yhjeIzNx0Si3GQ6
[2011/10/08 15:43:33 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\P7sQHs6apbb
[2011/10/08 15:43:32 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\WDeJAw5xXaOfcZn
[2011/10/08 15:43:30 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\gS1ivvb3bnovvSi
[2011/10/08 15:43:30 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\bVeIBzOtPPIIBVl
[2011/10/08 15:43:29 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\c54G4mGGQs77sGG
[2011/10/08 15:43:25 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\LwnXohvfAWzQkD9
[2011/10/08 15:42:50 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\T7ZktuosE
[2011/10/08 15:42:35 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\fQInC3qvZ18ydzH
[2011/10/08 15:42:32 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\mWj0nKUxDJVD8I3
[2011/10/08 15:42:32 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\ExLiUsyhpBKbOTa
[2011/10/08 15:42:30 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\fUmBdxLiUsyhpBK
[2011/10/08 15:42:27 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\v8cKN6rQBGCpY
[2011/10/08 15:42:19 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\HzbWYNmRkcF
[2011/10/08 15:42:18 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\NY0agluHTO2dCAn
[2011/10/08 15:42:17 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\fyGq0Ww1JU
[2011/10/08 15:42:13 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\H4VsAU6AhL2joV
[2011/10/08 15:42:04 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\h2Wk15jua8jxnWh
[2011/10/08 15:41:59 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\kIbHZlcGhrbJVud
[2011/10/08 15:41:58 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\D8iYowpCGBHOsNJ
[2011/10/08 15:41:58 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\cVSQZlcGhrbJVud
[2011/10/08 15:41:56 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\N9PbKhODdXtFZB
[2011/10/08 15:41:56 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\k1QjNDsKriHYcm
[2011/10/08 15:41:52 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\sLS8cJBHIJPdx7x
[2011/10/08 15:41:50 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\E3JVuRVvEeuQLky
[2011/10/08 15:41:46 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\TLXt47hIA4dhI1p
[2011/10/08 15:41:46 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\J8PsI5C3X
[2011/10/08 15:41:46 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\gLXt47hIA4dhI1
[2011/10/08 15:41:45 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\kohoXFYnYDZSEBH
[2011/10/08 15:41:43 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\lcGLl3JVu
[2011/10/08 15:41:43 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\GvmfjNoaRUNi57j
[2011/10/08 15:41:40 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\CxnTyGTN4hP3fIi
[2011/10/08 15:41:37 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\gKki7w26CDdecWV
[2011/10/08 15:41:36 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\xkarQlWPEPE
[2011/10/08 15:41:35 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Fu6YcGjAHw1JqxH
[2011/10/08 15:41:33 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\ntRpBE192qDj
[2011/10/08 15:41:30 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\vdzQIp9P6kDElHV
[2011/10/08 15:41:29 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\VaJqUx1n5
[2011/10/08 15:41:25 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\YRy6rFYxaZ
[2011/10/08 15:41:23 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\grWuTnVQNfSXnI
[2011/10/08 15:41:21 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Jy5j2Ermj29P
[2011/10/08 15:41:15 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\irJDksPf2Cd2wHx
[2011/10/08 15:41:14 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\eodeDLB5eQrnhx6
[2011/10/08 15:41:13 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\wdNgpk6yYmtEvjQ
[2011/10/08 15:41:13 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\kdNgpk6yYmtEvjQ
[2011/10/08 15:41:11 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\wXpBWxLcCHOEFl7
[2011/10/08 15:41:11 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\WgkP3WRV0osRVDd
[2011/10/08 15:41:10 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\yEiXpBWxLcCHOEF
[2011/10/08 15:41:09 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\SEiY4ldydr4CDZ1
[2011/10/08 15:41:07 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\y1pEXrvG8jO2G7q
[2011/10/08 15:41:07 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\wXPb5LUybfOagy8
[2011/10/08 15:41:04 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\ErSGJYz0GEkPpTc
[2011/10/08 15:41:01 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\wgIPo69ku4
[2011/10/08 15:40:59 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\y09iwmOdu9beHtL
[2011/10/08 15:40:56 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\B7NGhvZi8y
[2011/10/08 15:40:54 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\SygbC6xZneQNRvq
[2011/10/08 15:40:52 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\NmqPski7VDEev6
[2011/10/08 15:40:49 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\qn7Ytb8Bb8C0HCc
[2011/10/08 15:40:49 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Q9IDdeSWjx5qA4
[2011/10/08 15:40:46 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\TqN37IcHZOvWYzn
[2011/10/08 15:40:43 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\VQKgwBconasE
[2011/10/08 15:40:43 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\au49VS4EUy4LVAs
[2011/10/08 15:40:37 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\ALloLOn8B2djc4R
[2011/10/08 15:40:36 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\zkcQ9V1HZOD7VDE
[2011/10/08 15:40:36 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\cZvhFl6x93wHtE1
[2011/10/08 15:40:35 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\ETCr0o5W9hleNv3
[2011/10/08 15:40:30 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\mRNGTx5Xxajum
[2011/10/08 15:40:30 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\chAajuHYuswSsw1
[2011/10/08 15:40:29 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\s4RtFgtFRNGTx5
[2011/10/08 15:40:26 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\ehXeBzt0ivvFnH
[2011/10/08 15:40:25 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\IZzpZz3Rz3Rz3gt
[2011/10/08 15:40:20 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\PQhzbWjypfkSHZN
[2011/10/08 15:40:18 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\XIml5lsBJP
[2011/10/08 15:40:18 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\r8r15ZlvsZBDQhz
[2011/10/08 15:40:17 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\eufOaquswbLtaXD
[2011/10/08 15:40:16 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\XLV1a8r15Z
[2011/10/08 15:40:12 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\LfOaYiLtmwv
[2011/10/08 15:40:12 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\igR8fE7J7E8KKW7
[2011/10/08 15:40:08 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\waCifBaYiE
[2011/10/08 15:40:07 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\qIbfr3LlDgPHkD8
[2011/10/08 15:40:06 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\u1G6EqIti
[2011/10/08 15:40:03 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Zy1Dbp5JE
[2011/10/08 15:40:03 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\JrNxu2Fma68LTje
[2011/10/08 15:40:02 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\xUeCjqYRRR8dQ30
[2011/10/08 15:40:02 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\mfKK67mmm3bc0VX
[2011/10/08 15:40:01 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\LqYXjqXgqLKKdQG
[2011/10/08 15:39:59 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\JScP0ycAutttBII
[2011/10/08 15:39:57 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\qVltPy1Dn4HQd8Z
[2011/10/08 15:39:56 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\hmRI26XtDKjto7h
[2011/10/08 15:39:55 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\xcshz2JXPo6qNnf
[2011/10/08 15:39:54 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\To3ma6KRhqCIrNA
[2011/10/08 15:39:50 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\fcGTym8C05
[2011/10/08 15:39:50 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\ahI03dTIAD
[2011/10/08 15:39:49 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\rwD8t4Rtb
[2011/10/08 15:39:48 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\hJqrcnJqecFQZVN
[2011/10/08 15:39:46 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Ii8zmwuKBmXuKrp
[2011/10/08 15:39:43 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\EVme5IpCbq1Ex5w
[2011/10/08 15:39:41 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\tU4Vme5IpC
[2011/10/08 15:39:37 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\zBbfBb7ViKk1WCc
[2011/10/08 15:39:34 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\bQr6tEyEcgu
[2011/10/08 15:39:34 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\bN4TtG8xnEV2El2
[2011/10/08 15:39:32 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\LRkcagrc48VSHgB
[2011/10/08 15:39:32 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\lF43FbDS0Pr6HH5
[2011/10/08 15:39:32 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\GgN4TtG8xn
[2011/10/08 15:39:29 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\mqqZ8LKKKfE7m4b
[2011/10/08 15:39:29 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\aRf7ssQQ5Ga3v
[2011/10/08 15:39:28 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\xkc4fZwOyvFJgXl
[2011/10/08 15:39:27 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\yTzb6qNDHghVt13
[2011/10/08 15:39:24 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\EisY04EXto
[2011/10/08 15:39:23 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\way70Ec81g
[2011/10/08 15:39:23 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\aTVxDWqObWhxosg
[2011/10/08 15:39:22 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\LidTVxDWqObWhxo
[2011/10/08 15:39:22 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\fidTVxDWqObWhxo
[2011/10/08 15:39:22 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\FakAF6gkADQgO1a
[2011/10/08 15:39:22 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\EidTVxDWqObWhxo
[2011/10/08 15:39:21 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\wS6rFfjzu4
[2011/10/08 15:39:18 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\WOJt7zdyWxf0EuL
[2011/10/08 15:39:15 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Y8Uca8UAp8eAp8e
[2011/10/08 15:39:14 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\mxD6gU03sRVynJ9
[2011/10/08 15:39:14 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\munJqlSF7hO1pEX
[2011/10/08 15:39:14 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\ikxD6gU03sRVynJ
[2011/10/08 15:39:08 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\WZKJa4mmaoDuyrk
[2011/10/08 15:39:07 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\AVsPgoVQyZSjGzK
[2011/10/08 15:39:01 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\yzmZBDQhro6TOb6
[2011/10/08 15:39:01 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\xzmZBDQhro6TOb6
[2011/10/08 15:39:01 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\U0mZBDQhro6TOb6
[2011/10/08 15:39:01 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\SUnZcQUoKB
[2011/10/08 15:38:57 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\sY4lLoOK2lWvTD
[2011/10/08 15:38:57 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\p0mYymhNGhNpRBb
[2011/10/08 15:38:56 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\P43oDu10AxUYhRK
[2011/10/08 15:38:55 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\aSeGenCGCDZAKN6
[2011/10/08 15:38:54 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\p5yR2CQN9bwa0hm
[2011/10/08 15:38:52 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\LRpkarstdyTGBQV
[2011/10/08 15:38:49 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\jde2Wk1WCy
[2011/10/08 15:38:39 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\ArP1uSi2boF4pGG
[2011/10/08 15:37:42 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\fYUByuSS1obbpoF
[2011/10/08 15:37:41 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\REZqeVrezNN0u1
[2011/10/08 15:37:40 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\kTXklPAomQ6
[2011/10/08 15:37:39 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\zPPxPAoF46EZw
[2011/10/08 15:37:36 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\zIq7acjdpy94c
[2011/10/08 15:37:33 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\YvuuxlUXhfWHHmF
[2011/10/08 15:37:32 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\aanuVhEF1ITKQDx
[2011/10/08 15:37:05 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\ORqkAbGJf9ZwBAS
[2011/10/08 15:37:05 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Ku3m7wByub34JRh
[2011/10/08 15:37:05 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Ku3m7gXCkzP12mJ
[2011/10/08 15:37:05 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\g9Yr0uFGH7Lhjrx
[2011/10/08 15:37:05 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\DKTY0D45W78hey
[2011/10/08 15:37:04 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\xeUwXXf77s6
[2011/10/08 15:37:04 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\KrrOBtzBIkeZgRK
[2011/10/08 15:37:04 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\hmdRqkAbGJf9ZwB
[2011/10/08 15:37:03 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\KzCTEmo1PCXRLJs
[2011/10/08 15:37:00 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Xb0twgd5o1
[2011/10/08 15:36:59 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\qStlhEQpS
[2011/10/08 15:36:53 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\KwOzyb4sLRUBuDn
[2011/10/08 15:36:50 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Z4QKTwOzyb4sLRU
[2011/10/08 15:36:42 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\cqkzcbnsLwtxA0c
[2011/10/08 15:36:41 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\wuGRCP1o5dEwz1o
[2011/10/08 15:36:37 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\t0cSFn6EZUBt1
[2011/10/08 15:36:36 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\QfgqXUIyAiF5Kh
[2011/10/08 15:36:35 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\tpa79qCVlzAc3mJ
[2011/10/08 15:36:35 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\gqrDsLI0npd
[2011/10/08 15:36:17 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\LgCBvm69YV048ki
[2011/10/08 15:36:15 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\XADv5KZlco5W8wt
[2011/10/08 15:36:15 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\KtNNNASF5KLgjYU
[2011/10/08 15:36:15 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\aE8f9ZUtySip4HK
[2011/10/08 15:36:12 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\DFmmfqrAFaf
[2011/10/08 15:36:09 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\bFpp5Hm4sJJHKgX
[2011/10/08 15:36:07 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\HffLgRRTXqZqjjj
[2011/10/08 15:35:49 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\bX9LJmo4ouOwE5n
[2011/10/08 15:35:32 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\hp2PUfaDyBjX
[2011/10/08 13:46:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/08 13:46:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/08 13:46:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/08 13:46:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/08 13:36:44 | 000,000,000 | ---D | C] -- C:\ProgramData\WSTB
[2011/10/08 00:55:35 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/10/08 00:55:32 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/10/08 00:55:31 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/10/08 00:55:31 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/10/08 00:55:30 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/10/08 00:55:30 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/10/08 00:55:30 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/10/08 00:55:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/08 00:55:29 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/10/08 00:55:29 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/10/08 00:55:29 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/10/08 00:55:27 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/10/08 00:55:27 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/10/08 00:55:26 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/10/08 00:55:26 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/10/08 00:55:26 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/10/08 00:55:26 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/10/08 00:55:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/08 00:55:25 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/10/08 00:55:24 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/10/08 00:55:24 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/10/08 00:55:23 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/10/08 00:55:23 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/10/08 00:55:21 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/10/08 00:55:21 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/10/08 00:55:18 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/08 00:55:17 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/10/08 00:55:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/10/08 00:55:15 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/10/08 00:55:14 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/10/08 00:55:14 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/10/08 00:55:14 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/10/08 00:55:12 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/10/08 00:55:11 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/10/08 00:55:09 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/10/08 00:55:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/10/08 00:55:08 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/10/08 00:55:08 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/10/08 00:55:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/10/08 00:55:08 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/10/08 00:55:07 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/10/08 00:55:07 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/10/08 00:55:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/10/08 00:55:06 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/10/08 00:55:06 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/10/08 00:55:06 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/10/08 00:55:05 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/10/08 00:55:05 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/10/08 00:55:04 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/10/08 00:55:04 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/10/08 00:55:04 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/10/08 00:55:04 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/10/08 00:55:03 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/08 00:55:03 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/10/08 00:55:02 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/10/08 00:55:02 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/10/08 00:55:02 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/10/08 00:55:02 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/10/08 00:55:02 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/10/08 00:55:01 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/10/08 00:55:01 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/10/08 00:55:01 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/10/08 00:55:00 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/08 00:55:00 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/10/08 00:54:59 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/10/08 00:54:59 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/10/08 00:54:58 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/10/08 00:54:58 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/10/08 00:54:58 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/08 00:54:57 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/10/08 00:54:57 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/10/08 00:54:56 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/10/07 17:00:55 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\DZ2XFUGIarJ0ZF
[2011/10/07 17:00:54 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\uJBpXuWzaCbZ
[2011/10/07 17:00:53 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\kCcWVmUDfP5kFTu
[2011/10/07 17:00:52 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\fIW2CaB70EAfu
[2011/10/07 17:00:51 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\IF57RXlNub5E9Ur
[2011/10/07 17:00:51 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Dn57RXlNub5E9U
[2011/10/07 17:00:50 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\LJgYVtD457R
[2011/10/07 17:00:48 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\E9XYkrNAci3na
[2011/10/07 17:00:47 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\EFVKSYmt8Dwmzdt
[2011/10/07 17:00:46 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\s70fPd07B5U
[2011/10/07 17:00:45 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\zuQTO3Jqlc4RlA4
[2011/10/07 17:00:44 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\h37wcagUP
[2011/10/07 17:00:43 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Yj4NLnksPZ2qaxg
[2011/10/07 17:00:43 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\rOLiYGzW0qat
[2011/10/07 17:00:43 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\FEc8ARvTb
[2011/10/07 17:00:41 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\pWARbksygDXF
[2011/10/07 17:00:38 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\YGdLjVx2pHEqItS
[2011/10/07 17:00:36 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\qVpC3UHtfu8ih2j
[2011/10/07 17:00:36 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\kOyiF5EhUBcD46R
[2011/10/07 17:00:35 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\d4W8YrPiFsLhVzA
[2011/10/07 17:00:32 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\FQRUN269lx2m
[2011/10/07 17:00:30 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\pBfpxC7iU
[2011/10/07 17:00:29 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\NKbVEbrJij6SBgQ
[2011/10/07 17:00:28 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\fV62I7DlfvUJuef
[2011/10/07 17:00:26 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\WpjaVHxLSYpB
[2011/10/07 17:00:26 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\KO4ZxHYcHhy5Ycs
[2011/10/07 17:00:26 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\iHx8DV62I7DlfvU
[2011/10/07 17:00:25 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\rT5BaOE0f
[2011/10/07 17:00:25 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\buJXAajSWkSfrD
[2011/10/07 16:59:30 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\vWPL1RoeJA
[2011/10/07 16:59:23 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\jFVsNRbjnwaVmO7
[2011/10/07 16:59:19 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\eB8A9cLcgSLc8NK
[2011/10/07 16:59:17 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Bz7y8uhmNTnlJ
[2011/10/07 16:59:16 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\eDVfvOg2IQyL3V
[2011/10/07 16:59:15 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\vwFXbwbj5r
[2011/10/07 16:59:15 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\SA7tW0RnlQzdx
[2011/10/07 16:59:13 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\TNgntRHNh
[2011/10/07 16:59:13 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\I6uYmcw7v
[2011/10/07 16:59:11 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\g0slFhcJl3q29uf
[2011/10/07 16:59:10 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\e3kHPgDUQuY
[2011/10/07 16:59:09 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\I2Rtaj1EtmU2gN5
[2011/10/07 16:59:08 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\zkFgAHwDg0slF
[2011/10/07 16:59:07 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\zvX5P8oUazKcq3k
[2011/10/07 16:59:07 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\YXuEI3hA6ID9x6U
[2011/10/07 16:59:06 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\O1JlFZyaC2Rtaj1
[2011/10/07 16:59:05 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\TcTbqvh2Y2Tm
[2011/10/07 16:59:05 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\chFI6A9bwmtg2Ua
[2011/10/07 16:59:04 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\cRvjne4VaVml5t6
[2011/10/07 16:59:02 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Bsw1JUvdebTcTbq
[2011/10/07 16:59:02 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Bpwpqbg0KVoLx
[2011/10/07 16:59:01 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\SqDqowHBdyR2XbY
[2011/10/07 16:59:01 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\pjGI6AR09
[2011/10/07 16:59:00 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\iGCDT18P7BGC5
[2011/10/07 16:59:00 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\DGCDT18P7BGC5e
[2011/10/07 16:58:59 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\cKIbfrDEl2KIbfr
[2011/10/07 16:58:58 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Xu6CSWk1JU
[2011/10/07 16:58:53 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\r5jvdeuHjuHq0HY
[2011/10/07 16:58:52 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\bHXudlbLyGTNn9
[2011/10/07 16:58:38 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\pGhNp9Op9rbfNmU
[2011/10/07 16:58:28 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\HJUvdkiROngNnLl
[2011/10/07 16:58:23 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\OdXzS4LV1H
[2011/10/07 16:58:22 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\WnEUcpflva9B26q
[2011/10/07 16:58:20 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\sHCi7VogPHXvEBG
[2011/10/07 16:58:19 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\sHfqru3sTkt1FJR
[2011/10/07 16:58:16 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\z8eishtbEC
[2011/10/07 16:58:13 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\mc4Kj28BF9N5Xxa
[2011/10/07 16:58:12 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\uTjCIzNAv2FGQd7
[2011/10/07 16:58:10 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\tWjxoEVDJYt2EVu
[2011/10/07 16:58:10 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\RUeBzy1vopGJEfT
[2011/10/07 16:58:10 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\BXUeBzy1vopGJEf
[2011/10/07 16:58:07 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\RS3Q7gCzb4sLqk
[2011/10/07 16:58:06 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\IPuF58TkO0iG
[2011/10/07 16:58:03 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\sIun7jO16qO
[2011/10/07 16:58:03 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\CeNiQEjOcom
[2011/10/07 16:57:38 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\hRL9gTXqjCkVzNx
[2011/10/07 16:57:37 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\AuvS2obF3m5Q6W8
[2011/10/07 16:57:36 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\vUCelIBrzx1v2
[2011/10/07 16:57:36 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\ujUCelIBryAu
[2011/10/07 16:57:36 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\ujUCelIBrx1v
[2011/10/07 16:57:36 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\tbF4pm5sQ6E8R
[2011/10/07 16:57:36 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\rK8RZTXwjClBzx1
[2011/10/07 16:57:36 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\LvD2obF4p5Q
[2011/10/07 16:57:36 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\llIBrzNA1v2b3m5
[2011/10/07 16:57:36 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\IIBrzPNyx1v2b3m
[2011/10/07 16:57:36 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\i6dEK8fRZTwUeIr
[2011/10/07 16:57:36 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\hZTXwjUCe
[2011/10/07 16:57:36 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\FEK8RZTXwUeIrx1
[2011/10/07 16:57:36 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\eelIBrzNAuSoFp
[2011/10/07 16:57:36 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\bdEK8RZTXjClBzx
[2011/10/07 16:57:36 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\bdEK8fRZ9XjClBz
[2011/10/07 16:57:36 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\BBrzPNyxAuSoFpG
[2011/10/07 16:57:36 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\BBrzNyxA1v2b3m5
[2011/10/07 16:57:35 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\y1iv2Fms7Kg9XU
[2011/10/07 16:57:35 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Q1WC0mYB1o457E
[2011/10/07 16:57:35 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\nonFmsJE8ZYkVOz
[2011/10/07 16:57:35 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\nna5sWd8ZYkVOzA
[2011/10/07 16:57:33 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\FTZqYkrOx
[2011/10/07 16:57:32 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\wYDZbgc7l4X1dlF
[2011/10/07 16:57:32 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\k2Fma6KRhqCIrOy
[2011/10/07 16:57:31 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\SDnpHQd8ghwVI
[2011/10/07 16:57:27 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\SCGB6OK0LSRv92w
[2011/10/07 16:57:25 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Fl0v4sLZYkeBPy1
[2011/10/07 16:57:23 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\XmKwzvG8wrvG8qz
[2011/10/07 16:57:23 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\mugu7tdygAZ1dBG
[2011/10/07 16:57:21 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\u4tRpP9Gy9nNLoO
[2011/10/07 16:57:21 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\tZmNTnOgnO8oV
[2011/10/07 16:57:21 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\stLoO8FrL3VEDVd
[2011/10/07 16:57:19 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\vc90WlHe5tJN8AL
[2011/10/07 16:57:19 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\uc90WlHe5tJN8AL
[2011/10/07 16:57:19 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\JSr9DVdDeEoIK2I
[2011/10/07 16:57:14 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\BnknUmUnhDTFq3q
[2011/10/07 16:56:58 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\WnqSfPsw3Rydl4w
[2011/10/07 16:56:58 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\bZvhnz7chFeJP8u
[2011/10/07 16:56:57 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\NRtHkGZcJO5
[2011/10/07 16:56:56 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\r9uEtHrae
[2011/10/07 16:56:51 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\yHBQPK18ALcgiho
[2011/10/07 16:56:51 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\GHBQPK18ALcgiho
[2011/10/07 16:56:50 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\w5Uv7lofA6Bp9za
[2011/10/07 16:56:48 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\NA8AR0fug3UplGr
[2011/10/07 16:56:44 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\E5q0mgID6wypLz3
[2011/10/07 16:56:43 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\ISm8VnEUvQYP4fl
[2011/10/07 16:56:40 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\TmknX29ufAZuL07
[2011/10/07 16:56:39 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\amCiLeDdjA5hNmh
[2011/10/07 16:56:35 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\F16kFgNGT
[2011/10/07 16:56:30 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\C3qbZiLy9DhFIQ
[2011/10/07 16:56:27 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\r7l2RufyWInCoY3
[2011/10/07 16:56:20 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\bkiWYAHYNpRPGq0
[2011/10/07 16:56:15 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\zl2EeSdjxp
[2011/10/07 16:56:12 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\whDZufAWVDEO4Z1
[2011/10/07 16:55:58 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\GH0Rbl82YQt83kH
[2011/10/07 16:55:39 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\JF9AWVQwDZcE
[2011/10/07 16:55:35 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\PbYnImrHBJzQIGC
[2011/10/07 16:55:35 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\fu92q3YokpVpwbh
[2011/10/07 16:55:26 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\kumh0Hhy5wvdebf
[2011/10/07 16:55:24 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\BNdPJBaInqS7OHe
[2011/10/07 16:55:23 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\LnRNQeb9xHVaIG
[2011/10/07 16:55:23 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\ddl4TuWBnX2gSLx
[2011/10/07 16:55:22 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\CEBmknhvZufxKN
[2011/10/07 16:55:21 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\gxQepZ1g1gc8N8u
[2011/10/07 16:55:20 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\zBFfO4ZuJrnqc7U
[2011/10/07 16:55:19 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\TufAKN6rm
[2011/10/07 16:55:19 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\bj29AdVpZuJrFYi
[2011/10/07 02:34:25 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\YuvS2ibF3n5Q6
[2011/10/07 02:34:23 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\RRZ9hYXwjVlBzNc
[2011/10/07 02:34:23 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\oivD2nF4m5Q
[2011/10/07 02:34:23 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\jycivD2nFHsJdgZ
[2011/10/07 02:34:23 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\JsQJ7dgZ9YwUeIt
[2011/10/07 02:34:23 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\FD2nF4m5sJEg
[2011/10/07 02:34:23 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\FD2nF4m5sJdg
[2011/10/07 02:34:23 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\bvD2nF4m5Q7
[2011/10/07 02:34:22 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\RrOtPc1b3GW
[2011/10/07 02:34:21 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\VwkIrNPu1
[2011/10/07 02:34:21 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\ICwkrNPu1
[2011/10/07 02:34:18 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\ZlOBtzP0ciom5Jd
[2011/10/07 02:34:17 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\eybQfXIt2aEjlu
[2011/10/07 02:34:15 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\yQRVybJZeyoQfjz
[2011/10/07 02:34:09 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\V7EgZhwUl
[2011/10/07 02:34:07 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\KOSpQdKLTCz0iGW
[2011/10/07 02:34:06 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\tN37euGLkx
[2011/10/07 02:34:06 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\cYtD5ZIvaLIi
[2011/10/07 02:34:01 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\GUzupWXrvnd9kxD
[2011/10/07 02:34:01 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\dCkVzNAuSi3GaHW
[2011/10/07 02:33:58 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\kVxiG7jlc4Lr1m
[2011/10/07 02:33:58 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\K13n4m5WdLgZYwU
[2011/10/07 02:33:57 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\nuFaKTVxiG7j
[2011/10/07 02:33:53 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\oSv3n4mH5WdLRq
[2011/10/07 02:33:52 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\TTqYwIrNx0ciDn4
[2011/10/07 02:33:52 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\gLgZjCkVOPuSiDo
[2011/10/07 02:33:52 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\f27eDEUx5XNbHTt
[2011/10/07 02:33:52 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\BLLgZjCkVOPuSiD
[2011/10/07 02:33:51 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\m1JwNp9z2a
[2011/10/07 02:33:51 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\kFEUisYy5TzbfBv
[2011/10/07 02:33:50 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\EHZxG8VvshPpZzp
[2011/10/07 02:33:49 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\WI5gNnErbJCyage
[2011/10/07 02:33:49 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\ux1n57LRqXUeBPc
[2011/10/07 02:33:49 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Hx1n57LRqXUeBPc
[2011/10/07 02:33:48 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Rub4W8hVx1n
[2011/10/07 02:33:48 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\pn6EqkxSoHfZCOy
[2011/10/07 02:33:46 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\iKRhqCIzySbpGaH
[2011/10/07 02:33:45 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\BiFsLhVtA4QKhUB
[2011/10/07 02:33:44 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\EXuWrnqc7l
[2011/10/07 02:33:43 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Bbp4HWf9ZYkrOxu
[2011/10/07 02:33:42 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Va6KRgqCI
[2011/10/07 02:33:41 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\SEO4hAQeof
[2011/10/07 02:33:40 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\pyHkbErnZ0WVD8z
[2011/10/07 02:33:40 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\dxGgt48eApJgXIc
[2011/10/07 02:33:38 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\u6XxJUvKeSH9
[2011/10/07 02:33:36 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\USTDX4UmIsr
[2011/10/07 02:33:36 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\amdZjBxSpJ
[2011/10/07 02:33:35 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\i37wyaglvshto7j
[2011/10/07 02:33:34 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\pv9vZSTiq3C4V5t
[2011/10/07 02:33:33 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\QaLCNFdXrc4ECPG
[2011/10/07 02:33:33 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\D4W9YrPiGsLhVx1
[2011/10/07 02:33:30 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\ZgXePuFsf
[2011/10/07 02:33:28 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\BC15RCyiaRCNDWj
[2011/10/07 02:33:26 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\b58lcnQZl1GRISJ
[2011/10/07 02:33:25 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\o8PQebX29cEx5Uo
[2011/10/07 02:33:24 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\vu8PQebX29cEx5U
[2011/10/07 02:33:17 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\DA5ZB2JXyodqyn
[2011/10/07 02:33:14 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\pPfFj5rHV
[2011/10/07 02:33:14 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\eYaBgFBE2XpI4k
[2011/10/07 02:33:12 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\IOTnrE2ld
[2011/10/07 02:33:12 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\hL3kJiVQv
[2011/10/07 02:33:09 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\v5LIvGKqrunsqru
[2011/10/07 02:33:09 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Oi3GQ6KEgqCkrNP
[2011/10/07 02:33:09 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\ecb4sLqkNuD4Jg
[2011/10/07 02:33:09 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Dui3GQ6KEgqCkr
[2011/10/07 02:33:08 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\kEUxm8CApKqruns
[2011/10/07 02:33:07 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\vu2Fm5JWf9XUkrN
[2011/10/07 02:33:06 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\PeBPcu2Fmsd8ZTj
[2011/10/07 02:33:03 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Lz4Y1EBF8BFKC04
[2011/10/07 02:33:03 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\fz4Y1EBF8BFKC04
[2011/10/07 02:33:00 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\yOzyAvnpHQd8ZYj
[2011/10/07 02:33:00 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\lms7E8qwO
[2011/10/07 02:32:59 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Zx6IpXu7x
[2011/10/07 02:32:58 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\PgPsU2RNdlFh0WV
[2011/10/07 02:32:57 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Du92jnrslJtstJB
[2011/10/07 02:32:57 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\dPxu2Fma6KRhqCI
[2011/10/07 02:32:57 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\BhXjeBPxu2Fma6K
[2011/10/07 02:32:56 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\F4GQd8RhXjeB
[2011/10/07 02:32:54 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Rt0Sbp4HWf9ZYkr
[2011/10/07 02:32:54 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\jbp4HWf9ZY
[2011/10/07 02:32:53 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\bSkWpOE3Vduw3e
[2011/10/07 02:32:52 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\PLwzD58jP2sRCNo
[2011/10/07 02:32:51 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\FdhVziFsK9UtNAu
[2011/10/07 02:32:49 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\dd7TCz0b4W9YVx1
[2011/10/07 02:32:47 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\W6KRhXUBzy1S
[2011/10/07 02:32:34 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\tPlqRHoSU85SNC9
[2011/10/07 02:32:30 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\lTkxFdjxn7jlS4f
[2011/10/07 02:32:29 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\zRluaLUO2QTODsT
[2011/10/07 02:32:29 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\zOQBJr6O7S
[2011/10/07 02:32:18 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\qoT2907x6ValHIQ
[2011/10/07 02:32:16 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\O93BW07x6V
[2011/10/07 02:32:15 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\uCnUaVptsIGenjb
[2011/10/07 02:32:15 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Rs2crUgH3yOj9Lf
[2011/10/07 02:32:15 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\eCnUaVptsIGenjb
[2011/10/07 02:32:13 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\nFtRFNTaNLvwH1X
[2011/10/07 02:32:12 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\toh3qFtRFNTaNLv
[2011/10/07 02:32:09 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\VGenY3qbTiR2lK2
[2011/10/07 02:32:06 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\w4rJ1wHt8oIWSjG
[2011/10/07 02:32:05 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\o1bGdLjBx2n6RqI
[2011/10/07 02:32:03 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Xr7091Z3waU4w
[2011/10/07 02:31:52 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\KYTTgL7sH4
[2011/10/07 02:31:52 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\CnrsvOZpIKbVf3l
[2011/10/07 02:31:44 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\IbutVhd3AYHSBYQ
[2011/10/07 02:31:43 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\yH0rCRdGvzg40rq
[2011/10/07 02:31:43 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\yH0rCRdGABRpNkg
[2011/10/07 02:31:40 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\EBkRdozXHnv0tT8
[2011/10/07 02:31:35 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\oyef50eWoxYKQmS
[2011/10/07 02:31:33 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\LtY8QbyUfptqsv
[2011/10/07 02:31:31 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\uhXUeIzNx0Si3GQ
[2011/10/07 02:31:29 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\FG0le965SrqWo1y
[2011/10/07 02:31:27 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\YGclgsDPkf
[2011/10/07 02:31:27 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\q30ULHurU
[2011/10/07 02:31:25 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\noFm5JdKR
[2011/10/07 02:31:21 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\ndKf9TqCkrOx0Si
[2011/10/07 02:31:20 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\TNVwqgEaburhEny
[2011/10/07 02:31:17 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Asf9TjCklNx0
[2011/10/07 02:31:14 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\AIj9fWDzIT76m4n
[2011/10/07 02:31:12 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\AR5uY7nOgmNX74S
[2011/10/07 02:31:11 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\oU8m1rTfGDB9J20
[2011/10/07 02:31:09 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\bxC73clZsvNj9m
[2011/10/07 02:31:08 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\oBZQDBR5uY7
[2011/10/07 02:31:05 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\VCdFAVK3NY94cU8
[2011/10/07 02:31:03 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\xBY74yX6iNC
[2011/10/07 02:31:02 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\eTCrtuDG6fZCrx
[2011/10/07 02:31:01 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\sJ89qkz0inQ
[2011/10/07 02:30:59 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\w3m7gYOyvnmJ8Ye
[2011/10/07 02:30:58 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\lOSFsLqwzA24
[2011/10/07 02:30:58 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\iqV0os8COS
[2011/10/07 02:30:56 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\wwGNkjWo1ytCh
[2011/10/07 02:30:56 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\wlKSIRikJncU6
[2011/10/07 02:30:55 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\IXQujQirfGyUEFN
[2011/10/07 02:30:54 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\KoB8dpPVk9
[2011/10/07 02:30:53 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\o2tRbz9DrEa
[2011/10/07 02:30:52 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\yyTQxT4OZmzLGNL
[2011/10/07 02:30:51 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Sdjcm9zpReAFQ
[2011/10/07 02:30:47 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\w0Y6cY5chml6yTp
[2011/10/07 02:30:47 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\mO9nN8nO8DXmB7S
[2011/10/07 02:30:46 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\c1h3eW2I7ikQyf2
[2011/10/07 02:30:42 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\nL4PkQNwf
[2011/10/07 02:30:41 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\WoJYz2Q9l1mhBSa
[2011/10/07 02:30:40 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\nHOJyqnU5
[2011/10/07 02:30:38 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\HDqFOdB6NdxRSq
[2011/10/07 02:30:37 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\pWtKtWPRnXvwFUa
[2011/10/07 02:30:37 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\cf1qFzg2l
[2011/10/07 02:30:35 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\qGfC048ei
[2011/10/07 02:30:35 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\JQiV9otk8
[2011/10/07 02:30:35 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\HrcGfC048ei5ZB
[2011/10/07 02:30:31 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\J0mhy5Xymwc5
[2011/10/07 02:30:24 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\Desktop\data backup
[2011/10/07 02:30:22 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\syF9zbKCuQXNF7k
[2011/10/07 02:30:21 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\oPJIGCDqDh3YnjJ
[2011/10/07 02:30:18 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\QRcKxWyWtKt
[2011/10/07 02:30:16 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\X6ZlDsZOi5Zl1Gf
[2011/10/07 02:30:13 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\zFWqNb6jA4
[2011/10/07 02:30:13 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\qo8BFfr3LOn9
[2011/10/07 02:30:10 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\X08Aj5Bd0T3VWx8
[2011/10/07 02:30:08 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\smWTBupWTI0
[2011/10/07 02:30:06 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\cbRrnTPsUvLB
[2011/10/07 02:30:01 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\KfwPoWqO1mKwN
[2011/10/07 02:29:59 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\FeHVpj2fzakn
[2011/10/07 02:29:57 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\H147XPbEjNF
[2011/10/07 02:29:56 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Zi6ZBvJZVyoshBD
[2011/10/07 02:29:38 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\UzNAvo3Ga6W8LhX
[2011/10/07 02:29:38 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\RXlrNAvo3Gdf9X
[2011/10/07 02:29:36 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\TYrtcDF5E
[2011/10/07 02:29:21 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\O0ycS1ivDo4m5W7
[2011/10/07 02:29:21 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\m4pmH5sQJdKgZhX
[2011/10/07 02:29:20 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\K8gTZqYwkVlBx0c
[2011/10/07 02:29:20 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\jTZqjYCwkV
[2011/10/07 02:29:20 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\djYCwkIVrOtP
[2011/10/07 02:29:19 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\zYkIVrzONx0c2b3
[2011/10/07 02:29:19 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\XA0uvSibFp5Hd
[2011/10/07 02:29:19 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\VRL9gTXjYeIr
[2011/10/07 02:29:19 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\j7fRL9gTXj
[2011/10/07 02:29:19 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\GdWK7fRL9TjCkVz
[2011/10/07 02:29:19 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\dL9gTXqjYeIr
[2011/10/07 02:29:19 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\dL9gTXjYCkVz
[2011/10/07 02:29:19 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\BnaQdWK7fLgXjCk
[2011/10/07 02:29:18 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\apGQ6Kf9jCkBzNx
[2011/10/07 02:29:16 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Nc1Dn4msJEgZYk
[2011/10/07 02:29:13 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\WDpJ8YePAF5dRTj
[2011/10/07 02:29:00 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\xG5a6KRgXYkrNAc
[2011/10/07 02:28:59 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\SpgeushzbW
[2011/10/07 02:28:59 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\shTXqjUCerNAvi3
[2011/10/07 02:28:58 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\JcDps7KRh
[2011/10/07 02:28:58 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\DBPcu2bpGs6KRhw
[2011/10/07 02:28:50 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\cVv6CSdCAnRISHZ
[2011/10/07 02:28:41 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Zt2sIuahriHTzD7
[2011/10/07 02:28:40 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\RVNDmd9PvpWXBA3
[2011/10/07 02:28:40 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\HIcb5Kly25fUzSa
[2011/10/07 02:28:31 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\GW9YVx234s
[2011/10/07 02:28:30 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\DjlrNAuSop5
[2011/10/07 02:28:28 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\thwVOt0S3m7RkBc
[2011/10/07 02:28:28 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\bhO0v4W8YVz1oHd
[2011/10/07 02:28:27 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\fHWf8hwVOt
[2011/10/07 02:28:22 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\l4W9YrPiGsLqkOy
[2011/10/07 02:28:17 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\sSpQK9jVtSomLCO
[2011/10/07 02:28:16 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\yN2a7TeO0b4sEZk
[2011/10/07 02:28:15 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\W5gUNoQZexFJ
[2011/10/07 02:28:15 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\lJ8Yet146ZCPSmd
[2011/10/07 02:15:40 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\NiFn5QWR9XjeVOu
[2011/10/07 02:15:40 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\lbGdLjVubG6fTYV
[2011/10/07 02:15:40 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\b0Sbp5d7LTjeVO
[2011/10/07 02:15:39 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Guard Online
[2011/10/07 02:15:38 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\RglS4dhO1pdYB1
[2011/10/07 02:15:38 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\pqlcmEhl0v4QRwI
[2011/10/07 02:15:37 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\dwVBPcvo45JERhw
[2011/10/07 02:15:35 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\OJfTCzAiGdLjVx2
[2011/10/07 02:15:32 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\RCrx1n6fZwtSosL
[2011/10/07 02:11:54 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\NmKwzS58jOS5W9X
[2011/10/07 02:11:54 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\eTB0pH7LTje
[2011/10/07 02:05:34 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\KhVx1FsLqwetc
[2011/10/07 02:05:33 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\xmsWJE8ZhCkVOtP
[2011/10/07 02:05:33 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\jsWJE8ZhCk
[2011/10/07 02:05:33 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\aFH9IA369wtbmEh
[2011/10/07 02:05:32 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\jXrvG8jrunWXz
[2011/10/07 02:05:32 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\HuFna6KRgqCIztA
[2011/10/07 02:04:48 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\YyL3VHPqnOL2I8o
[2011/10/07 02:04:42 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\UDes1jHSkL40Y5x
[2011/10/07 02:04:40 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\os7LThCUlt0Svo
[2011/10/07 02:04:39 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\ZOY74Aw5AjWp
[2011/10/07 02:04:39 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\HqDC4VstdN8A8u
[2011/10/07 02:04:38 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\rk9HvtZFz
[2011/10/07 02:04:37 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\J92q5kalW0EAZvT
[2011/10/07 02:04:34 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\hz0b5WLqkOuDaW9
[2011/10/07 02:04:32 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\YOBPci3Fms7LhVO
[2011/10/07 02:04:31 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\JPci3Fms7
[2011/10/07 02:04:30 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\FPci3GmsJEgq
[2011/10/07 02:04:28 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\SEEdJ5pFiDSBwf5
[2011/10/07 02:04:25 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\irKPESZDXFjpkQO
[2011/10/07 02:04:25 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\hDN8FPRmNLpr
[2011/10/07 02:04:24 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\I9auYs1X6uqQ
[2011/10/07 02:04:20 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\aBIeqgLKav0lw9K
[2011/10/07 02:04:19 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\kASbp5Hd7Lg
[2011/10/07 02:04:03 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Pwd41ILdGiPeg6
[2011/10/07 02:04:03 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\j8oeKbrR3I71X4l
[2011/10/07 02:04:03 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\CduCW2I7cw5zKv
[2011/10/07 02:03:56 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\bZPm9NGhNFKC0GE
[2011/10/07 02:03:54 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\SSagrisRODde2EU
[2011/10/07 02:03:48 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\xrKSZGVmV4j
[2011/10/07 02:03:44 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Pwy4dXzoEUcmRe
[2011/10/07 02:03:44 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\bXzoEUcmRe1
[2011/10/07 02:03:43 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\kmglnLV1H8jypfl
[2011/10/07 02:03:42 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\pdmG44s5oANkg7a
[2011/10/07 02:03:42 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\OEvXmzfiCQtEc
[2011/10/07 02:03:40 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\fRz4gBFfBFRz3gt
[2011/10/07 02:03:38 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\ZxwJvVEDBhdpclV
[2011/10/07 02:03:36 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\d1Jj1JUvdeSW
[2011/10/07 02:03:34 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\ZH3clZ8fdnic0Ie
[2011/10/07 02:03:34 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\sbWwi7VoKIbfIb
[2011/10/07 02:03:34 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\cVoKIbfIb
[2011/10/07 02:03:32 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\QpAUfabPUgEWH3S
[2011/10/07 02:03:31 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\sIKbz94cVLnyjfG
[2011/10/07 02:03:30 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\NN7ygvhbC5I
[2011/10/07 02:03:27 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\eaAZGr71hmyqH0k
[2011/10/07 02:03:25 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\HRFz9Gr7chFIKbz
[2011/10/07 02:03:23 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\bZkBc3m7RwOc2m7
[2011/10/07 02:03:22 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\ANT4PZmPhmNXQNL
[2011/10/07 02:03:20 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\oAXpraVHB7yKNdr
[2011/10/07 02:03:16 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\OcF6hIvG8jN2QfX
[2011/10/07 02:03:11 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\ZGZBoWjxn
[2011/10/07 02:03:11 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\gwfotg4Nh50
[2011/10/07 02:03:11 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\gCHcwstKSjQ
[2011/10/07 02:03:09 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\gKIbfVi7VDE
[2011/10/07 02:03:08 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\tpq2gc9u7O
[2011/10/07 02:03:08 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Iq0Qj06CSWwS
[2011/10/07 02:03:00 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\rkoYDqiRA8xW
[2011/10/07 02:03:00 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\IuHCiEN4YiEBmX1
[2011/10/07 02:02:48 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\yKIbZzGhNnRVp9N
[2011/10/07 02:02:46 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\OvJUv7VDdCSWk
[2011/10/07 02:02:40 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Py4LUcmZIDs
[2011/10/07 02:02:36 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\XsRVynJ9lybQZlA
[2011/10/07 02:02:32 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\tL0707zsI6ILv92
[2011/10/07 02:02:31 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\DhS48VcpKwzvmEh
[2011/10/07 02:02:28 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\cBx2pHfTINcDaKq
[2011/10/07 02:02:27 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\BVybQ9ex2pJLjBx
[2011/10/07 02:02:26 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\z7hI1pEXI1
[2011/10/07 02:02:22 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\BoEUcmglvQTzbJT
[2011/10/07 02:02:21 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\PkF9N6k3TP5k291
[2011/10/07 02:02:20 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\wTA6kDg0JOHkn
[2011/10/07 02:02:20 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\BaXAaXAaqPaqPaq
[2011/10/07 02:02:19 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\yRrFRr3Er3E
[2011/10/07 02:02:19 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Dbfzm9OaqcfOaC1
[2011/10/07 02:02:18 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\FlDdev6Uv6Cc
[2011/10/07 02:02:13 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\HKjypRrF8k2dY0H
[2011/10/07 02:02:13 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Gjyp8e1Qq0
[2011/10/07 02:02:12 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\umgl1HZl15ge1G9
[2011/10/07 02:02:12 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\h1WXcp8eusReAm8
[2011/10/07 02:02:11 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\r1sXcHhym9Nm
[2011/10/05 18:36:41 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srrstr.dll
[2011/10/03 21:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/10/03 21:30:44 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/10/03 19:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/10/03 18:26:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/03 17:40:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/10/03 17:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/10/03 17:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/10/03 16:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2011/10/03 16:10:58 | 000,000,000 | ---D | C] -- C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
[2011/10/03 15:54:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/10/03 14:43:08 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Malwarebytes
[2011/10/03 14:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/03 14:40:33 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/10/03 14:39:33 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Nickolas\Desktop\mbam-setup.exe
[2011/10/03 14:16:58 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\T0ucS1ibDoGaHsJ
[2011/10/03 14:16:58 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\qqjYCwkIVlNx
[2011/10/02 12:39:16 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\UA0ucS2ib3n4Q6W
[2011/10/02 12:39:16 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\afRL9gTXqYeIrOt
[2011/10/02 12:34:33 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Cloud AV
[2011/10/02 12:34:33 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\b00yycAA1iv2oF4
[2011/10/02 12:34:32 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\twwkkUVVelBtz
[2011/10/02 12:34:25 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\Z99ggTXXqjYekVr
[2011/10/02 12:34:25 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Roaming\hpnnGG5aQ
[2011/09/29 09:20:08 | 000,000,000 | ---D | C] -- C:\628115aeb294d674fa3a27
[2011/09/25 16:19:22 | 000,000,000 | ---D | C] -- C:\Users\Nickolas\AppData\Local\Mozilla
[2011/09/23 19:33:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/09/23 19:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/09/23 19:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/09/23 19:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/09/23 19:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/09/23 19:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/09/23 19:29:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[3 C:\Users\Nickolas\Desktop\*.tmp files -> C:\Users\Nickolas\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/12 12:47:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/12 12:43:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/12 02:23:17 | 000,001,868 | ---- | M] () -- C:\Users\Nickolas\Desktop\AVG Free User Interface.lnk
[2011/10/12 01:08:57 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/11 08:52:24 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/11 08:52:24 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/11 08:52:24 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/09 12:46:30 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/10/09 12:46:30 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/10/08 18:53:33 | 000,000,258 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/10/08 18:49:31 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/08 18:49:31 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/08 18:41:46 | 3063,046,144 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/08 18:33:55 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/10/08 18:23:35 | 000,013,460 | ---- | M] () -- C:\Users\Nickolas\Desktop\combofix - Shortcut.lnk
[2011/10/08 15:44:58 | 000,001,213 | ---- | M] () -- C:\Users\Nickolas\AppData\Roaming\ldr.ini
[2011/10/08 01:09:33 | 000,001,393 | ---- | M] () -- C:\Users\Nickolas\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/08 00:55:35 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/10/08 00:55:32 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/10/08 00:55:31 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/10/08 00:55:31 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/10/08 00:55:30 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/10/08 00:55:30 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/10/08 00:55:30 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/10/08 00:55:29 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/08 00:55:29 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/10/08 00:55:29 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/10/08 00:55:29 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/10/08 00:55:27 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/10/08 00:55:27 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/10/08 00:55:26 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/10/08 00:55:26 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/10/08 00:55:26 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/10/08 00:55:26 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/10/08 00:55:25 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/08 00:55:25 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/10/08 00:55:25 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/10/08 00:55:24 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/10/08 00:55:24 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/10/08 00:55:23 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/10/08 00:55:23 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/10/08 00:55:21 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/10/08 00:55:21 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/10/08 00:55:18 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/08 00:55:17 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/10/08 00:55:16 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/10/08 00:55:15 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/10/08 00:55:14 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/10/08 00:55:14 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/10/08 00:55:14 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/10/08 00:55:12 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/10/08 00:55:11 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/10/08 00:55:09 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/10/08 00:55:08 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/10/08 00:55:08 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/10/08 00:55:08 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/10/08 00:55:08 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/10/08 00:55:08 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/10/08 00:55:07 | 002,303,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/10/08 00:55:07 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/10/08 00:55:07 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/10/08 00:55:07 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/10/08 00:55:06 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/10/08 00:55:06 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/10/08 00:55:05 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/10/08 00:55:05 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/10/08 00:55:04 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/08 00:55:04 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/10/08 00:55:04 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/10/08 00:55:04 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/10/08 00:55:04 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/10/08 00:55:03 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/10/08 00:55:02 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/10/08 00:55:02 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/10/08 00:55:02 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/10/08 00:55:02 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/10/08 00:55:02 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/10/08 00:55:01 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/10/08 00:55:01 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/10/08 00:55:01 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/10/08 00:55:01 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/10/08 00:55:00 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/08 00:55:00 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/10/08 00:54:59 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/10/08 00:54:59 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/10/08 00:54:58 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/10/08 00:54:58 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/10/08 00:54:58 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/08 00:54:57 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/10/08 00:54:57 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/10/08 00:54:56 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/10/08 00:49:01 | 087,132,222 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2011/10/07 02:27:07 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2011/10/06 23:17:43 | 000,000,000 | ---- | M] () -- C:\Users\Nickolas\AppData\Local\{54600BC2-E4D9-454B-8C0A-E38D4AF17D63}
[2011/10/06 23:15:32 | 000,000,000 | ---- | M] () -- C:\Users\Nickolas\AppData\Local\{854B9302-CC4E-4C61-91EE-270C6EF33835}
[2011/10/05 21:34:22 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\srrstr.dll
[2011/10/03 21:30:45 | 000,002,991 | ---- | M] () -- C:\Users\Nickolas\Desktop\HiJackThis.lnk
[2011/10/03 19:40:08 | 000,377,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/03 19:37:58 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/03 19:22:48 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/03 17:40:06 | 000,001,238 | ---- | M] () -- C:\Users\Nickolas\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/03 17:40:06 | 000,001,214 | ---- | M] () -- C:\Users\Nickolas\Desktop\Spybot - Search & Destroy.lnk
[2011/10/03 16:14:59 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2011/10/03 16:14:58 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2011/10/03 16:13:28 | 000,002,139 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/10/03 14:39:48 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Nickolas\Desktop\mbam-setup.exe
[2011/10/03 14:34:54 | 001,008,092 | ---- | M] () -- C:\Users\Nickolas\Desktop\rkill.com
[2011/09/26 17:23:24 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNickolas.job
[2011/09/26 01:05:51 | 000,000,129 | ---- | M] () -- C:\Users\Nickolas\jagex_runescape_preferences2.dat
[2011/09/26 01:04:51 | 000,000,046 | ---- | M] () -- C:\Users\Nickolas\jagex_runescape_preferences.dat
[2011/09/25 18:58:57 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/09/23 19:33:22 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/09/23 19:29:27 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[3 C:\Users\Nickolas\Desktop\*.tmp files -> C:\Users\Nickolas\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/12 02:23:17 | 000,001,868 | ---- | C] () -- C:\Users\Nickolas\Desktop\AVG Free User Interface.lnk
[2011/10/08 18:53:33 | 000,000,258 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/10/08 18:23:35 | 000,013,460 | ---- | C] () -- C:\Users\Nickolas\Desktop\combofix - Shortcut.lnk
[2011/10/08 15:37:58 | 000,001,213 | ---- | C] () -- C:\Users\Nickolas\AppData\Roaming\ldr.ini
[2011/10/08 13:46:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/08 13:46:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/08 13:46:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/08 13:46:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/08 13:46:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/08 00:55:25 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/10/08 00:55:01 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/10/07 02:27:07 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2011/10/06 23:17:43 | 000,000,000 | ---- | C] () -- C:\Users\Nickolas\AppData\Local\{54600BC2-E4D9-454B-8C0A-E38D4AF17D63}
[2011/10/06 23:15:32 | 000,000,000 | ---- | C] () -- C:\Users\Nickolas\AppData\Local\{854B9302-CC4E-4C61-91EE-270C6EF33835}
[2011/10/03 21:30:45 | 000,002,991 | ---- | C] () -- C:\Users\Nickolas\Desktop\HiJackThis.lnk
[2011/10/03 19:37:58 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/03 19:37:58 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/03 17:40:06 | 000,001,238 | ---- | C] () -- C:\Users\Nickolas\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/03 17:40:06 | 000,001,214 | ---- | C] () -- C:\Users\Nickolas\Desktop\Spybot - Search & Destroy.lnk
[2011/10/03 16:13:28 | 000,002,139 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/10/03 14:34:52 | 001,008,092 | ---- | C] () -- C:\Users\Nickolas\Desktop\rkill.com
[2011/10/03 02:26:47 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011/09/23 19:33:22 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/09/23 19:29:27 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/10 12:23:51 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/08/10 12:23:51 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/08/08 07:19:19 | 000,000,000 | ---- | C] () -- C:\Users\Nickolas\AppData\Local\{3CB77E0E-423E-43AE-BDF9-F9CFBAD6488A}
[2010/12/20 17:07:27 | 000,001,854 | ---- | C] () -- C:\Users\Nickolas\AppData\Roaming\GhostObjGAFix.xml
[2010/11/02 14:44:05 | 000,007,602 | ---- | C] () -- C:\Users\Nickolas\AppData\Local\Resmon.ResmonCfg
[2010/04/03 22:01:18 | 001,316,213 | ---- | C] () -- C:\Users\Nickolas\AppData\Local\tmpP1010193.JPG
[2010/04/03 22:01:17 | 006,296,185 | ---- | C] () -- C:\Users\Nickolas\AppData\Local\tmpP1010193.0
[2010/04/03 22:00:55 | 001,477,951 | ---- | C] () -- C:\Users\Nickolas\AppData\Local\tmpP1010192.JPG
[2010/04/03 22:00:54 | 006,591,220 | ---- | C] () -- C:\Users\Nickolas\AppData\Local\tmpP1010192.0
[2010/04/03 21:58:37 | 001,703,693 | ---- | C] () -- C:\Users\Nickolas\AppData\Local\tmpP1010154.JPG
[2010/04/03 21:58:36 | 006,500,989 | ---- | C] () -- C:\Users\Nickolas\AppData\Local\tmpP1010154.0
[2010/04/03 21:58:16 | 001,042,205 | ---- | C] () -- C:\Users\Nickolas\AppData\Local\tmpP1010156.JPG
[2010/04/03 21:58:15 | 005,593,407 | ---- | C] () -- C:\Users\Nickolas\AppData\Local\tmpP1010156.0
[2010/04/03 21:57:42 | 001,541,220 | ---- | C] () -- C:\Users\Nickolas\AppData\Local\tmpP1010153.JPG
[2010/04/03 21:57:41 | 006,832,045 | ---- | C] () -- C:\Users\Nickolas\AppData\Local\tmpP1010153.0
[2010/03/11 02:17:07 | 000,000,483 | ---- | C] () -- C:\Windows\eReg.dat
[2010/03/10 21:52:46 | 000,023,117 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/12/16 02:20:18 | 000,000,283 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2009/12/16 02:20:18 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2009/10/08 09:34:52 | 000,874,032 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2009/10/08 09:34:52 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2009/10/08 09:34:52 | 000,049,712 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2009/10/08 08:36:18 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2009/10/08 08:36:18 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/09/29 16:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 1270 bytes -> C:\Users\Nickolas\AppData\Local\u0E5Gj7yTQ:IVpH8kYVSUSPHbe6uo1dk9PGr

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users