Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

search engine redirect problem


  • This topic is locked This topic is locked
24 replies to this topic

#1 cassius85

cassius85

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 11 October 2011 - 01:28 PM

Whenever i amd browsing the internet i will sometimes how popups,and when i use any search engine and click i link i will get redirected.My firewall will not open i have tried everything,and whenever i try to view any videos my browser will freeze up..i was told to post this link to my previous thread http://www.bleepingcomputer.com/forums/topic422833.html/


it said my dds file was to long to post the topic so i have to attach it

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:34 AM

Posted 12 October 2011 - 03:09 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 cassius85

cassius85
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 12 October 2011 - 10:47 AM

thank you so very much..right after combofix finished my firewall turned on wich was my main problem..and so far i havent been redircted yet

ComboFix 11-10-12.01 - zacknashly 10/12/2011 11:30:17.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6109.5189 [GMT -5:00]
Running from: c:\users\zacknashly\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Internet Explorer\71C5.tmp
c:\program files (x86)\Internet Explorer\7270.tmp
c:\program files (x86)\Internet Explorer\73A8.tmp
c:\program files (x86)\Internet Explorer\8CC4.tmp
c:\program files (x86)\Internet Explorer\9E70.tmp
c:\program files (x86)\Internet Explorer\B8BE.tmp
c:\program files (x86)\Internet Explorer\BD36.tmp
c:\users\zacknashly\AppData\Local\hmlh.exe
c:\users\zacknashly\AppData\Local\iejo.exe
c:\users\zacknashly\AppData\Local\ougu.exe
c:\users\zacknashly\AppData\Local\qdwy.exe
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\00000002.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\80000032.@
c:\windows\assembly\tmp\U\80000064.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\system32\consrv.dll
c:\windows\System64
c:\windows\SysWow64\msvcsv60.dll
c:\windows\SysWow64\odbcad32.exe
c:\windows\SysWow64\regw2.exe
c:\windows\system32\slwga.dll . . . . Failed to delete
c:\windows\system32\systemcpl.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-09-12 to 2011-10-12 )))))))))))))))))))))))))))))))
.
.
2011-10-12 16:38 . 2011-10-12 16:39 -------- d-----w- c:\users\zacknashly\AppData\Local\temp
2011-10-12 16:38 . 2011-10-12 16:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-11 21:56 . 2011-09-06 03:07 3134976 ----a-w- c:\windows\system32\win32k.sys
2011-10-11 21:56 . 2011-08-27 05:40 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-11 21:56 . 2011-08-27 05:40 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-11 21:56 . 2011-08-27 04:43 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-11 21:56 . 2011-08-27 04:43 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-11 14:09 . 2011-10-11 14:09 -------- d-----w- c:\program files (x86)\69F8C
2011-10-11 14:09 . 2011-10-11 14:09 -------- d-----w- c:\users\zacknashly\AppData\Roaming\93A69
2011-10-11 14:09 . 2011-10-11 14:09 174080 ----a-w- c:\program files (x86)\Internet Explorer\AE59\3CA.exe
2011-10-10 22:40 . 2011-10-10 22:40 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-10-10 20:23 . 2011-10-10 23:23 -------- d-----w- c:\program files (x86)\MagicISO
2011-10-09 22:03 . 2011-10-09 22:03 -------- d-----w- C:\$AVG
2011-10-09 21:40 . 2011-10-09 21:40 -------- d--h--w- c:\programdata\Common Files
2011-10-09 21:38 . 2011-10-10 23:23 -------- d-----w- c:\programdata\AVG2012
2011-10-09 21:35 . 2011-10-10 20:28 -------- d-----w- c:\programdata\MFAData
2011-10-09 11:48 . 2011-10-09 11:48 -------- d-----w- c:\users\zacknashly\AppData\Roaming\LEAPS
2011-10-09 03:49 . 2011-10-09 11:47 -------- d-----w- c:\users\zacknashly\AppData\Roaming\Pegasys Inc
2011-10-09 03:48 . 2011-10-09 11:46 -------- d-----w- c:\program files (x86)\Pegasys Inc
2011-10-09 03:30 . 2011-10-09 03:30 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-10-08 20:31 . 2011-10-08 20:31 -------- d-----w- c:\users\zacknashly\AppData\Roaming\Pf1YaXymZBoE15h
2011-10-08 20:30 . 2011-10-08 20:30 -------- d-----w- c:\users\zacknashly\AppData\Roaming\kEKZXKxw8pCLSg
2011-10-08 20:30 . 2011-10-08 20:30 -------- d-----w- c:\users\zacknashly\AppData\Roaming\gONyxA0uv2b
2011-10-08 20:29 . 2011-10-08 20:29 -------- d-----w- c:\users\zacknashly\AppData\Roaming\tqYCwkIVrOtPu
2011-10-08 20:29 . 2011-10-08 20:29 -------- d-----w- c:\users\zacknashly\AppData\Roaming\owcGhNmK89zNx0
2011-10-08 20:29 . 2011-10-08 21:10 -------- d-----w- c:\users\zacknashly\AppData\Roaming\HC1WwSsXc5XjVlB
2011-10-08 20:29 . 2011-10-08 21:10 -------- d-----w- c:\users\zacknashly\AppData\Roaming\ek1WwSsXc5Ywc5h
2011-10-08 20:29 . 2011-10-08 20:29 -------- d-----w- c:\users\zacknashly\AppData\Roaming\rKk1WwSsXc5Y
2011-10-08 20:29 . 2011-10-08 20:29 -------- d-----w- c:\users\zacknashly\AppData\Roaming\A1WwSsXc5XjV
2011-10-08 20:29 . 2011-10-08 20:29 -------- d-----w- c:\users\zacknashly\AppData\Roaming\dSobF3pmGaJdKfL
2011-10-08 20:29 . 2011-10-08 20:29 -------- d-----w- c:\users\zacknashly\AppData\Roaming\UuvSobF3pGaJdK
2011-10-08 20:28 . 2011-10-08 20:28 -------- d-----w- c:\users\zacknashly\AppData\Roaming\gVrlONtxPuSiDoG
2011-10-08 20:28 . 2011-10-08 20:28 -------- d-----w- c:\users\zacknashly\AppData\Roaming\hYCekIVrzNx0c2b
2011-10-08 20:27 . 2011-10-08 20:27 -------- d-----w- c:\users\zacknashly\AppData\Roaming\nssQQJ77dEKgR9h
2011-10-08 20:27 . 2011-10-08 20:27 -------- d-----w- c:\users\zacknashly\AppData\Roaming\OPPNNycA1uvD2b4
2011-10-08 20:27 . 2011-10-08 20:27 -------- d-----w- c:\users\zacknashly\AppData\Roaming\EKKK8ggRZ9hYwjV
2011-10-08 20:27 . 2011-10-08 20:27 -------- d-----w- c:\users\zacknashly\AppData\Roaming\iAAA1iivD2oF4pH
2011-10-08 20:27 . 2011-10-08 20:27 -------- d-----w- c:\users\zacknashly\AppData\Roaming\IhhYYXwkk
2011-10-08 20:27 . 2011-10-08 20:27 -------- d-----w- c:\users\zacknashly\AppData\Roaming\cSSS1iivD3on4aH
2011-10-08 20:27 . 2011-10-08 20:27 -------- d-----w- c:\users\zacknashly\AppData\Roaming\c444aamH5
2011-10-08 20:27 . 2011-10-08 20:27 -------- d-----w- c:\users\zacknashly\AppData\Roaming\COOOBttxP0y
2011-10-08 20:26 . 2011-10-08 20:26 -------- d-----w- c:\users\zacknashly\AppData\Roaming\fVVVrllONtxPuc1
2011-10-08 20:26 . 2011-10-08 20:26 -------- d-----w- c:\users\zacknashly\AppData\Roaming\EQQHH6ssWK7ELgT
2011-10-08 20:26 . 2011-10-08 20:26 -------- d-----w- c:\users\zacknashly\AppData\Roaming\guuccS22ib3
2011-10-08 20:26 . 2011-10-08 20:26 -------- d-----w- c:\users\zacknashly\AppData\Roaming\c666dWWK7fRLgTq
2011-10-08 20:26 . 2011-10-08 20:26 -------- d-----w- c:\users\zacknashly\AppData\Roaming\VjYYCCekIVrzOtA
2011-10-08 20:26 . 2011-10-08 20:26 -------- d-----w- c:\users\zacknashly\AppData\Roaming\nA00uuvS2
2011-10-08 20:26 . 2011-10-08 20:26 -------- d-----w- c:\users\zacknashly\AppData\Roaming\s999hhTXwjCelB
2011-10-08 20:26 . 2011-10-08 20:26 -------- d-----w- c:\users\zacknashly\AppData\Roaming\ID22oonF4pmHsQ7
2011-10-08 20:26 . 2011-10-08 20:26 -------- d-----w- c:\users\zacknashly\AppData\Roaming\qkkkUVVrl
2011-10-08 20:26 . 2011-10-08 20:26 -------- d-----w- c:\users\zacknashly\AppData\Roaming\eHHH6sWWJ7fL8T
2011-10-08 20:26 . 2011-10-08 20:26 -------- d-----w- c:\users\zacknashly\AppData\Roaming\q000uccS2ibDpn4
2011-10-08 20:25 . 2011-10-08 20:25 -------- d-----w- c:\users\zacknashly\AppData\Roaming\caammH5sWJ7E
2011-10-08 20:25 . 2011-10-08 20:25 -------- d-----w- c:\users\zacknashly\AppData\Roaming\p999gTTZq
2011-10-08 20:25 . 2011-10-08 20:25 -------- d-----w- c:\users\zacknashly\AppData\Roaming\NppnnG55aQHdW7f
2011-10-08 20:25 . 2011-10-08 20:25 -------- d-----w- c:\users\zacknashly\AppData\Roaming\mttzzPNycA1vDob
2011-10-08 20:25 . 2011-10-08 20:25 -------- d-----w- c:\users\zacknashly\AppData\Roaming\kivvDD3onF4
2011-10-08 20:25 . 2011-10-08 20:25 -------- d-----w- c:\users\zacknashly\AppData\Roaming\rrzzOONtx
2011-10-08 20:25 . 2011-10-08 20:25 -------- d-----w- c:\users\zacknashly\AppData\Roaming\VhhYYXwjVlIt
2011-10-08 20:25 . 2011-10-08 20:25 -------- d-----w- c:\users\zacknashly\AppData\Roaming\AUUrPyycS
2011-10-08 20:24 . 2011-10-08 20:24 -------- d-----w- c:\users\zacknashly\AppData\Roaming\SvvvD22obF4pG5Q
2011-10-08 20:24 . 2011-10-08 20:24 -------- d-----w- c:\users\zacknashly\AppData\Roaming\IJJJ7EEL8gZqhCk
2011-10-08 20:24 . 2011-10-08 20:24 -------- d-----w- c:\users\zacknashly\AppData\Roaming\eA11uvvS2oF
2011-10-08 20:24 . 2011-10-08 20:24 -------- d-----w- c:\users\zacknashly\AppData\Roaming\pZZqqhYYCwkVrOB
2011-10-08 20:24 . 2011-10-08 20:24 -------- d-----w- c:\users\zacknashly\AppData\Roaming\pAAA0uucS2iD3nG
2011-10-08 20:23 . 2011-10-08 20:23 -------- d-----w- c:\users\zacknashly\AppData\Roaming\v11uuvS2obF3m
2011-10-08 20:23 . 2011-10-08 20:23 -------- d-----w- c:\users\zacknashly\AppData\Roaming\NmmHH6sWWJf
2011-10-08 20:23 . 2011-10-08 20:23 -------- d-----w- c:\users\zacknashly\AppData\Roaming\vNNyyxA00uS2iF3
2011-10-08 20:23 . 2011-10-08 20:23 -------- d-----w- c:\users\zacknashly\AppData\Roaming\s11uuvSS2oF
2011-10-08 20:23 . 2011-10-08 20:23 -------- d-----w- c:\users\zacknashly\AppData\Roaming\UttzzPNycA1uD2b
2011-10-08 20:23 . 2011-10-08 20:23 -------- d-----w- c:\users\zacknashly\AppData\Roaming\OEEEL88gRZqYX
2011-10-08 20:23 . 2011-10-08 20:23 -------- d-----w- c:\users\zacknashly\AppData\Roaming\PssWWJ7ffE8
2011-10-08 20:22 . 2011-10-08 20:22 -------- d-----w- c:\users\zacknashly\AppData\Roaming\pDDD3oonG4aH6WJ
2011-10-08 20:22 . 2011-10-08 20:22 -------- d-----w- c:\users\zacknashly\AppData\Roaming\QSSS2iibD3pn4aH
2011-10-08 20:22 . 2011-10-08 20:22 -------- d-----w- c:\users\zacknashly\AppData\Roaming\i0uuvvS2ibF3nGa
2011-10-08 20:22 . 2011-10-08 20:22 -------- d-----w- c:\users\zacknashly\AppData\Roaming\ErzzPPNyxA1uS2b
2011-10-08 20:22 . 2011-10-08 20:22 -------- d-----w- c:\users\zacknashly\AppData\Roaming\s888gRRZhYXwUVl
2011-10-08 20:22 . 2011-10-08 20:22 -------- d-----w- c:\users\zacknashly\AppData\Roaming\PZ999hYXwjU
2011-10-08 20:22 . 2011-10-08 20:22 -------- d-----w- c:\users\zacknashly\AppData\Roaming\mWWWJ77dEL8RZhY
2011-10-08 20:22 . 2011-10-08 20:22 -------- d-----w- c:\users\zacknashly\AppData\Roaming\qONNttxP0
2011-10-08 20:22 . 2011-10-08 20:22 -------- d-----w- c:\users\zacknashly\AppData\Roaming\biibbF3ppn5aQ6W
2011-10-08 20:22 . 2011-10-08 20:22 -------- d-----w- c:\users\zacknashly\AppData\Roaming\SIIBBrzzPNyA1
2011-10-08 20:22 . 2011-10-08 20:22 -------- d-----w- c:\users\zacknashly\AppData\Roaming\CZZZ9hhYXwjUelB
2011-10-08 20:21 . 2011-10-08 20:21 -------- d-----w- c:\users\zacknashly\AppData\Roaming\NBBttzP0ycA1iDo
2011-10-08 20:21 . 2011-10-08 20:21 -------- d-----w- c:\users\zacknashly\AppData\Roaming\qUUVVrlOOtxP0c1
2011-10-08 20:21 . 2011-10-08 20:21 -------- d-----w- c:\users\zacknashly\AppData\Roaming\lssWWK7fE
2011-10-08 20:21 . 2011-10-08 20:21 -------- d-----w- c:\users\zacknashly\AppData\Roaming\cuvvvD2obF4pm5Q
2011-10-08 20:21 . 2011-10-08 20:21 -------- d-----w- c:\users\zacknashly\AppData\Roaming\EZZ99hYYXw
2011-10-08 20:21 . 2011-10-08 20:21 -------- d-----w- c:\users\zacknashly\AppData\Roaming\JaammH55sWJdE8g
2011-10-08 20:21 . 2011-10-08 20:21 -------- d-----w- c:\users\zacknashly\AppData\Roaming\VVVrrlOONtP0uS1
2011-10-08 20:21 . 2011-10-08 20:21 -------- d-----w- c:\users\zacknashly\AppData\Roaming\hhhhTXXqUCekBrO
2011-10-08 20:21 . 2011-10-08 20:21 -------- d-----w- c:\users\zacknashly\AppData\Roaming\muuuvD22o4pG5s6
2011-10-08 20:20 . 2011-10-08 20:20 -------- d-----w- c:\users\zacknashly\AppData\Roaming\FUUUVeelOBtP0cA
2011-10-08 20:20 . 2011-10-08 20:20 -------- d-----w- c:\users\zacknashly\AppData\Roaming\OooonFF4amHsW7d
2011-10-08 20:20 . 2011-10-08 20:20 -------- d-----w- c:\users\zacknashly\AppData\Roaming\BgggTZZqjYCwIVl
2011-10-08 20:20 . 2011-10-08 20:20 -------- d-----w- c:\users\zacknashly\AppData\Roaming\nppmGG5aQJ6W
2011-10-08 20:20 . 2011-10-08 20:20 -------- d-----w- c:\users\zacknashly\AppData\Roaming\fWWWJ77dEL
2011-10-08 20:20 . 2011-10-08 20:20 -------- d-----w- c:\users\zacknashly\AppData\Roaming\m9gTTZqjYCwIVlO
2011-10-08 20:20 . 2011-10-08 20:20 -------- d-----w- c:\users\zacknashly\AppData\Roaming\kBzPNNyxA1vS2b3
2011-10-08 20:20 . 2011-10-08 20:20 -------- d-----w- c:\users\zacknashly\AppData\Roaming\KEEEL8gRRZhYXkV
2011-10-08 20:20 . 2011-10-08 20:20 -------- d-----w- c:\users\zacknashly\AppData\Roaming\sVVrrlONNtP0uS
2011-10-08 20:19 . 2011-10-08 20:19 -------- d-----w- c:\users\zacknashly\AppData\Roaming\qkBrrzONyx0v2b3
2011-10-08 20:19 . 2011-10-08 20:19 -------- d-----w- c:\users\zacknashly\AppData\Roaming\fTTXwjUCelIrzNx
2011-10-08 20:19 . 2011-10-08 20:19 -------- d-----w- c:\users\zacknashly\AppData\Roaming\fIIBBtzPNy
2011-10-08 20:19 . 2011-10-08 20:19 -------- d-----w- c:\users\zacknashly\AppData\Roaming\TxxPP0ycS1ivDoF
2011-10-08 20:19 . 2011-10-08 20:19 -------- d-----w- c:\users\zacknashly\AppData\Roaming\acccS2ibD3
2011-10-08 20:19 . 2011-10-08 20:19 -------- d-----w- c:\users\zacknashly\AppData\Roaming\k9hhTTXqjUCeIB
2011-10-08 20:19 . 2011-10-08 20:19 -------- d-----w- c:\users\zacknashly\AppData\Roaming\s55aaQJ6dWKfR9h
2011-10-08 20:19 . 2011-10-08 20:19 -------- d-----w- c:\users\zacknashly\AppData\Roaming\ommGG5sQJ6dEKfZ
2011-10-08 20:19 . 2011-10-08 20:19 -------- d-----w- c:\users\zacknashly\AppData\Roaming\QtttzPP0ycA1vD
2011-10-08 20:19 . 2011-10-08 20:19 -------- d-----w- c:\users\zacknashly\AppData\Roaming\SooonFF4amH5WJd
2011-10-08 20:19 . 2011-10-08 20:19 -------- d-----w- c:\users\zacknashly\AppData\Roaming\GIIIVVrlONtx0
2011-10-08 20:18 . 2011-10-08 20:18 -------- d-----w- c:\users\zacknashly\AppData\Roaming\t00uucS2ibD3pGa
2011-10-08 20:18 . 2011-10-08 20:18 -------- d-----w- c:\users\zacknashly\AppData\Roaming\bXXqqjYYCeIVrON
2011-10-08 20:18 . 2011-10-08 20:18 -------- d-----w- c:\users\zacknashly\AppData\Roaming\DrrzzONyxA0uv2
2011-10-08 20:18 . 2011-10-08 20:18 -------- d-----w- c:\users\zacknashly\AppData\Roaming\caaaQJJ6dWK8
2011-10-08 20:18 . 2011-10-08 20:18 -------- d-----w- c:\users\zacknashly\AppData\Roaming\gQJJJ6dEK8fRZh
2011-10-08 20:18 . 2011-10-08 20:18 -------- d-----w- c:\users\zacknashly\AppData\Roaming\HOOOBttzP0yA1D5
2011-10-08 20:18 . 2011-10-08 20:18 -------- d-----w- c:\users\zacknashly\AppData\Roaming\r88ggRZZq
2011-10-08 20:18 . 2011-10-08 20:18 -------- d-----w- c:\users\zacknashly\AppData\Roaming\ubbDD3oonGamHsJ
2011-10-08 20:18 . 2011-10-08 20:18 -------- d-----w- c:\users\zacknashly\AppData\Roaming\LLL99gTTZqY
2011-10-08 20:18 . 2011-10-08 20:18 -------- d-----w- c:\users\zacknashly\AppData\Roaming\cLL99gTXXqYC
2011-10-08 20:17 . 2011-10-08 20:17 -------- d-----w- c:\users\zacknashly\AppData\Roaming\DKK88fRRL9h
2011-10-08 20:17 . 2011-10-08 20:17 -------- d-----w- c:\users\zacknashly\AppData\Roaming\UFFF3ppmG5aQ6dK
2011-10-08 20:17 . 2011-10-08 20:17 -------- d-----w- c:\users\zacknashly\AppData\Roaming\BDD22obbF4pG5QJ
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 22:00 . 2011-08-18 01:05 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-17 15:12 . 2011-08-17 15:12 0 ----a-w- c:\programdata\vicn.exe
2011-08-17 15:12 . 2011-08-17 15:12 0 ----a-w- c:\programdata\oabl.exe
2011-08-17 15:12 . 2011-08-17 15:12 0 ----a-w- c:\programdata\kqgm.exe
2011-08-17 15:12 . 2011-08-17 15:12 0 ----a-w- c:\programdata\jich.exe
2011-08-12 04:10 . 2011-08-17 15:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9D6CEF0-930F-401C-9D9B-ACC025B55074}\mpengine.dll
2011-07-25 17:54 . 2011-07-25 17:54 1700352 ------w- c:\windows\SysWow64\gdiplus.dll
2011-07-25 16:20 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-25 16:02 . 2011-07-25 16:02 404640 ------w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-16 05:26 . 2011-08-10 21:15 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:26 . 2011-08-10 21:15 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:26 . 2011-08-10 21:15 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:26 . 2011-08-10 21:15 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 05:24 . 2011-08-10 21:15 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:21 . 2011-08-10 21:15 422400 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:17 . 2011-08-10 21:15 338432 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 05:04 . 2011-08-10 21:15 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:36 . 2011-08-10 21:15 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:32 . 2011-08-10 21:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:31 . 2011-08-10 21:15 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:30 . 2011-08-10 21:15 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:30 . 2011-08-10 21:15 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:19 . 2011-08-10 21:15 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:26 . 2011-08-10 21:15 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:26 . 2011-08-10 21:15 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:21 . 2011-08-10 21:15 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 21:15 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 21:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 21:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 21:54 175912 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"M-Audio Taskbar Icon"="c:\windows\system32\MAFWTray.exe" [2009-07-29 252424]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"3CA.exe"="c:\program files (x86)\Internet Explorer\AE59\3CA.exe" [2011-10-11 174080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-11 163040]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil10u_Plugin.exe" [2011-07-25 243360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"DisableThumbnailsOnNetworkFolders"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="explorer.exe,c:\users\zacknashly\AppData\Roaming\93A69\D66AE.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 PRESONUS_AUDIOBOX_MIDI;Presonus AudioBox WDM MIDI Device;c:\windows\system32\drivers\psabusbm.sys [x]
R3 PRESONUS_AUDIOBOX_USB;Presonus AudioBox USB driver;c:\windows\system32\Drivers\psabusbu.sys [x]
R3 PRESONUS_AUDIOBOX_WDM;Presonus AudioBox USB WDM;c:\windows\system32\drivers\psabusba.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 MAFW;Service for M-Audio FireWire;c:\windows\system32\DRIVERS\mafw.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-12 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-12 387608]
"combofix"="c:\combofix\CF7039.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:49354
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\zacknashly\AppData\Roaming\Mozilla\Firefox\Profiles\0smldm1x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 49354
FF - prefs.js: network.proxy.type - 1
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\07\01\19\10\0f\0d´"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
c:\windows\SysWOW64\MAFWTray.exe
c:\program files (x86)\69F8C\lvvm.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
.
**************************************************************************
.
Completion time: 2011-10-12 11:44:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-12 16:44
.
Pre-Run: 580,271,734,784 bytes free
Post-Run: 580,136,247,296 bytes free
.
- - End Of File - - 88639EFF6643AD4FF27FD7B10116D583

Attached Files


Edited by gringo_pr, 12 October 2011 - 01:07 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:34 AM

Posted 12 October 2011 - 01:14 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
c:\programdata\vicn.exe
c:\programdata\oabl.exe
c:\programdata\kqgm.exe
c:\programdata\jich.exe

Folder::
c:\program files (x86)\Vuze_Remote
c:\program files (x86)\ConduitEngine
c:\users\zacknashly\AppData\Roaming\Pf1YaXymZBoE15h
c:\users\zacknashly\AppData\Roaming\kEKZXKxw8pCLSg
c:\users\zacknashly\AppData\Roaming\gONyxA0uv2b
c:\users\zacknashly\AppData\Roaming\tqYCwkIVrOtPu
c:\users\zacknashly\AppData\Roaming\owcGhNmK89zNx0
c:\users\zacknashly\AppData\Roaming\HC1WwSsXc5XjVlB
c:\users\zacknashly\AppData\Roaming\ek1WwSsXc5Ywc5h
c:\users\zacknashly\AppData\Roaming\rKk1WwSsXc5Y
c:\users\zacknashly\AppData\Roaming\A1WwSsXc5XjV
c:\users\zacknashly\AppData\Roaming\dSobF3pmGaJdKfL
c:\users\zacknashly\AppData\Roaming\UuvSobF3pGaJdK
c:\users\zacknashly\AppData\Roaming\gVrlONtxPuSiDoG
c:\users\zacknashly\AppData\Roaming\hYCekIVrzNx0c2b
c:\users\zacknashly\AppData\Roaming\nssQQJ77dEKgR9h
c:\users\zacknashly\AppData\Roaming\OPPNNycA1uvD2b4
c:\users\zacknashly\AppData\Roaming\EKKK8ggRZ9hYwjV
c:\users\zacknashly\AppData\Roaming\iAAA1iivD2oF4pH
c:\users\zacknashly\AppData\Roaming\IhhYYXwkk
c:\users\zacknashly\AppData\Roaming\cSSS1iivD3on4aH
c:\users\zacknashly\AppData\Roaming\c444aamH5
c:\users\zacknashly\AppData\Roaming\COOOBttxP0y
c:\users\zacknashly\AppData\Roaming\fVVVrllONtxPuc1
c:\users\zacknashly\AppData\Roaming\EQQHH6ssWK7ELgT
c:\users\zacknashly\AppData\Roaming\guuccS22ib3
c:\users\zacknashly\AppData\Roaming\c666dWWK7fRLgTq
c:\users\zacknashly\AppData\Roaming\VjYYCCekIVrzOtA
c:\users\zacknashly\AppData\Roaming\nA00uuvS2
c:\users\zacknashly\AppData\Roaming\s999hhTXwjCelB
c:\users\zacknashly\AppData\Roaming\ID22oonF4pmHsQ7
c:\users\zacknashly\AppData\Roaming\qkkkUVVrl
c:\users\zacknashly\AppData\Roaming\eHHH6sWWJ7fL8T
c:\users\zacknashly\AppData\Roaming\q000uccS2ibDpn4
c:\users\zacknashly\AppData\Roaming\caammH5sWJ7E
c:\users\zacknashly\AppData\Roaming\p999gTTZq
c:\users\zacknashly\AppData\Roaming\NppnnG55aQHdW7f
c:\users\zacknashly\AppData\Roaming\mttzzPNycA1vDob
c:\users\zacknashly\AppData\Roaming\kivvDD3onF4
c:\users\zacknashly\AppData\Roaming\rrzzOONtx
c:\users\zacknashly\AppData\Roaming\VhhYYXwjVlIt
c:\users\zacknashly\AppData\Roaming\AUUrPyycS
c:\users\zacknashly\AppData\Roaming\SvvvD22obF4pG5Q
c:\users\zacknashly\AppData\Roaming\IJJJ7EEL8gZqhCk
c:\users\zacknashly\AppData\Roaming\eA11uvvS2oF
c:\users\zacknashly\AppData\Roaming\pZZqqhYYCwkVrOB
c:\users\zacknashly\AppData\Roaming\pAAA0uucS2iD3nG
c:\users\zacknashly\AppData\Roaming\v11uuvS2obF3m
c:\users\zacknashly\AppData\Roaming\NmmHH6sWWJf
c:\users\zacknashly\AppData\Roaming\vNNyyxA00uS2iF3
c:\users\zacknashly\AppData\Roaming\s11uuvSS2oF
c:\users\zacknashly\AppData\Roaming\UttzzPNycA1uD2b
c:\users\zacknashly\AppData\Roaming\OEEEL88gRZqYX
c:\users\zacknashly\AppData\Roaming\PssWWJ7ffE8
c:\users\zacknashly\AppData\Roaming\pDDD3oonG4aH6WJ
c:\users\zacknashly\AppData\Roaming\QSSS2iibD3pn4aH
c:\users\zacknashly\AppData\Roaming\i0uuvvS2ibF3nGa
c:\users\zacknashly\AppData\Roaming\ErzzPPNyxA1uS2b
c:\users\zacknashly\AppData\Roaming\s888gRRZhYXwUVl
c:\users\zacknashly\AppData\Roaming\PZ999hYXwjU
c:\users\zacknashly\AppData\Roaming\mWWWJ77dEL8RZhY
c:\users\zacknashly\AppData\Roaming\qONNttxP0
c:\users\zacknashly\AppData\Roaming\biibbF3ppn5aQ6W
c:\users\zacknashly\AppData\Roaming\SIIBBrzzPNyA1
c:\users\zacknashly\AppData\Roaming\CZZZ9hhYXwjUelB
c:\users\zacknashly\AppData\Roaming\NBBttzP0ycA1iDo
c:\users\zacknashly\AppData\Roaming\qUUVVrlOOtxP0c1
c:\users\zacknashly\AppData\Roaming\lssWWK7fE
c:\users\zacknashly\AppData\Roaming\cuvvvD2obF4pm5Q
c:\users\zacknashly\AppData\Roaming\EZZ99hYYXw
c:\users\zacknashly\AppData\Roaming\JaammH55sWJdE8g
c:\users\zacknashly\AppData\Roaming\VVVrrlOONtP0uS1
c:\users\zacknashly\AppData\Roaming\hhhhTXXqUCekBrO
c:\users\zacknashly\AppData\Roaming\muuuvD22o4pG5s6
c:\users\zacknashly\AppData\Roaming\FUUUVeelOBtP0cA
c:\users\zacknashly\AppData\Roaming\OooonFF4amHsW7d
c:\users\zacknashly\AppData\Roaming\BgggTZZqjYCwIVl
c:\users\zacknashly\AppData\Roaming\nppmGG5aQJ6W
c:\users\zacknashly\AppData\Roaming\fWWWJ77dEL
c:\users\zacknashly\AppData\Roaming\m9gTTZqjYCwIVlO
c:\users\zacknashly\AppData\Roaming\kBzPNNyxA1vS2b3
c:\users\zacknashly\AppData\Roaming\KEEEL8gRRZhYXkV
c:\users\zacknashly\AppData\Roaming\sVVrrlONNtP0uS
c:\users\zacknashly\AppData\Roaming\qkBrrzONyx0v2b3
c:\users\zacknashly\AppData\Roaming\fTTXwjUCelIrzNx
c:\users\zacknashly\AppData\Roaming\fIIBBtzPNy
c:\users\zacknashly\AppData\Roaming\TxxPP0ycS1ivDoF
c:\users\zacknashly\AppData\Roaming\acccS2ibD3
c:\users\zacknashly\AppData\Roaming\k9hhTTXqjUCeIB
c:\users\zacknashly\AppData\Roaming\s55aaQJ6dWKfR9h
c:\users\zacknashly\AppData\Roaming\ommGG5sQJ6dEKfZ
c:\users\zacknashly\AppData\Roaming\QtttzPP0ycA1vD
c:\users\zacknashly\AppData\Roaming\SooonFF4amH5WJd
c:\users\zacknashly\AppData\Roaming\GIIIVVrlONtx0
c:\users\zacknashly\AppData\Roaming\t00uucS2ibD3pGa
c:\users\zacknashly\AppData\Roaming\bXXqqjYYCeIVrON
c:\users\zacknashly\AppData\Roaming\DrrzzONyxA0uv2
c:\users\zacknashly\AppData\Roaming\caaaQJJ6dWK8
c:\users\zacknashly\AppData\Roaming\gQJJJ6dEK8fRZh
c:\users\zacknashly\AppData\Roaming\HOOOBttzP0yA1D5
c:\users\zacknashly\AppData\Roaming\r88ggRZZq
c:\users\zacknashly\AppData\Roaming\ubbDD3oonGamHsJ
c:\users\zacknashly\AppData\Roaming\LLL99gTTZqY
c:\users\zacknashly\AppData\Roaming\cLL99gTXXqYC
c:\users\zacknashly\AppData\Roaming\DKK88fRRL9h
c:\users\zacknashly\AppData\Roaming\UFFF3ppmG5aQ6dK
c:\users\zacknashly\AppData\Roaming\BDD22obbF4pG5QJ
 
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:49354


Firefox::
FF - ProfilePath - c:\users\zacknashly\AppData\Roaming\Mozilla\Firefox\Profiles\0smldm1x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 49354
FF - prefs.js: network.proxy.type - 1

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 cassius85

cassius85
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 12 October 2011 - 01:39 PM

computer is doing good

ComboFix 11-10-12.01 - zacknashly 10/12/2011 14:17:04.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6109.4519 [GMT -5:00]
Running from: c:\users\zacknashly\Downloads\ComboFix.exe
Command switches used :: c:\users\zacknashly\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\jich.exe"
"c:\programdata\kqgm.exe"
"c:\programdata\oabl.exe"
"c:\programdata\vicn.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ConduitEngine
c:\program files (x86)\ConduitEngine\appContextMenu.xml
c:\program files (x86)\ConduitEngine\ConduitEngine.dll
c:\program files (x86)\ConduitEngine\ConduitEngineHelper.exe
c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe
c:\program files (x86)\ConduitEngine\engineContextMenu.xml
c:\program files (x86)\ConduitEngine\EngineSettings.json
c:\program files (x86)\ConduitEngine\INSTALL.LOG
c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
c:\program files (x86)\ConduitEngine\toolbar.cfg
c:\program files (x86)\Vuze_Remote
c:\program files (x86)\Vuze_Remote\GottenAppsContextMenu.xml
c:\program files (x86)\Vuze_Remote\OtherAppsContextMenu.xml
c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
c:\program files (x86)\Vuze_Remote\SharedAppsContextMenu.xml
c:\program files (x86)\Vuze_Remote\tbVuze.dll
c:\program files (x86)\Vuze_Remote\toolbar.cfg
c:\program files (x86)\Vuze_Remote\ToolbarContextMenu.xml
c:\program files (x86)\Vuze_Remote\uninstall.exe
c:\program files (x86)\Vuze_Remote\Vuze_RemoteToolbarHelper.exe
c:\programdata\jich.exe
c:\programdata\kqgm.exe
c:\programdata\oabl.exe
c:\programdata\vicn.exe
c:\users\zacknashly\AppData\Roaming\A1WwSsXc5XjV
c:\users\zacknashly\AppData\Roaming\acccS2ibD3
c:\users\zacknashly\AppData\Roaming\AUUrPyycS
c:\users\zacknashly\AppData\Roaming\BDD22obbF4pG5QJ
c:\users\zacknashly\AppData\Roaming\BgggTZZqjYCwIVl
c:\users\zacknashly\AppData\Roaming\biibbF3ppn5aQ6W
c:\users\zacknashly\AppData\Roaming\bXXqqjYYCeIVrON
c:\users\zacknashly\AppData\Roaming\c444aamH5
c:\users\zacknashly\AppData\Roaming\c666dWWK7fRLgTq
c:\users\zacknashly\AppData\Roaming\caaaQJJ6dWK8
c:\users\zacknashly\AppData\Roaming\caammH5sWJ7E
c:\users\zacknashly\AppData\Roaming\cLL99gTXXqYC
c:\users\zacknashly\AppData\Roaming\COOOBttxP0y
c:\users\zacknashly\AppData\Roaming\cSSS1iivD3on4aH
c:\users\zacknashly\AppData\Roaming\cuvvvD2obF4pm5Q
c:\users\zacknashly\AppData\Roaming\CZZZ9hhYXwjUelB
c:\users\zacknashly\AppData\Roaming\DKK88fRRL9h
c:\users\zacknashly\AppData\Roaming\DrrzzONyxA0uv2
c:\users\zacknashly\AppData\Roaming\dSobF3pmGaJdKfL
c:\users\zacknashly\AppData\Roaming\eA11uvvS2oF
c:\users\zacknashly\AppData\Roaming\eHHH6sWWJ7fL8T
c:\users\zacknashly\AppData\Roaming\ek1WwSsXc5Ywc5h
c:\users\zacknashly\AppData\Roaming\EKKK8ggRZ9hYwjV
c:\users\zacknashly\AppData\Roaming\EQQHH6ssWK7ELgT
c:\users\zacknashly\AppData\Roaming\ErzzPPNyxA1uS2b
c:\users\zacknashly\AppData\Roaming\EZZ99hYYXw
c:\users\zacknashly\AppData\Roaming\fIIBBtzPNy
c:\users\zacknashly\AppData\Roaming\fTTXwjUCelIrzNx
c:\users\zacknashly\AppData\Roaming\FUUUVeelOBtP0cA
c:\users\zacknashly\AppData\Roaming\fVVVrllONtxPuc1
c:\users\zacknashly\AppData\Roaming\fWWWJ77dEL
c:\users\zacknashly\AppData\Roaming\GIIIVVrlONtx0
c:\users\zacknashly\AppData\Roaming\gONyxA0uv2b
c:\users\zacknashly\AppData\Roaming\gQJJJ6dEK8fRZh
c:\users\zacknashly\AppData\Roaming\guuccS22ib3
c:\users\zacknashly\AppData\Roaming\gVrlONtxPuSiDoG
c:\users\zacknashly\AppData\Roaming\HC1WwSsXc5XjVlB
c:\users\zacknashly\AppData\Roaming\HC1WwSsXc5XjVlB\Guard Online .ico
c:\users\zacknashly\AppData\Roaming\hhhhTXXqUCekBrO
c:\users\zacknashly\AppData\Roaming\HOOOBttzP0yA1D5
c:\users\zacknashly\AppData\Roaming\hYCekIVrzNx0c2b
c:\users\zacknashly\AppData\Roaming\i0uuvvS2ibF3nGa
c:\users\zacknashly\AppData\Roaming\iAAA1iivD2oF4pH
c:\users\zacknashly\AppData\Roaming\ID22oonF4pmHsQ7
c:\users\zacknashly\AppData\Roaming\IhhYYXwkk
c:\users\zacknashly\AppData\Roaming\IJJJ7EEL8gZqhCk
c:\users\zacknashly\AppData\Roaming\JaammH55sWJdE8g
c:\users\zacknashly\AppData\Roaming\k9hhTTXqjUCeIB
c:\users\zacknashly\AppData\Roaming\kBzPNNyxA1vS2b3
c:\users\zacknashly\AppData\Roaming\KEEEL8gRRZhYXkV
c:\users\zacknashly\AppData\Roaming\kEKZXKxw8pCLSg
c:\users\zacknashly\AppData\Roaming\kivvDD3onF4
c:\users\zacknashly\AppData\Roaming\LLL99gTTZqY
c:\users\zacknashly\AppData\Roaming\lssWWK7fE
c:\users\zacknashly\AppData\Roaming\m9gTTZqjYCwIVlO
c:\users\zacknashly\AppData\Roaming\mttzzPNycA1vDob
c:\users\zacknashly\AppData\Roaming\muuuvD22o4pG5s6
c:\users\zacknashly\AppData\Roaming\mWWWJ77dEL8RZhY
c:\users\zacknashly\AppData\Roaming\nA00uuvS2
c:\users\zacknashly\AppData\Roaming\NBBttzP0ycA1iDo
c:\users\zacknashly\AppData\Roaming\NmmHH6sWWJf
c:\users\zacknashly\AppData\Roaming\nppmGG5aQJ6W
c:\users\zacknashly\AppData\Roaming\NppnnG55aQHdW7f
c:\users\zacknashly\AppData\Roaming\nssQQJ77dEKgR9h
c:\users\zacknashly\AppData\Roaming\OEEEL88gRZqYX
c:\users\zacknashly\AppData\Roaming\ommGG5sQJ6dEKfZ
c:\users\zacknashly\AppData\Roaming\OooonFF4amHsW7d
c:\users\zacknashly\AppData\Roaming\OPPNNycA1uvD2b4
c:\users\zacknashly\AppData\Roaming\owcGhNmK89zNx0
c:\users\zacknashly\AppData\Roaming\p999gTTZq
c:\users\zacknashly\AppData\Roaming\pAAA0uucS2iD3nG
c:\users\zacknashly\AppData\Roaming\pDDD3oonG4aH6WJ
c:\users\zacknashly\AppData\Roaming\Pf1YaXymZBoE15h
c:\users\zacknashly\AppData\Roaming\PssWWJ7ffE8
c:\users\zacknashly\AppData\Roaming\PZ999hYXwjU
c:\users\zacknashly\AppData\Roaming\pZZqqhYYCwkVrOB
c:\users\zacknashly\AppData\Roaming\q000uccS2ibDpn4
c:\users\zacknashly\AppData\Roaming\qkBrrzONyx0v2b3
c:\users\zacknashly\AppData\Roaming\qkkkUVVrl
c:\users\zacknashly\AppData\Roaming\qONNttxP0
c:\users\zacknashly\AppData\Roaming\QSSS2iibD3pn4aH
c:\users\zacknashly\AppData\Roaming\QtttzPP0ycA1vD
c:\users\zacknashly\AppData\Roaming\qUUVVrlOOtxP0c1
c:\users\zacknashly\AppData\Roaming\r88ggRZZq
c:\users\zacknashly\AppData\Roaming\rKk1WwSsXc5Y
c:\users\zacknashly\AppData\Roaming\rrzzOONtx
c:\users\zacknashly\AppData\Roaming\s11uuvSS2oF
c:\users\zacknashly\AppData\Roaming\s55aaQJ6dWKfR9h
c:\users\zacknashly\AppData\Roaming\s888gRRZhYXwUVl
c:\users\zacknashly\AppData\Roaming\s999hhTXwjCelB
c:\users\zacknashly\AppData\Roaming\SIIBBrzzPNyA1
c:\users\zacknashly\AppData\Roaming\SooonFF4amH5WJd
c:\users\zacknashly\AppData\Roaming\sVVrrlONNtP0uS
c:\users\zacknashly\AppData\Roaming\SvvvD22obF4pG5Q
c:\users\zacknashly\AppData\Roaming\t00uucS2ibD3pGa
c:\users\zacknashly\AppData\Roaming\tqYCwkIVrOtPu
c:\users\zacknashly\AppData\Roaming\TxxPP0ycS1ivDoF
c:\users\zacknashly\AppData\Roaming\ubbDD3oonGamHsJ
c:\users\zacknashly\AppData\Roaming\UFFF3ppmG5aQ6dK
c:\users\zacknashly\AppData\Roaming\UttzzPNycA1uD2b
c:\users\zacknashly\AppData\Roaming\UuvSobF3pGaJdK
c:\users\zacknashly\AppData\Roaming\v11uuvS2obF3m
c:\users\zacknashly\AppData\Roaming\VhhYYXwjVlIt
c:\users\zacknashly\AppData\Roaming\VjYYCCekIVrzOtA
c:\users\zacknashly\AppData\Roaming\vNNyyxA00uS2iF3
c:\users\zacknashly\AppData\Roaming\VVVrrlOONtP0uS1
c:\windows\assembly\tmp\U
.
.
((((((((((((((((((((((((( Files Created from 2011-09-12 to 2011-10-12 )))))))))))))))))))))))))))))))
.
.
2011-10-12 19:22 . 2011-10-12 19:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-12 16:44 . 2011-10-12 19:22 -------- d-----w- c:\users\zacknashly\AppData\Local\temp
2011-10-11 21:56 . 2011-09-06 03:07 3134976 ----a-w- c:\windows\system32\win32k.sys
2011-10-11 21:56 . 2011-08-27 05:40 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-11 21:56 . 2011-08-27 05:40 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-11 21:56 . 2011-08-27 04:43 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-11 21:56 . 2011-08-27 04:43 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-11 14:09 . 2011-10-11 14:09 -------- d-----w- c:\program files (x86)\69F8C
2011-10-11 14:09 . 2011-10-11 14:09 -------- d-----w- c:\users\zacknashly\AppData\Roaming\93A69
2011-10-11 14:09 . 2011-10-11 14:09 174080 ----a-w- c:\program files (x86)\Internet Explorer\AE59\3CA.exe
2011-10-10 22:40 . 2011-10-10 22:40 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-10-10 20:23 . 2011-10-10 23:23 -------- d-----w- c:\program files (x86)\MagicISO
2011-10-09 22:03 . 2011-10-09 22:03 -------- d-----w- C:\$AVG
2011-10-09 21:40 . 2011-10-09 21:40 -------- d--h--w- c:\programdata\Common Files
2011-10-09 21:38 . 2011-10-10 23:23 -------- d-----w- c:\programdata\AVG2012
2011-10-09 21:35 . 2011-10-10 20:28 -------- d-----w- c:\programdata\MFAData
2011-10-09 11:48 . 2011-10-09 11:48 -------- d-----w- c:\users\zacknashly\AppData\Roaming\LEAPS
2011-10-09 03:49 . 2011-10-09 11:47 -------- d-----w- c:\users\zacknashly\AppData\Roaming\Pegasys Inc
2011-10-09 03:48 . 2011-10-09 11:46 -------- d-----w- c:\program files (x86)\Pegasys Inc
2011-10-09 03:30 . 2011-10-09 03:30 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-10-08 20:33 . 2011-10-08 20:33 -------- d-----w- c:\users\zacknashly\AppData\Roaming\yYCwkUVrlBx0c1s
2011-10-08 20:31 . 2011-10-08 20:31 -------- d-----w- c:\users\zacknashly\AppData\Roaming\gYaXymZBoE15hzA
2011-10-08 20:29 . 2011-10-08 20:29 -------- d-----w- c:\users\zacknashly\AppData\Roaming\W2obF3pmGaJdKfL
2011-10-08 20:28 . 2011-10-08 20:28 -------- d-----w- c:\users\zacknashly\AppData\Roaming\xBBBrzzOyxAuvSi
2011-10-08 20:27 . 2011-10-08 20:27 -------- d-----w- c:\users\zacknashly\AppData\Roaming\yjjjUUCelIBrPNx
2011-10-08 20:27 . 2011-10-08 20:27 -------- d-----w- c:\users\zacknashly\AppData\Roaming\wyyccA11uv
2011-10-08 20:27 . 2011-10-08 20:27 -------- d-----w- c:\users\zacknashly\AppData\Roaming\WCCCwkkUV
2011-10-08 20:25 . 2011-10-08 20:25 -------- d-----w- c:\users\zacknashly\AppData\Roaming\z888fRRZ9hTXj
2011-10-08 20:24 . 2011-10-08 20:24 -------- d-----w- c:\users\zacknashly\AppData\Roaming\X9hhTXqjCeIBz
2011-10-08 20:24 . 2011-10-08 20:24 -------- d-----w- c:\users\zacknashly\AppData\Roaming\yJJJ7ddEL8gRqX
2011-10-08 20:24 . 2011-10-08 20:24 -------- d-----w- c:\users\zacknashly\AppData\Roaming\WD33oonG4
2011-10-08 20:24 . 2011-10-08 20:24 -------- d-----w- c:\users\zacknashly\AppData\Roaming\YKK7ffRL9gXqjCk
2011-10-08 20:24 . 2011-10-08 20:24 -------- d-----w- c:\users\zacknashly\AppData\Roaming\wQQQJ7ddEK
2011-10-08 20:24 . 2011-10-08 20:24 -------- d-----w- c:\users\zacknashly\AppData\Roaming\YRRRL99gTX
2011-10-08 20:23 . 2011-10-08 20:23 -------- d-----w- c:\users\zacknashly\AppData\Roaming\WBBttzPPN
2011-10-08 20:23 . 2011-10-08 20:23 -------- d-----w- c:\users\zacknashly\AppData\Roaming\ZELggRZqhXkUVlO
2011-10-08 20:23 . 2011-10-08 20:23 -------- d-----w- c:\users\zacknashly\AppData\Roaming\wS22iibD3p
2011-10-08 20:21 . 2011-10-08 20:21 -------- d-----w- c:\users\zacknashly\AppData\Roaming\yxxxA00uvSiF3n
2011-10-08 20:20 . 2011-10-08 20:20 -------- d-----w- c:\users\zacknashly\AppData\Roaming\yqqjjYCCekV
2011-10-08 20:18 . 2011-10-08 20:18 -------- d-----w- c:\users\zacknashly\AppData\Roaming\YaaaQHH6sWK7E
2011-10-08 20:17 . 2011-10-08 20:17 -------- d-----w- c:\users\zacknashly\AppData\Roaming\gAA11ivvD2nF4mH
2011-10-08 20:17 . 2011-10-08 20:17 -------- d-----w- c:\users\zacknashly\AppData\Roaming\GrllOOBtxP0yS
2011-10-08 20:17 . 2011-10-08 20:17 -------- d-----w- c:\users\zacknashly\AppData\Roaming\gTTZZqjYYCkIVlN
2011-10-08 20:17 . 2011-10-08 20:17 -------- d-----w- c:\users\zacknashly\AppData\Roaming\F666dWWK7fR9gXq
2011-10-08 20:17 . 2011-10-08 20:17 -------- d-----w- c:\users\zacknashly\AppData\Roaming\GGG55aQHH6WK7RL
2011-10-08 20:17 . 2011-10-08 20:17 -------- d-----w- c:\users\zacknashly\AppData\Roaming\a222obbF3pmGa
2011-10-08 20:17 . 2011-10-08 20:17 -------- d-----w- c:\users\zacknashly\AppData\Roaming\ivvvD22obF4mG
2011-10-08 20:17 . 2011-10-08 20:17 -------- d-----w- c:\users\zacknashly\AppData\Roaming\CnnF4ppmH5QJ7E8
2011-10-08 20:16 . 2011-10-08 20:16 -------- d-----w- c:\users\zacknashly\AppData\Roaming\iEEEL88gRZ
2011-10-08 20:16 . 2011-10-08 20:16 -------- d-----w- c:\users\zacknashly\AppData\Roaming\lUUUVrrlOBtx0yS
2011-10-08 20:16 . 2011-10-08 20:16 -------- d-----w- c:\users\zacknashly\AppData\Roaming\hwkkUUVrlOBtP0c
2011-10-08 20:16 . 2011-10-08 20:16 -------- d-----w- c:\users\zacknashly\AppData\Roaming\yLL99gTZZqYCwI
2011-10-08 20:16 . 2011-10-08 20:16 -------- d-----w- c:\users\zacknashly\AppData\Roaming\efRRLL9gTXqjCe
2011-10-08 20:16 . 2011-10-08 20:16 -------- d-----w- c:\users\zacknashly\AppData\Roaming\TfRRL99hTXjUCkB
2011-10-08 20:16 . 2011-10-08 20:16 -------- d-----w- c:\users\zacknashly\AppData\Roaming\shYYXXwjUVelBtP
2011-10-08 20:16 . 2011-10-08 20:16 -------- d-----w- c:\users\zacknashly\AppData\Roaming\PwwjjUVelIB
2011-10-08 20:16 . 2011-10-08 20:16 -------- d-----w- c:\users\zacknashly\AppData\Roaming\G88ggRZqqYXwkVl
2011-10-08 20:16 . 2011-10-08 20:16 -------- d-----w- c:\users\zacknashly\AppData\Roaming\k88ggTZqqhCwkVl
2011-10-08 20:15 . 2011-10-08 20:15 -------- d-----w- c:\users\zacknashly\AppData\Roaming\NffEEL9gTZqjYwI
2011-10-08 20:15 . 2011-10-08 20:15 -------- d-----w- c:\users\zacknashly\AppData\Roaming\i999hTTXwjUelBr
2011-10-08 20:15 . 2011-10-08 20:15 -------- d-----w- c:\users\zacknashly\AppData\Roaming\NellOBBtzP0yA1
2011-10-08 20:15 . 2011-10-08 20:15 -------- d-----w- c:\users\zacknashly\AppData\Roaming\oNNttxP00uS
2011-10-08 20:15 . 2011-10-08 20:15 -------- d-----w- c:\users\zacknashly\AppData\Roaming\GzzzPPNyxA1vSob
2011-10-08 20:15 . 2011-10-08 20:15 -------- d-----w- c:\users\zacknashly\AppData\Roaming\bTTZqqhYCwkVlOt
2011-10-08 20:15 . 2011-10-08 20:15 -------- d-----w- c:\users\zacknashly\AppData\Roaming\TVrrzzONtxA0cSi
2011-10-08 20:15 . 2011-10-08 20:15 -------- d-----w- c:\users\zacknashly\AppData\Roaming\Z33ppmGG5aQ6dK8
2011-10-08 20:15 . 2011-10-08 20:15 -------- d-----w- c:\users\zacknashly\AppData\Roaming\K111uvvD2ob4pG5
2011-10-08 20:15 . 2011-10-08 20:15 -------- d-----w- c:\users\zacknashly\AppData\Roaming\zWWWJ77fEL8TZhY
2011-10-08 20:14 . 2011-10-08 20:14 -------- d-----w- c:\users\zacknashly\AppData\Roaming\taaQQJ6ddW
2011-10-08 20:14 . 2011-10-08 20:14 -------- d-----w- c:\users\zacknashly\AppData\Roaming\EdEELL8ZqhXwUVl
2011-10-08 20:14 . 2011-10-08 20:14 -------- d-----w- c:\users\zacknashly\AppData\Roaming\zF33ppGG5aH6d
2011-10-08 20:14 . 2011-10-08 20:14 -------- d-----w- c:\users\zacknashly\AppData\Roaming\v888gRRZqhYwkVe
2011-10-08 20:14 . 2011-10-08 20:14 -------- d-----w- c:\users\zacknashly\AppData\Roaming\DqqqjUUekBzyA0v
2011-10-08 20:14 . 2011-10-08 20:14 -------- d-----w- c:\users\zacknashly\AppData\Roaming\jRZZ9hYXwjUVeIt
2011-10-08 20:14 . 2011-10-08 20:14 -------- d-----w- c:\users\zacknashly\AppData\Roaming\iGGG4aamH6sW7fL
2011-10-08 20:14 . 2011-10-08 20:14 -------- d-----w- c:\users\zacknashly\AppData\Roaming\fIIBBrzzONxA0vS
2011-10-08 20:13 . 2011-10-08 20:13 -------- d-----w- c:\users\zacknashly\AppData\Roaming\WgggRZZqhYXwUVl
2011-10-08 20:13 . 2011-10-08 20:13 -------- d-----w- c:\users\zacknashly\AppData\Roaming\syyA00uvS2i
2011-10-08 20:13 . 2011-10-08 20:13 -------- d-----w- c:\users\zacknashly\AppData\Roaming\QWJJJ7dELgZhXkU
2011-10-08 20:13 . 2011-10-08 20:13 -------- d-----w- c:\users\zacknashly\AppData\Roaming\a7ffRRL9gTXqYCk
2011-10-08 20:13 . 2011-10-08 20:13 -------- d-----w- c:\users\zacknashly\AppData\Roaming\EH55ssWJ7dE8g
2011-10-08 20:13 . 2011-10-08 20:13 -------- d-----w- c:\users\zacknashly\AppData\Roaming\LK88fRRL9hTqjC
2011-10-08 20:13 . 2011-10-08 20:13 -------- d-----w- c:\users\zacknashly\AppData\Roaming\GhhhYYCwkVlOiDo
2011-10-08 20:13 . 2011-10-08 20:13 -------- d-----w- c:\users\zacknashly\AppData\Roaming\VNNNyxxA0vS2iFp
2011-10-08 20:13 . 2011-10-08 20:13 -------- d-----w- c:\users\zacknashly\AppData\Roaming\CEEK8ggRZ9hYwj
2011-10-08 20:12 . 2011-10-08 20:12 -------- d-----w- c:\users\zacknashly\AppData\Roaming\GssWJJ7fELgTqhC
2011-10-08 20:12 . 2011-10-08 20:12 -------- d-----w- c:\users\zacknashly\AppData\Roaming\gQQHH6ddWK7RLgT
2011-10-08 20:12 . 2011-10-08 20:12 -------- d-----w- c:\users\zacknashly\AppData\Roaming\TdddEEK8fRZ9
2011-10-08 20:12 . 2011-10-08 20:12 -------- d-----w- c:\users\zacknashly\AppData\Roaming\SlllBtzP0ycAiv2
2011-10-08 20:12 . 2011-10-08 20:12 -------- d-----w- c:\users\zacknashly\AppData\Roaming\o99ggTZZqjYwkV
2011-10-08 20:12 . 2011-10-08 20:12 -------- d-----w- c:\users\zacknashly\AppData\Roaming\H666dWWK8fR9Xq
2011-10-08 20:12 . 2011-10-08 20:12 -------- d-----w- c:\users\zacknashly\AppData\Roaming\tPP0yA1ivD2oF4Q
2011-10-08 20:12 . 2011-10-08 20:12 -------- d-----w- c:\users\zacknashly\AppData\Roaming\geeeIVrzON0
2011-10-08 20:12 . 2011-10-08 20:12 -------- d-----w- c:\users\zacknashly\AppData\Roaming\aPNNyA1uvD2bF
2011-10-08 20:11 . 2011-10-08 20:11 -------- d-----w- c:\users\zacknashly\AppData\Roaming\ZDD33onnG4aH
2011-10-08 20:11 . 2011-10-08 20:11 -------- d-----w- c:\users\zacknashly\AppData\Roaming\XSSS2oobF3pG5QJ
2011-10-08 20:11 . 2011-10-08 20:11 -------- d-----w- c:\users\zacknashly\AppData\Roaming\JJJ77dEEL8gZqYX
2011-10-08 20:11 . 2011-10-08 20:11 -------- d-----w- c:\users\zacknashly\AppData\Roaming\EQQHH6ddW7fR9
2011-10-08 20:11 . 2011-10-08 20:11 -------- d-----w- c:\users\zacknashly\AppData\Roaming\JzzzPNNyxA1vSob
2011-10-08 20:11 . 2011-10-08 20:11 -------- d-----w- c:\users\zacknashly\AppData\Roaming\QvvDD3oonF4mHsW
2011-10-08 20:11 . 2011-10-08 20:11 -------- d-----w- c:\users\zacknashly\AppData\Roaming\GrrzzONyyA0uS2b
2011-10-08 20:11 . 2011-10-08 20:11 -------- d-----w- c:\users\zacknashly\AppData\Roaming\LA11ivvD2onFpm5
2011-10-08 20:11 . 2011-10-08 20:11 -------- d-----w- c:\users\zacknashly\AppData\Roaming\L444ammH6sWJE8T
2011-10-08 20:10 . 2011-10-08 20:10 -------- d-----w- c:\users\zacknashly\AppData\Roaming\vbbFF3pnG5aQ6dK
2011-10-08 20:10 . 2011-10-08 20:10 -------- d-----w- c:\users\zacknashly\AppData\Roaming\RwwwjUCCelI
2011-10-08 20:10 . 2011-10-08 20:10 -------- d-----w- c:\users\zacknashly\AppData\Roaming\ahhYYXwwjU
2011-10-08 20:10 . 2011-10-08 20:10 -------- d-----w- c:\users\zacknashly\AppData\Roaming\lwwwkUUVelOt
2011-10-08 20:10 . 2011-10-08 20:10 -------- d-----w- c:\users\zacknashly\AppData\Roaming\E7fEEL8gTZqYCkU
2011-10-08 20:10 . 2011-10-08 20:10 -------- d-----w- c:\users\zacknashly\AppData\Roaming\CkkkIVVrlONtP0c
2011-10-08 20:10 . 2011-10-08 20:10 -------- d-----w- c:\users\zacknashly\AppData\Roaming\GIIVVrzzONtA0cS
2011-10-08 20:10 . 2011-10-08 20:10 -------- d-----w- c:\users\zacknashly\AppData\Roaming\ZTXXqqjUCekIrzN
2011-10-08 20:10 . 2011-10-08 20:10 -------- d-----w- c:\users\zacknashly\AppData\Roaming\nssQQJ6ddK8f
2011-10-08 20:10 . 2011-10-08 20:10 -------- d-----w- c:\users\zacknashly\AppData\Roaming\G777dEELgRZqhXk
2011-10-08 20:10 . 2011-10-08 20:10 -------- d-----w- c:\users\zacknashly\AppData\Roaming\XbDD33onG4mH6WJ
2011-10-08 20:09 . 2011-10-08 20:09 -------- d-----w- c:\users\zacknashly\AppData\Roaming\kL9TXqqjUCeIBzN
2011-10-08 20:09 . 2011-10-08 20:09 -------- d-----w- c:\users\zacknashly\AppData\Roaming\tHHH5ssQJ7dE8gZ
2011-10-08 20:09 . 2011-10-08 20:09 -------- d-----w- c:\users\zacknashly\AppData\Roaming\wDD3onG4am6sJ7E
2011-10-08 20:09 . 2011-10-08 20:09 -------- d-----w- c:\users\zacknashly\AppData\Roaming\skkkIBBrzONxA0
2011-10-08 20:09 . 2011-10-08 20:09 -------- d-----w- c:\users\zacknashly\AppData\Roaming\UlIIBBrzPNxA1vS
2011-10-08 20:09 . 2011-10-08 20:09 -------- d-----w- c:\users\zacknashly\AppData\Roaming\udddEL88gZqhXwU
2011-10-08 20:09 . 2011-10-08 20:09 -------- d-----w- c:\users\zacknashly\AppData\Roaming\E33ppnGG4aQ6s
2011-10-08 20:09 . 2011-10-08 20:09 -------- d-----w- c:\users\zacknashly\AppData\Roaming\Q111uvSS2bF3m5
2011-10-08 20:09 . 2011-10-08 20:09 -------- d-----w- c:\users\zacknashly\AppData\Roaming\xhhYYXwkkUelOtP
2011-10-08 20:08 . 2011-10-08 20:08 -------- d-----w- c:\users\zacknashly\AppData\Roaming\kZZZqhhYXwkVeOB
2011-10-08 20:08 . 2011-10-08 20:08 -------- d-----w- c:\users\zacknashly\AppData\Roaming\ZZZqqhYCw
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 22:00 . 2011-08-18 01:05 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-12 04:10 . 2011-08-17 15:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9D6CEF0-930F-401C-9D9B-ACC025B55074}\mpengine.dll
2011-07-25 17:54 . 2011-07-25 17:54 1700352 ------w- c:\windows\SysWow64\gdiplus.dll
2011-07-25 16:20 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-25 16:02 . 2011-07-25 16:02 404640 ------w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-16 05:26 . 2011-08-10 21:15 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:26 . 2011-08-10 21:15 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:26 . 2011-08-10 21:15 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:26 . 2011-08-10 21:15 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 05:24 . 2011-08-10 21:15 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:21 . 2011-08-10 21:15 422400 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:17 . 2011-08-10 21:15 338432 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 05:04 . 2011-08-10 21:15 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:36 . 2011-08-10 21:15 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:32 . 2011-08-10 21:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:31 . 2011-08-10 21:15 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:30 . 2011-08-10 21:15 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:30 . 2011-08-10 21:15 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:19 . 2011-08-10 21:15 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:26 . 2011-08-10 21:15 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:26 . 2011-08-10 21:15 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:21 . 2011-08-10 21:15 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 21:15 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 21:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 21:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-12_16.39.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2011-10-12 16:41 32010 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-10-12 16:28 32010 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-25 16:21 . 2011-10-12 16:41 13394 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1607105755-911719905-2174135873-1000_UserData.bin
+ 2011-07-25 15:48 . 2011-10-12 19:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-25 15:48 . 2011-10-12 16:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-25 15:48 . 2011-10-12 19:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-25 15:48 . 2011-10-12 16:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:36 . 2011-10-12 16:34 623940 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-10-12 16:44 623940 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-10-12 16:44 106316 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-10-12 16:34 106316 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"M-Audio Taskbar Icon"="c:\windows\system32\MAFWTray.exe" [2009-07-29 252424]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"3CA.exe"="c:\program files (x86)\Internet Explorer\AE59\3CA.exe" [2011-10-11 174080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-11 163040]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil10u_Plugin.exe" [2011-07-25 243360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"DisableThumbnailsOnNetworkFolders"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 PRESONUS_AUDIOBOX_MIDI;Presonus AudioBox WDM MIDI Device;c:\windows\system32\drivers\psabusbm.sys [x]
R3 PRESONUS_AUDIOBOX_USB;Presonus AudioBox USB driver;c:\windows\system32\Drivers\psabusbu.sys [x]
R3 PRESONUS_AUDIOBOX_WDM;Presonus AudioBox USB WDM;c:\windows\system32\drivers\psabusba.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 MAFW;Service for M-Audio FireWire;c:\windows\system32\DRIVERS\mafw.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-12 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-12 387608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\zacknashly\AppData\Roaming\Mozilla\Firefox\Profiles\0smldm1x.default\
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
Toolbar-Locked - (no file)
Toolbar-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
AddRemove-conduitEngine - c:\progra~2\CONDUI~1\ConduitEngineUninstall.exe
AddRemove-Vuze_Remote Toolbar - c:\progra~2\VUZE_R~1\UNINST~1.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\07\01\19\10\0f\0d´"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-10-12 14:23:34
ComboFix-quarantined-files.txt 2011-10-12 19:23
ComboFix2.txt 2011-10-12 16:44
.
Pre-Run: 579,940,249,600 bytes free
Post-Run: 579,652,222,976 bytes free
.
- - End Of File - - 4386681BAC7B49739714B6EA580B4809

Attached Files


Edited by gringo_pr, 12 October 2011 - 07:40 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:34 AM

Posted 12 October 2011 - 07:46 PM

I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
c:\program files (x86)\Internet Explorer\AE59\3CA.exe

Folder::
c:\users\zacknashly\AppData\Roaming\93A69
c:\program files (x86)\69F8C
c:\users\zacknashly\AppData\Roaming\yYCwkUVrlBx0c1s
c:\users\zacknashly\AppData\Roaming\gYaXymZBoE15hzA
c:\users\zacknashly\AppData\Roaming\W2obF3pmGaJdKfL
c:\users\zacknashly\AppData\Roaming\xBBBrzzOyxAuvSi
c:\users\zacknashly\AppData\Roaming\yjjjUUCelIBrPNx
c:\users\zacknashly\AppData\Roaming\wyyccA11uv
c:\users\zacknashly\AppData\Roaming\WCCCwkkUV
c:\users\zacknashly\AppData\Roaming\z888fRRZ9hTXj
c:\users\zacknashly\AppData\Roaming\X9hhTXqjCeIBz
c:\users\zacknashly\AppData\Roaming\yJJJ7ddEL8gRqX
c:\users\zacknashly\AppData\Roaming\WD33oonG4
c:\users\zacknashly\AppData\Roaming\YKK7ffRL9gXqjCk
c:\users\zacknashly\AppData\Roaming\wQQQJ7ddEK
c:\users\zacknashly\AppData\Roaming\YRRRL99gTX
c:\users\zacknashly\AppData\Roaming\WBBttzPPN
c:\users\zacknashly\AppData\Roaming\ZELggRZqhXkUVlO
c:\users\zacknashly\AppData\Roaming\wS22iibD3p
c:\users\zacknashly\AppData\Roaming\yxxxA00uvSiF3n
c:\users\zacknashly\AppData\Roaming\yqqjjYCCekV
c:\users\zacknashly\AppData\Roaming\YaaaQHH6sWK7E
c:\users\zacknashly\AppData\Roaming\gAA11ivvD2nF4mH
c:\users\zacknashly\AppData\Roaming\GrllOOBtxP0yS
c:\users\zacknashly\AppData\Roaming\gTTZZqjYYCkIVlN
c:\users\zacknashly\AppData\Roaming\F666dWWK7fR9gXq
c:\users\zacknashly\AppData\Roaming\GGG55aQHH6WK7RL
c:\users\zacknashly\AppData\Roaming\a222obbF3pmGa
c:\users\zacknashly\AppData\Roaming\ivvvD22obF4mG
c:\users\zacknashly\AppData\Roaming\CnnF4ppmH5QJ7E8
c:\users\zacknashly\AppData\Roaming\iEEEL88gRZ
c:\users\zacknashly\AppData\Roaming\lUUUVrrlOBtx0yS
c:\users\zacknashly\AppData\Roaming\hwkkUUVrlOBtP0c
c:\users\zacknashly\AppData\Roaming\yLL99gTZZqYCwI
c:\users\zacknashly\AppData\Roaming\efRRLL9gTXqjCe
c:\users\zacknashly\AppData\Roaming\TfRRL99hTXjUCkB
c:\users\zacknashly\AppData\Roaming\shYYXXwjUVelBtP
c:\users\zacknashly\AppData\Roaming\PwwjjUVelIB
c:\users\zacknashly\AppData\Roaming\G88ggRZqqYXwkVl
c:\users\zacknashly\AppData\Roaming\k88ggTZqqhCwkVl
c:\users\zacknashly\AppData\Roaming\NffEEL9gTZqjYwI
c:\users\zacknashly\AppData\Roaming\i999hTTXwjUelBr
c:\users\zacknashly\AppData\Roaming\NellOBBtzP0yA1
c:\users\zacknashly\AppData\Roaming\oNNttxP00uS
c:\users\zacknashly\AppData\Roaming\GzzzPPNyxA1vSob
c:\users\zacknashly\AppData\Roaming\bTTZqqhYCwkVlOt
c:\users\zacknashly\AppData\Roaming\TVrrzzONtxA0cSi
c:\users\zacknashly\AppData\Roaming\Z33ppmGG5aQ6dK8
c:\users\zacknashly\AppData\Roaming\K111uvvD2ob4pG5
c:\users\zacknashly\AppData\Roaming\zWWWJ77fEL8TZhY
c:\users\zacknashly\AppData\Roaming\taaQQJ6ddW
c:\users\zacknashly\AppData\Roaming\EdEELL8ZqhXwUVl
c:\users\zacknashly\AppData\Roaming\zF33ppGG5aH6d
c:\users\zacknashly\AppData\Roaming\v888gRRZqhYwkVe
c:\users\zacknashly\AppData\Roaming\DqqqjUUekBzyA0v
c:\users\zacknashly\AppData\Roaming\jRZZ9hYXwjUVeIt
c:\users\zacknashly\AppData\Roaming\iGGG4aamH6sW7fL
c:\users\zacknashly\AppData\Roaming\fIIBBrzzONxA0vS
c:\users\zacknashly\AppData\Roaming\WgggRZZqhYXwUVl
c:\users\zacknashly\AppData\Roaming\syyA00uvS2i
c:\users\zacknashly\AppData\Roaming\QWJJJ7dELgZhXkU
c:\users\zacknashly\AppData\Roaming\a7ffRRL9gTXqYCk
c:\users\zacknashly\AppData\Roaming\EH55ssWJ7dE8g
c:\users\zacknashly\AppData\Roaming\LK88fRRL9hTqjC
c:\users\zacknashly\AppData\Roaming\GhhhYYCwkVlOiDo
c:\users\zacknashly\AppData\Roaming\VNNNyxxA0vS2iFp
c:\users\zacknashly\AppData\Roaming\CEEK8ggRZ9hYwj
c:\users\zacknashly\AppData\Roaming\GssWJJ7fELgTqhC
c:\users\zacknashly\AppData\Roaming\gQQHH6ddWK7RLgT
c:\users\zacknashly\AppData\Roaming\TdddEEK8fRZ9
c:\users\zacknashly\AppData\Roaming\SlllBtzP0ycAiv2
c:\users\zacknashly\AppData\Roaming\o99ggTZZqjYwkV
c:\users\zacknashly\AppData\Roaming\H666dWWK8fR9Xq
c:\users\zacknashly\AppData\Roaming\tPP0yA1ivD2oF4Q
c:\users\zacknashly\AppData\Roaming\geeeIVrzON0
c:\users\zacknashly\AppData\Roaming\aPNNyA1uvD2bF
c:\users\zacknashly\AppData\Roaming\ZDD33onnG4aH
c:\users\zacknashly\AppData\Roaming\XSSS2oobF3pG5QJ
c:\users\zacknashly\AppData\Roaming\JJJ77dEEL8gZqYX
c:\users\zacknashly\AppData\Roaming\EQQHH6ddW7fR9
c:\users\zacknashly\AppData\Roaming\JzzzPNNyxA1vSob
c:\users\zacknashly\AppData\Roaming\QvvDD3oonF4mHsW
c:\users\zacknashly\AppData\Roaming\GrrzzONyyA0uS2b
c:\users\zacknashly\AppData\Roaming\LA11ivvD2onFpm5
c:\users\zacknashly\AppData\Roaming\L444ammH6sWJE8T
c:\users\zacknashly\AppData\Roaming\vbbFF3pnG5aQ6dK
c:\users\zacknashly\AppData\Roaming\RwwwjUCCelI
c:\users\zacknashly\AppData\Roaming\ahhYYXwwjU
c:\users\zacknashly\AppData\Roaming\lwwwkUUVelOt
c:\users\zacknashly\AppData\Roaming\E7fEEL8gTZqYCkU
c:\users\zacknashly\AppData\Roaming\CkkkIVVrlONtP0c
c:\users\zacknashly\AppData\Roaming\GIIVVrzzONtA0cS
c:\users\zacknashly\AppData\Roaming\ZTXXqqjUCekIrzN
c:\users\zacknashly\AppData\Roaming\nssQQJ6ddK8f
c:\users\zacknashly\AppData\Roaming\G777dEELgRZqhXk
c:\users\zacknashly\AppData\Roaming\XbDD33onG4mH6WJ
c:\users\zacknashly\AppData\Roaming\kL9TXqqjUCeIBzN
c:\users\zacknashly\AppData\Roaming\tHHH5ssQJ7dE8gZ
c:\users\zacknashly\AppData\Roaming\wDD3onG4am6sJ7E
c:\users\zacknashly\AppData\Roaming\skkkIBBrzONxA0
c:\users\zacknashly\AppData\Roaming\UlIIBBrzPNxA1vS
c:\users\zacknashly\AppData\Roaming\udddEL88gZqhXwU
c:\users\zacknashly\AppData\Roaming\E33ppnGG4aQ6s
c:\users\zacknashly\AppData\Roaming\Q111uvSS2bF3m5
c:\users\zacknashly\AppData\Roaming\xhhYYXwkkUelOtP
c:\users\zacknashly\AppData\Roaming\kZZZqhhYXwkVeOB
c:\users\zacknashly\AppData\Roaming\ZZZqqhYCw

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 cassius85

cassius85
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 13 October 2011 - 09:54 AM

thanx cpu is still runnin good heres the log

ooops

Attached Files


Edited by cassius85, 13 October 2011 - 09:54 AM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:34 AM

Posted 13 October 2011 - 10:07 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 cassius85

cassius85
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 13 October 2011 - 10:16 AM

OTL was to big to upload on here so i had to use filedropper

http://www.filedropper.com/otl_2

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:34 AM

Posted 13 October 2011 - 10:32 AM

Hello

I have attach the script I want you to use - open it and copy all and paste into OTL and run the fix

I want you to run this custom OTL script for me and then let me know how things are after you finish.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox.
    copy and paste script here
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Edited by gringo_pr, 13 October 2011 - 10:34 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 cassius85

cassius85
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 13 October 2011 - 11:01 AM

after i ran that script i am unable to get onto any websites i had to go on my laptop to get it

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:34 AM

Posted 13 October 2011 - 11:24 AM

give me a new scan with OTL

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 cassius85

cassius85
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 13 October 2011 - 11:33 AM

donnneee


OTL logfile created on: 10/13/2011 12:26:48 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\zacknashly\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 4.71 Gb Available Physical Memory | 79.02% Memory free
11.93 Gb Paging File | 10.64 Gb Available in Paging File | 89.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.66 Gb Total Space | 593.97 Gb Free Space | 64.73% Space Free | Partition Type: NTFS
Drive I: | 11.03 Gb Total Space | 0.28 Gb Free Space | 2.52% Space Free | Partition Type: NTFS
Drive J: | 454.72 Gb Total Space | 204.95 Gb Free Space | 45.07% Space Free | Partition Type: NTFS

Computer Name: ZACKNASHLY-PC | User Name: zacknashly | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\zacknashly\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe (AVG)
PRC - C:\Program Files (x86)\Adobe\Adobe Audition 3.0\Audition.exe (Adobe Systems®, Incorporated)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\MAFWTray.exe (Avid Technology, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Users\zacknashly\AppData\Local\temp\~WS38C6.tmp ()
MOD - C:\Users\zacknashly\AppData\Local\temp\~WS3826.tmp ()
MOD - C:\Users\zacknashly\AppData\Local\temp\~WS3796.tmp ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madExcept_.bpl ()
MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl ()
MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madBasic_.bpl ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
MOD - C:\Program Files (x86)\Adobe\Adobe Audition 3.0\dva.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Audition 3.0\XMPShell.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Audition 3.0\audipp.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Audition 3.0\UIFramework.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Audition 3.0\PsiLib.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Audition 3.0\QTCompat.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Audition 3.0\MediaLayer.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Audition 3.0\MediaFrames.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Audition 3.0\MediaUtils.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Audition 3.0\Memory.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Audition 3.0\MemoryShell.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Audition 3.0\PRM.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Audition 3.0\BackendLib.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Audition 3.0\ImageRenderer.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Audition 3.0\AudioFilters.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Audition 3.0\BackendLegacyLib.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Audition 3.0\BravoInitializer.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Audition 3.0\ASLFoundation.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Audition 3.0\ASLUnitTesting.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Audition 3.0\ASLConsole.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (MAFW) -- C:\Windows\SysNative\drivers\mafw.sys (Avid Technology, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (Tpkd) -- C:\Windows\SysNative\drivers\Tpkd.sys (PACE Anti-Piracy, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (pfc) -- C:\Windows\SysWOW64\drivers\pfc.sys (Padus, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1607105755-911719905-2174135873-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-1607105755-911719905-2174135873-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 4


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/10 18:23:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/04 09:13:43 | 000,000,000 | ---D | M]

[2011/09/09 14:03:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zacknashly\AppData\Roaming\Mozilla\Extensions
[2011/09/09 14:03:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zacknashly\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/10/10 18:19:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zacknashly\AppData\Roaming\Mozilla\Firefox\Profiles\0smldm1x.default\extensions
[2011/10/10 18:19:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\zacknashly\AppData\Roaming\Mozilla\Firefox\Profiles\0smldm1x.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/10/10 18:23:55 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\zacknashly\AppData\Roaming\Mozilla\Firefox\Profiles\0smldm1x.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/07/25 10:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/08 15:35:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/08 15:35:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/12 22:15:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysWOW64\MAFWTray.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_Plugin.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1607105755-911719905-2174135873-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1607105755-911719905-2174135873-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1607105755-911719905-2174135873-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKU\S-1-5-21-1607105755-911719905-2174135873-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnailsOnNetworkFolders = 1
O7 - HKU\S-1-5-21-1607105755-911719905-2174135873-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF847908-9258-497A-977E-633223EE32C7}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/14 23:06:17 | 000,000,000 | ---- | M] () - I:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1607105755-911719905-2174135873-1000..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1607105755-911719905-2174135873-1000\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/13 11:48:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/13 11:10:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/12 22:16:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/12 22:10:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/12 11:44:43 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\AppData\Local\temp
[2011/10/12 11:28:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/12 11:28:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/12 11:19:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/12 11:19:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/11 16:56:13 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/10/11 16:56:13 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/10/10 17:40:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2011/10/10 15:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Mechanic
[2011/10/10 15:25:35 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\Documents\XPRC
[2011/10/10 15:25:31 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\Documents\Windows Tools
[2011/10/10 15:25:28 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\Documents\Web Browsers
[2011/10/10 15:25:25 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\Documents\sources
[2011/10/10 15:25:00 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\Documents\Malware
[2011/10/10 15:25:00 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\Documents\isolinux
[2011/10/10 15:24:58 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\Documents\HALP
[2011/10/10 15:24:57 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\Documents\GEEK SQUAD
[2011/10/10 15:24:51 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\Documents\EZBOOT
[2011/10/10 15:24:51 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\Documents\extras
[2011/10/10 15:24:51 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\Documents\EFI
[2011/10/10 15:24:45 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\Documents\Diagnostic
[2011/10/10 15:24:45 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\Documents\Compression Utilities
[2011/10/10 15:24:45 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\Documents\boot
[2011/10/10 15:23:17 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
[2011/10/10 15:23:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
[2011/10/10 10:10:13 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\Desktop\back on my feet_Recorded
[2011/10/09 17:03:08 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/10/09 16:40:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/10/09 16:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/10/09 16:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/10/09 06:48:06 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\Documents\TMPGEnc
[2011/10/09 06:48:06 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\AppData\Roaming\LEAPS
[2011/10/08 22:49:53 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\AppData\Roaming\Pegasys Inc
[2011/10/08 22:48:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pegasys Inc
[2011/10/08 22:30:14 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/10/04 09:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/04 09:13:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/10/04 09:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/10/04 09:12:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/10/04 09:12:54 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\AppData\Local\Apple
[2011/10/04 09:12:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/10/04 09:12:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/10/01 20:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2011/10/01 20:55:04 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\AppData\Local\WinZip
[2011/10/01 20:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2011/10/01 20:55:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2011/10/01 20:54:48 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\.swt
[2011/09/30 16:43:56 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\Desktop\DoK SOngs
[2011/09/30 16:43:53 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\Desktop\DOK MAYBE
[2011/09/30 16:43:49 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\Desktop\DOK FINISHED!
[2011/09/30 16:42:10 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\Desktop\DOK
[2011/09/24 14:36:12 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\Documents\They dont kniow_Recorded
[2011/09/24 14:04:49 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\Documents\Untitled_Recorded
[2011/09/24 13:52:58 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\Desktop\Presonus_AudioBoxUSB_2.8_X64
[2011/09/24 11:56:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConvertHelper
[2011/09/24 11:16:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Soulseek
[2011/09/24 11:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soulseek NS
[2011/09/24 11:16:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoulseekNS
[2011/09/24 11:16:13 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Soulseek NS
[2011/09/23 14:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio
[2011/09/23 14:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\M-Audio
[2011/09/23 13:03:03 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\dwhelper
[2011/09/23 12:09:55 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\Desktop\beats
[2011/09/21 10:21:04 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\Desktop\adobe
[2011/09/17 13:43:03 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\AppData\Roaming\Blitware
[2011/09/17 13:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Undeleter
[2011/09/17 13:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Undeleter
[2011/09/17 13:06:21 | 000,000,000 | ---D | C] -- C:\Users\zacknashly\Desktop\Heavyweightbeats
[2011/09/17 09:44:33 | 000,000,000 | ---D | C] -- C:\C
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/13 12:04:25 | 000,019,085 | ---- | M] () -- C:\Audition3
[2011/10/13 12:03:04 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/13 12:03:04 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/13 12:00:04 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/13 12:00:04 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/13 12:00:04 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/13 11:55:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/13 11:55:44 | 509,333,503 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/13 10:16:39 | 006,273,983 | ---- | M] () -- C:\Users\zacknashly\Desktop\DIG A HOLE.mp3
[2011/10/12 22:15:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/10/12 14:15:58 | 000,001,477 | ---- | M] () -- C:\Users\zacknashly\Desktop\ComboFix.exe - Shortcut.lnk
[2011/10/12 03:18:57 | 000,267,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/10 11:30:48 | 001,235,721 | ---- | M] () -- C:\Users\zacknashly\Desktop\Up All Night HOOK.mp3
[2011/10/10 11:24:42 | 000,912,971 | ---- | M] () -- C:\Users\zacknashly\Desktop\back on my feet.ses
[2011/10/09 07:25:21 | 1198,001,084 | ---- | M] () -- C:\Users\zacknashly\Documents\The Change Up 2011 PPVRip XViD DTRG.mpg
[2011/10/08 22:30:14 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/10/08 17:28:24 | 003,492,701 | ---- | M] () -- C:\Users\zacknashly\Desktop\Reppin My City.mp3
[2011/10/08 16:28:23 | 000,401,434 | ---- | M] () -- C:\Users\zacknashly\Desktop\twiggandstone+anthemcrackchoppersfreedownload.pk
[2011/10/08 14:54:09 | 003,042,304 | ---- | M] () -- C:\Windows\SysWow64\ippmmG55sQJdE8f.exe
[2011/10/08 14:24:12 | 003,042,304 | ---- | M] () -- C:\Windows\SysWow64\dllOONttxP0cSib.exe
[2011/10/08 13:36:41 | 000,440,184 | ---- | M] () -- C:\Users\zacknashly\Desktop\Gettem Right.pk
[2011/10/08 13:33:44 | 090,133,734 | ---- | M] () -- C:\Users\zacknashly\Desktop\Gettem Right.wav
[2011/10/08 10:04:57 | 003,042,304 | ---- | M] () -- C:\Windows\SysWow64\dlllONNtxP0uS1b.exe
[2011/10/06 09:51:52 | 019,702,602 | ---- | M] () -- C:\Users\zacknashly\Desktop\Roscoe Dash - Good Good Night.mp4
[2011/10/05 13:05:32 | 005,365,367 | ---- | M] () -- C:\Users\zacknashly\Desktop\Ready Ta Die.mp3
[2011/10/04 09:38:42 | 003,515,480 | ---- | M] () -- C:\Users\zacknashly\Desktop\thasantSCLK2HWfarasigonew (2).mp3
[2011/10/04 09:35:28 | 003,514,618 | ---- | M] () -- C:\Users\zacknashly\Desktop\thasantSCLK2HWfarasigonew.mp3
[2011/10/04 09:13:36 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/03 12:40:32 | 001,590,360 | ---- | M] () -- C:\Users\zacknashly\Desktop\Buy ANother Bottle HOOK.mp3
[2011/10/01 20:55:06 | 000,002,321 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011/10/01 20:54:20 | 000,001,850 | ---- | M] () -- C:\Users\zacknashly\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/10/01 20:54:20 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011/10/01 12:14:04 | 003,447,143 | ---- | M] () -- C:\Users\zacknashly\Desktop\livin proof verse.mp3
[2011/10/01 10:38:25 | 008,122,469 | ---- | M] () -- C:\Users\zacknashly\Desktop\Eminem Fast Lane Instrumental FULL.mp4
[2011/09/30 16:32:41 | 059,157,020 | ---- | M] () -- C:\Users\zacknashly\Desktop\heart n soul (2).wav
[2011/09/30 16:02:28 | 059,156,898 | ---- | M] () -- C:\Users\zacknashly\Desktop\heart n soul.wav
[2011/09/30 15:19:51 | 000,948,062 | ---- | M] () -- C:\Users\zacknashly\Desktop\heart n soul.mp3
[2011/09/30 13:55:23 | 004,502,490 | ---- | M] () -- C:\Users\zacknashly\Desktop\MR Pittsburgh.mp3
[2011/09/30 12:48:42 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/09/28 18:33:22 | 041,101,690 | ---- | M] () -- C:\Users\zacknashly\Desktop\twiggandstone+anthemcrackchoppersfreedownload.wav
[2011/09/28 15:21:34 | 003,321,756 | ---- | M] () -- C:\Users\zacknashly\Desktop\Rmeember when.mp3
[2011/09/28 14:38:56 | 010,690,376 | ---- | M] () -- C:\Users\zacknashly\Desktop\im gone.mp3
[2011/09/28 12:14:55 | 005,751,143 | ---- | M] () -- C:\Users\zacknashly\Desktop\THe MFN INTRO.mp3
[2011/09/28 11:23:04 | 008,107,388 | ---- | M] () -- C:\Users\zacknashly\Desktop\Remember when.mp3
[2011/09/28 10:08:31 | 003,242,109 | ---- | M] () -- C:\Users\zacknashly\Desktop\blacklightmusicllcSCLK2HWbright.mp3
[2011/09/27 23:55:52 | 003,733,257 | ---- | M] () -- C:\Users\zacknashly\Desktop\Nick Ross.mov
[2011/09/27 14:33:28 | 012,943,176 | ---- | M] () -- C:\Users\zacknashly\Desktop\in d airrrrrrrrr.mp3
[2011/09/27 14:15:45 | 005,354,082 | ---- | M] () -- C:\Users\zacknashly\Desktop\In the AIR.mp3
[2011/09/27 12:49:11 | 001,441,984 | ---- | M] () -- C:\Users\zacknashly\Desktop\In The Air HOOK.mp3
[2011/09/26 20:48:45 | 005,764,228 | ---- | M] () -- C:\Users\zacknashly\Desktop\Is This Life (2).mp3
[2011/09/26 16:23:20 | 005,415,731 | ---- | M] () -- C:\Users\zacknashly\Desktop\HOW I FEEL.mp3
[2011/09/26 15:48:06 | 009,604,727 | ---- | M] () -- C:\Users\zacknashly\Desktop\Is This Life.mp3
[2011/09/26 12:40:12 | 003,841,044 | ---- | M] () -- C:\Users\zacknashly\Desktop\kajmirbeats_getyouonladiesanthembeyoncekillthehook.mp3
[2011/09/26 09:10:47 | 002,301,560 | ---- | M] () -- C:\Users\zacknashly\Documents\They dont kniow.ses
[2011/09/26 09:10:46 | 013,281,964 | ---- | M] () -- C:\Users\zacknashly\Documents\They dont kniow-Mixdown (2).wav
[2011/09/26 09:10:46 | 000,064,934 | ---- | M] () -- C:\Users\zacknashly\Documents\They dont kniow-Mixdown (2).pk
[2011/09/26 09:10:38 | 008,073,952 | ---- | M] () -- C:\Users\zacknashly\Desktop\They Dont Know.mp3
[2011/09/25 21:44:48 | 007,217,445 | ---- | M] () -- C:\Users\zacknashly\Desktop\333 - 728 The Power.mp3
[2011/09/24 21:36:45 | 000,100,438 | ---- | M] () -- C:\Users\zacknashly\Desktop\Nick Rage Saw mask.jpg
[2011/09/24 19:42:45 | 011,247,307 | ---- | M] () -- C:\Users\zacknashly\Desktop\akin it on open verse.mp3
[2011/09/24 19:35:47 | 012,067,552 | ---- | M] () -- C:\Users\zacknashly\Desktop\FIND THE ANSWERRRSSSS.mp3
[2011/09/24 18:57:18 | 005,452,303 | ---- | M] () -- C:\Users\zacknashly\Desktop\cargo.mp3
[2011/09/24 18:24:25 | 008,104,254 | ---- | M] () -- C:\Users\zacknashly\Desktop\Ride TONIGHT.mp3
[2011/09/24 18:08:27 | 007,838,849 | ---- | M] () -- C:\Users\zacknashly\Desktop\My Name.mp3
[2011/09/24 17:50:12 | 008,824,188 | ---- | M] () -- C:\Users\zacknashly\Desktop\like oj.mp3
[2011/09/24 17:32:17 | 010,292,772 | ---- | M] () -- C:\Users\zacknashly\Documents\They dont kniow-Mixdown (4).wav
[2011/09/24 17:32:17 | 000,050,334 | ---- | M] () -- C:\Users\zacknashly\Documents\They dont kniow-Mixdown (4).pk
[2011/09/24 17:32:15 | 009,558,700 | ---- | M] () -- C:\Users\zacknashly\Documents\They dont kniow-Mixdown.wav
[2011/09/24 17:32:15 | 000,046,754 | ---- | M] () -- C:\Users\zacknashly\Documents\They dont kniow-Mixdown.pk
[2011/09/24 14:22:59 | 003,228,734 | ---- | M] () -- C:\Users\zacknashly\Desktop\blacklightmusicllc_gotonenew91611.mp3
[2011/09/24 14:04:47 | 000,585,465 | ---- | M] () -- C:\Users\zacknashly\Documents\Untitled.ses
[2011/09/24 11:56:24 | 000,080,429 | ---- | M] () -- C:\Users\zacknashly\Desktop\beatkits2.wmv
[2011/09/24 11:12:15 | 006,243,220 | ---- | M] () -- C:\Users\zacknashly\Desktop\Alec R. Costandinos - Quasimodo_s Marriage [What Ya Life Lik.flv
[2011/09/24 11:08:48 | 002,824,045 | ---- | M] () -- C:\Users\zacknashly\Desktop\Everything Look Good (Ain_t Good).mp4
[2011/09/23 15:05:14 | 000,000,824 | ---- | M] () -- C:\Users\zacknashly\Documents\48.fws
[2011/09/23 13:15:20 | 000,000,016 | ---- | M] () -- C:\Windows\SysWow64\w3data.vss
[2011/09/23 13:15:20 | 000,000,016 | ---- | M] () -- C:\Windows\msocreg32.dat
[2011/09/23 13:06:44 | 003,594,866 | ---- | M] () -- C:\Users\zacknashly\Desktop\kajmirbeatsSCLK2HWhelloyoungworldsouthernbanga.mp3
[2011/09/23 13:03:07 | 003,296,444 | ---- | M] () -- C:\Users\zacknashly\Desktop\kajmirbeatsSCLK2HWboycrackasimplebutdeadlyrealspitrsonly.mp3
[2011/09/21 11:44:12 | 006,312,254 | ---- | M] () -- C:\Users\zacknashly\Desktop\not human.mp3
[2011/09/21 10:38:21 | 004,777,298 | ---- | M] () -- C:\Users\zacknashly\Desktop\Till the Day That I Die.mp3
[2011/09/17 13:43:02 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Undeleter.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/13 12:04:25 | 000,019,085 | ---- | C] () -- C:\Audition3
[2011/10/13 10:14:52 | 006,273,983 | ---- | C] () -- C:\Users\zacknashly\Desktop\DIG A HOLE.mp3
[2011/10/12 14:15:58 | 000,001,477 | ---- | C] () -- C:\Users\zacknashly\Desktop\ComboFix.exe - Shortcut.lnk
[2011/10/12 11:28:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/12 11:28:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/12 11:28:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/12 11:28:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/12 11:28:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/10 11:30:47 | 001,235,721 | ---- | C] () -- C:\Users\zacknashly\Desktop\Up All Night HOOK.mp3
[2011/10/10 10:10:10 | 000,912,971 | ---- | C] () -- C:\Users\zacknashly\Desktop\back on my feet.ses
[2011/10/09 06:57:31 | 1198,001,084 | ---- | C] () -- C:\Users\zacknashly\Documents\The Change Up 2011 PPVRip XViD DTRG.mpg
[2011/10/08 17:28:22 | 003,492,701 | ---- | C] () -- C:\Users\zacknashly\Desktop\Reppin My City.mp3
[2011/10/08 16:28:23 | 000,401,434 | ---- | C] () -- C:\Users\zacknashly\Desktop\twiggandstone+anthemcrackchoppersfreedownload.pk
[2011/10/08 16:28:12 | 041,101,690 | ---- | C] () -- C:\Users\zacknashly\Desktop\twiggandstone+anthemcrackchoppersfreedownload.wav
[2011/10/08 14:54:09 | 003,042,304 | ---- | C] () -- C:\Windows\SysWow64\ippmmG55sQJdE8f.exe
[2011/10/08 14:24:12 | 003,042,304 | ---- | C] () -- C:\Windows\SysWow64\dllOONttxP0cSib.exe
[2011/10/08 13:36:41 | 000,440,184 | ---- | C] () -- C:\Users\zacknashly\Desktop\Gettem Right.pk
[2011/10/08 13:32:39 | 090,133,734 | ---- | C] () -- C:\Users\zacknashly\Desktop\Gettem Right.wav
[2011/10/08 10:04:57 | 003,042,304 | ---- | C] () -- C:\Windows\SysWow64\dlllONNtxP0uS1b.exe
[2011/10/06 09:51:43 | 019,702,602 | ---- | C] () -- C:\Users\zacknashly\Desktop\Roscoe Dash - Good Good Night.mp4
[2011/10/05 13:05:29 | 005,365,367 | ---- | C] () -- C:\Users\zacknashly\Desktop\Ready Ta Die.mp3
[2011/10/04 09:38:39 | 003,515,480 | ---- | C] () -- C:\Users\zacknashly\Desktop\thasantSCLK2HWfarasigonew (2).mp3
[2011/10/04 09:35:24 | 003,514,618 | ---- | C] () -- C:\Users\zacknashly\Desktop\thasantSCLK2HWfarasigonew.mp3
[2011/10/04 09:13:36 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/04 09:12:52 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/10/03 12:40:32 | 001,590,360 | ---- | C] () -- C:\Users\zacknashly\Desktop\Buy ANother Bottle HOOK.mp3
[2011/10/01 20:55:06 | 000,002,321 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011/10/01 20:54:20 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011/10/01 13:40:11 | 003,733,257 | ---- | C] () -- C:\Users\zacknashly\Desktop\Nick Ross.mov
[2011/10/01 12:14:03 | 003,447,143 | ---- | C] () -- C:\Users\zacknashly\Desktop\livin proof verse.mp3
[2011/10/01 10:38:17 | 008,122,469 | ---- | C] () -- C:\Users\zacknashly\Desktop\Eminem Fast Lane Instrumental FULL.mp4
[2011/09/30 17:05:55 | 009,870,106 | ---- | C] () -- C:\Users\zacknashly\Desktop\Kill You UNDONE MP3.mp3
[2011/09/30 17:04:56 | 000,100,438 | ---- | C] () -- C:\Users\zacknashly\Desktop\Nick Rage Saw mask.jpg
[2011/09/30 16:58:12 | 003,089,554 | ---- | C] () -- C:\Users\zacknashly\Desktop\Find The Answers.mp3
[2011/09/30 16:32:39 | 059,157,020 | ---- | C] () -- C:\Users\zacknashly\Desktop\heart n soul (2).wav
[2011/09/30 16:01:06 | 059,156,898 | ---- | C] () -- C:\Users\zacknashly\Desktop\heart n soul.wav
[2011/09/30 15:19:37 | 000,948,062 | ---- | C] () -- C:\Users\zacknashly\Desktop\heart n soul.mp3
[2011/09/30 13:55:22 | 004,502,490 | ---- | C] () -- C:\Users\zacknashly\Desktop\MR Pittsburgh.mp3
[2011/09/30 12:48:42 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/09/30 12:48:42 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/09/28 15:21:33 | 003,321,756 | ---- | C] () -- C:\Users\zacknashly\Desktop\Rmeember when.mp3
[2011/09/28 14:38:52 | 010,690,376 | ---- | C] () -- C:\Users\zacknashly\Desktop\im gone.mp3
[2011/09/28 12:14:53 | 005,751,143 | ---- | C] () -- C:\Users\zacknashly\Desktop\THe MFN INTRO.mp3
[2011/09/28 11:23:02 | 008,107,388 | ---- | C] () -- C:\Users\zacknashly\Desktop\Remember when.mp3
[2011/09/28 10:08:27 | 003,242,109 | ---- | C] () -- C:\Users\zacknashly\Desktop\blacklightmusicllcSCLK2HWbright.mp3
[2011/09/27 16:15:18 | 006,701,731 | ---- | C] () -- C:\Users\zacknashly\Desktop\333 - 250 PimpMusic.mp3
[2011/09/27 16:15:08 | 006,374,469 | ---- | C] () -- C:\Users\zacknashly\Desktop\333 - 262 RoadToRiches.mp3
[2011/09/27 16:13:35 | 006,489,402 | ---- | C] () -- C:\Users\zacknashly\Desktop\333 - 295 ChangeTheGame.mp3
[2011/09/27 16:11:51 | 006,226,511 | ---- | C] () -- C:\Users\zacknashly\Desktop\333 - 353 Harlem USA.mp3
[2011/09/27 16:11:22 | 006,413,966 | ---- | C] () -- C:\Users\zacknashly\Desktop\333 - 356 PurpleStuff.mp3
[2011/09/27 16:10:02 | 005,807,019 | ---- | C] () -- C:\Users\zacknashly\Desktop\333 - 381 PopTrunk&Bang.mp3
[2011/09/27 16:08:12 | 005,441,200 | ---- | C] () -- C:\Users\zacknashly\Desktop\333 - 420 DayDreamin'.mp3
[2011/09/27 16:07:02 | 006,487,944 | ---- | C] () -- C:\Users\zacknashly\Desktop\333 - 442 MyWorld.mp3
[2011/09/27 16:06:47 | 007,130,797 | ---- | C] () -- C:\Users\zacknashly\Desktop\333 - 444 Im So High.mp3
[2011/09/27 16:05:18 | 006,477,056 | ---- | C] () -- C:\Users\zacknashly\Desktop\333 - 588 G5 Status.mp3
[2011/09/27 16:02:56 | 006,185,124 | ---- | C] () -- C:\Users\zacknashly\Desktop\333 - 637 Legendary.mp3
[2011/09/27 16:00:35 | 006,309,272 | ---- | C] () -- C:\Users\zacknashly\Desktop\333 - 688 AllForTheMoney.mp3
[2011/09/27 16:00:22 | 006,630,580 | ---- | C] () -- C:\Users\zacknashly\Desktop\333 - 690 FamilyBusiness.mp3
[2011/09/27 15:55:32 | 005,545,929 | ---- | C] () -- C:\Users\zacknashly\Desktop\333 - 724 MaybachStunna.mp3
[2011/09/27 15:50:11 | 007,217,445 | ---- | C] () -- C:\Users\zacknashly\Desktop\333 - 728 The Power.mp3
[2011/09/27 14:33:24 | 012,943,176 | ---- | C] () -- C:\Users\zacknashly\Desktop\in d airrrrrrrrr.mp3
[2011/09/27 14:15:43 | 005,354,082 | ---- | C] () -- C:\Users\zacknashly\Desktop\In the AIR.mp3
[2011/09/27 12:49:10 | 001,441,984 | ---- | C] () -- C:\Users\zacknashly\Desktop\In The Air HOOK.mp3
[2011/09/26 20:48:42 | 005,764,228 | ---- | C] () -- C:\Users\zacknashly\Desktop\Is This Life (2).mp3
[2011/09/26 16:23:18 | 005,415,731 | ---- | C] () -- C:\Users\zacknashly\Desktop\HOW I FEEL.mp3
[2011/09/26 15:48:04 | 009,604,727 | ---- | C] () -- C:\Users\zacknashly\Desktop\Is This Life.mp3
[2011/09/26 12:38:41 | 003,841,044 | ---- | C] () -- C:\Users\zacknashly\Desktop\kajmirbeats_getyouonladiesanthembeyoncekillthehook.mp3
[2011/09/26 09:10:46 | 013,281,964 | ---- | C] () -- C:\Users\zacknashly\Documents\They dont kniow-Mixdown (2).wav
[2011/09/26 09:10:46 | 000,064,934 | ---- | C] () -- C:\Users\zacknashly\Documents\They dont kniow-Mixdown (2).pk
[2011/09/24 19:42:41 | 011,247,307 | ---- | C] () -- C:\Users\zacknashly\Desktop\akin it on open verse.mp3
[2011/09/24 19:35:43 | 012,067,552 | ---- | C] () -- C:\Users\zacknashly\Desktop\FIND THE ANSWERRRSSSS.mp3
[2011/09/24 18:24:23 | 008,104,254 | ---- | C] () -- C:\Users\zacknashly\Desktop\Ride TONIGHT.mp3
[2011/09/24 17:32:17 | 010,292,772 | ---- | C] () -- C:\Users\zacknashly\Documents\They dont kniow-Mixdown (4).wav
[2011/09/24 17:32:17 | 000,050,334 | ---- | C] () -- C:\Users\zacknashly\Documents\They dont kniow-Mixdown (4).pk
[2011/09/24 17:32:15 | 009,558,700 | ---- | C] () -- C:\Users\zacknashly\Documents\They dont kniow-Mixdown.wav
[2011/09/24 17:32:15 | 000,046,754 | ---- | C] () -- C:\Users\zacknashly\Documents\They dont kniow-Mixdown.pk
[2011/09/24 17:31:09 | 008,073,952 | ---- | C] () -- C:\Users\zacknashly\Desktop\They Dont Know.mp3
[2011/09/24 14:36:08 | 002,301,560 | ---- | C] () -- C:\Users\zacknashly\Documents\They dont kniow.ses
[2011/09/24 14:22:54 | 003,228,734 | ---- | C] () -- C:\Users\zacknashly\Desktop\blacklightmusicllc_gotonenew91611.mp3
[2011/09/24 14:04:47 | 000,585,465 | ---- | C] () -- C:\Users\zacknashly\Documents\Untitled.ses
[2011/09/24 11:56:24 | 000,080,429 | ---- | C] () -- C:\Users\zacknashly\Desktop\beatkits2.wmv
[2011/09/24 11:10:21 | 006,243,220 | ---- | C] () -- C:\Users\zacknashly\Desktop\Alec R. Costandinos - Quasimodo_s Marriage [What Ya Life Lik.flv
[2011/09/24 11:08:41 | 002,824,045 | ---- | C] () -- C:\Users\zacknashly\Desktop\Everything Look Good (Ain_t Good).mp4
[2011/09/23 15:05:14 | 000,000,824 | ---- | C] () -- C:\Users\zacknashly\Documents\48.fws
[2011/09/23 13:06:41 | 003,594,866 | ---- | C] () -- C:\Users\zacknashly\Desktop\kajmirbeatsSCLK2HWhelloyoungworldsouthernbanga.mp3
[2011/09/23 13:03:07 | 003,296,444 | ---- | C] () -- C:\Users\zacknashly\Desktop\kajmirbeatsSCLK2HWboycrackasimplebutdeadlyrealspitrsonly.mp3
[2011/09/21 11:44:10 | 006,312,254 | ---- | C] () -- C:\Users\zacknashly\Desktop\not human.mp3
[2011/09/21 11:35:29 | 007,838,849 | ---- | C] () -- C:\Users\zacknashly\Desktop\My Name.mp3
[2011/09/21 11:29:41 | 008,824,188 | ---- | C] () -- C:\Users\zacknashly\Desktop\like oj.mp3
[2011/09/21 11:14:34 | 005,452,303 | ---- | C] () -- C:\Users\zacknashly\Desktop\cargo.mp3
[2011/09/21 10:38:20 | 004,777,298 | ---- | C] () -- C:\Users\zacknashly\Desktop\Till the Day That I Die.mp3
[2011/09/17 13:43:02 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Undeleter.lnk
[2011/07/28 13:58:45 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2011/05/11 20:55:01 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/05/11 20:55:00 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2011/05/11 20:55:00 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2011/05/11 20:54:59 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >

Attached Files

  • Attached File  OTL2.Txt   88.69KB   1 downloads

Edited by gringo_pr, 13 October 2011 - 11:36 AM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:34 AM

Posted 13 October 2011 - 11:42 AM

Click on start

in search type CMD

right click on CMD and select run as admin

type each line and press enter after each line

netsh winsock reset catalog
netsh int ip reset reset.log hit


let me know if you can connect when done



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 cassius85

cassius85
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 13 October 2011 - 11:47 AM

yes its workinh now




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users