Jump to content

Recommended Posts

Running XPsp3 system is obviously infected and we are having browser redirects that upload even more malware. Been fighting this off for over a week now. AVG, Spyhunter and Malwarebytes have been effective to an extent. But seem to be losing the battle. I've removed 11 virues and close to 80 suspicious malware related entries and programs, but they keep popping back up. AVG isn't functioning like it should anymore, and Spyhunter has officially been locked out via admin rights. Malwarebytes via Chameleon is the only thing detecting infections currently. Browser redirects and odd pop-ups continue to occur. I do not use my normal browser anymore as a result.

Any help would be appreciated. We're getting desperate and a reformat isn't an option at the moment.

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.45.2

Run by Administrator at 14:36:41 on 2013-11-06

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2491 [GMT -5:00]

.

AV: AVG Internet Security 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

FW: AVG Internet Security 2014 *Enabled*

.

============== Running Processes ================

.

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Enigma Software Group\RegHunter\RegHunter.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - <orphaned>

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY

mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"

mRun: [Nvtmru] "c:\program files\nvidia corporation\nvidia update core\nvtmru.exe"

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [iMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [systemProtect] c:\program files\system protect\SysProtect_Tray.exe

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

TCP: NameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{803AD560-0395-45F7-AD2F-2CF40228C2CB} : DHCPNameServer = 75.75.75.75 75.75.76.76

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.0.12\ViProtocol.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\rpohmzt6.default\

FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll

FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll

FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll

FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\17.0.12\npsitesafety.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll

FF - ExtSQL: 2013-10-12 21:09; avg@toolbar; c:\documents and settings\all users\application data\avg safeguard toolbar\firefoxext\17.0.1.12

FF - ExtSQL: 2013-10-16 09:45; {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}; c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\firefox\Ext

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 145720]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 223032]

R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 102200]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 27448]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 193848]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-7-18 37664]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]

R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2013-10-10 1034240]

S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]

S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-9-25 120632]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-3-29 209208]

S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22840]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 176952]

S1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2013-3-1 91248]

S1 MpKslf0d662a7;MpKslf0d662a7;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{60db4b8e-bcad-48d6-9ab5-4ee6e51a10b8}\MpKslf0d662a7.sys [2013-11-6 40392]

S2 avgfws;AVG Firewall;c:\program files\avg\avg2014\avgfws.exe [2013-9-25 1358944]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-10-3 3538480]

S2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-25 301152]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]

S2 SP_Service;System Protect Deletion Prevention Service;c:\program files\system protect\SysProtect_srv.exe [2013-7-24 598528]

S2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;c:\program files\common files\avg secure search\vtoolbarupdater\17.0.12\ToolbarUpdater.exe [2013-10-12 1734680]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]

S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]

S3 RTL8192cu;%RTL8192cu.DeviceDesc%;c:\windows\system32\drivers\rtl8192cu.sys [2013-7-18 987904]

S3 sp_prot;System Protect Filter Driver;c:\windows\system32\drivers\sp_prot.sys [2013-7-24 12288]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]

S4 EsgScanner;EsgScanner;c:\windows\system32\drivers\esgscanner.sys --> c:\windows\system32\drivers\EsgScanner.sys [?]

S4 mbamchameleon;mbamchameleon;\??\c:\windows\system32\drivers\mbamchameleon.sys --> c:\windows\system32\drivers\mbamchameleon.sys [?]

.

=============== File Associations ===============

.

ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~3\office10\FRONTPG.EXE

.

=============== Created Last 30 ================

.

2013-11-06 19:06:47 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Help

2013-11-06 18:58:02 -------- d-----w- c:\windows\220FB0354744483A9A0B41DF77061583.TMP

2013-11-06 15:58:47 40392 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{60db4b8e-bcad-48d6-9ab5-4ee6e51a10b8}\MpKslf0d662a7.sys

2013-11-06 00:06:36 -------- d-----w- c:\program files\common files\Wondershare

2013-11-06 00:06:00 -------- d-----w- c:\program files\Wondershare

2013-11-05 05:53:23 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2013-11-05 05:52:56 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2013-11-05 05:51:56 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2013-11-05 05:51:35 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2013-11-05 05:51:12 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2013-11-05 05:50:03 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2013-11-05 05:49:14 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys

2013-11-05 05:49:07 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys

2013-11-05 05:49:07 14976 -c----w- c:\windows\system32\dllcache\usbscan.sys

2013-11-05 05:48:15 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2013-11-05 05:48:15 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2013-11-05 05:47:40 284160 -c----w- c:\windows\system32\dllcache\pdh.dll

2013-11-05 05:47:39 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2013-11-05 05:47:39 110592 -c----w- c:\windows\system32\dllcache\services.exe

2013-11-05 05:47:38 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2013-11-05 05:47:38 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2013-11-05 05:47:38 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2013-11-05 05:47:33 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll

2013-11-05 05:47:09 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2013-11-05 05:45:33 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2013-11-05 05:45:09 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2013-11-05 05:44:50 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys

2013-11-05 05:44:50 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys

2013-11-05 05:44:42 331776 -c----w- c:\windows\system32\dllcache\msadce.dll

2013-11-05 05:44:38 60160 -c----w- c:\windows\system32\dllcache\usbaudio.sys

2013-11-05 05:44:38 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys

2013-11-05 05:42:18 536576 -c----w- c:\windows\system32\dllcache\msado15.dll

2013-11-05 05:41:13 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

2013-11-05 05:41:07 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2013-11-05 05:40:29 5376 -c----w- c:\windows\system32\dllcache\usbd.sys

2013-11-05 05:40:29 32384 -c----w- c:\windows\system32\dllcache\usbccgp.sys

2013-11-05 05:40:29 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys

2013-11-05 05:40:29 144128 -c----w- c:\windows\system32\dllcache\usbport.sys

2013-11-05 05:39:13 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll

2013-11-05 05:39:11 2149888 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2013-11-05 05:39:10 2193536 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2013-11-05 05:39:09 2070144 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2013-11-05 05:39:09 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2013-11-05 05:39:03 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe

2013-11-05 05:38:38 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2013-11-05 05:37:41 45568 -c----w- c:\windows\system32\dllcache\wab.exe

2013-11-05 02:13:56 -------- d-----w- c:\documents and settings\all users\application data\PCHealthBoost

2013-11-05 00:50:12 7796464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{60db4b8e-bcad-48d6-9ab5-4ee6e51a10b8}\mpengine.dll

2013-11-05 00:31:10 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll

2013-11-05 00:31:10 1371648 -c----w- c:\windows\system32\dllcache\msxml6.dll

2013-11-05 00:27:41 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe

2013-11-04 07:28:31 -------- d-----w- c:\documents and settings\administrator\application data\AVG2014

2013-11-04 07:28:03 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Avg2014

2013-11-04 03:25:14 -------- d-----w- c:\documents and settings\all users\application data\AVG2014

2013-11-04 03:03:17 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll

2013-11-04 03:03:17 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys

2013-11-04 03:03:15 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll

2013-11-04 03:03:07 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe

2013-11-04 03:03:05 455168 -c--a-w- c:\windows\system32\dllcache\tintsetp.exe

2013-11-04 03:03:05 44032 -c--a-w- c:\windows\system32\dllcache\tintlphr.exe

2013-11-04 03:03:05 10240 -c--a-w- c:\windows\system32\dllcache\tmigrate.dll

2013-11-04 03:03:04 21896 -c--a-w- c:\windows\system32\dllcache\tdipx.sys

2013-11-04 03:03:04 19464 -c--a-w- c:\windows\system32\dllcache\tdspx.sys

2013-11-04 03:03:04 13192 -c--a-w- c:\windows\system32\dllcache\tdasync.sys

2013-11-04 03:01:59 18432 -c--a-w- c:\windows\system32\dllcache\jupiw.dll

2013-11-04 03:00:57 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll

2013-11-04 03:00:50 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll

2013-11-04 02:57:49 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe

2013-11-04 02:57:49 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe

2013-11-04 02:56:47 32768 ----a-w- c:\program files\internet explorer\connection wizard\icwdl.dll

2013-11-04 02:56:45 86016 ----a-w- c:\program files\internet explorer\connection wizard\icwconn2.exe

2013-11-04 02:56:45 214528 ----a-w- c:\program files\internet explorer\connection wizard\icwconn1.exe

2013-11-04 02:56:45 20480 ----a-w- c:\program files\internet explorer\connection wizard\inetwiz.exe

2013-11-04 02:15:44 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2013-11-04 02:15:44 24661 ----a-w- c:\windows\system32\spxcoins.dll

2013-11-04 02:15:44 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2013-11-04 02:15:44 13312 ----a-w- c:\windows\system32\irclass.dll

2013-11-03 18:36:29 -------- d-----w- C:\Fraps

2013-11-03 18:35:32 -------- d-----w- c:\program files\EVGA Precision

2013-11-03 17:37:25 1994752 ----a-w- c:\windows\UNNMP.exe

2013-11-03 17:34:19 155648 ----a-w- c:\windows\system32\NeroCheck.exe

2013-11-03 17:32:54 24064 ----a-w- c:\windows\system32\msxml3a.dll

2013-11-03 17:32:54 2277376 ----a-w- c:\windows\UNNeroVision.exe

2013-11-03 17:32:24 476320 ----a-w- c:\windows\system32\ImagXpr7.dll

2013-11-03 17:32:24 471040 ----a-w- c:\windows\system32\ImagXRA7.dll

2013-11-03 17:32:24 364544 ----a-w- c:\windows\system32\TwnLib4.dll

2013-11-03 17:32:24 262144 ----a-w- c:\windows\system32\ImagXR7.dll

2013-11-03 17:32:24 1568768 ----a-w- c:\windows\system32\ImagX7.dll

2013-11-03 17:32:23 38912 ----a-w- c:\windows\system32\picn20.dll

2013-11-03 17:32:23 106496 ----a-w- c:\windows\system32\TwnLib20.dll

2013-11-03 16:26:01 -------- d-----w- C:\Temp

2013-11-02 23:53:30 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Identities

2013-11-02 23:53:29 -------- d-----w- c:\documents and settings\administrator\application data\Windows Desktop Search

2013-11-02 23:23:51 427864 ----a-w- c:\windows\system32\XceedZip.dll

2013-11-02 22:44:41 7796464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-11-02 21:18:18 -------- d-----w- c:\documents and settings\all users\application data\DriverGenius

2013-11-02 13:23:50 569397 ----a-w- c:\program files\internet explorer\plugins\richfx\player\nprfxins.dll

2013-11-02 13:23:44 -------- d-----w- c:\program files\Rhapsody

2013-11-02 13:04:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-11-02 13:04:59 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-10-28 21:22:33 -------- d-----w- c:\windows\system32\wbem\framework\root\CPUThermometer

2013-10-28 21:22:33 -------- d-----w- c:\windows\system32\wbem\framework\root

2013-10-28 21:22:33 -------- d-----w- c:\windows\system32\wbem\Framework

2013-10-28 07:15:05 -------- d-----w- c:\documents and settings\administrator\application data\Windows Search

2013-10-27 01:25:41 4379984 ----a-w- c:\windows\system32\d3dx9_40.dll

2013-10-27 01:25:19 -------- d-----w- c:\documents and settings\all users\application data\Logs

2013-10-27 01:25:10 -------- d-----w- c:\program files\Dll-Files.com Fixer

2013-10-27 00:25:03 -------- d-----w- c:\windows\system32\winrm

2013-10-27 00:24:58 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2013-10-27 00:23:35 -------- d-----w- c:\windows\system32\GroupPolicy

2013-10-27 00:23:35 -------- d-----w- c:\program files\Windows Desktop Search

2013-10-27 00:21:12 -------- d-----w- c:\windows\system32\URTTEMP

2013-10-26 18:01:40 -------- d-----w- c:\windows\RegisteredPackages

2013-10-26 18:00:40 19200 ----a-w- c:\windows\system32\drivers\wstcodec.sys

2013-10-26 18:00:39 91136 ----a-w- c:\windows\system32\kswdmcap.ax

2013-10-26 18:00:39 85248 ----a-w- c:\windows\system32\drivers\nabtsfec.sys

2013-10-26 18:00:39 61952 ----a-w- c:\windows\system32\kstvtune.ax

2013-10-26 18:00:39 51200 ----a-w- c:\windows\system32\drivers\msdv.sys

2013-10-26 18:00:39 43008 ----a-w- c:\windows\system32\ksxbar.ax

2013-10-26 18:00:39 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys

2013-10-26 18:00:37 5504 ----a-w- c:\windows\system32\drivers\mstee.sys

2013-10-26 17:59:51 -------- d--h--w- c:\windows\msdownld.tmp

2013-10-26 07:01:20 -------- d-----w- C:\New Folder

2013-10-24 04:49:10 1409 ----a-w- c:\windows\QTFont.for

2013-10-24 04:41:59 -------- d-----w- c:\program files\DVD Shrink

2013-10-23 02:29:10 -------- d--h--w- C:\RL 2

2013-10-22 15:11:48 203576 ----a-w- c:\windows\system32\RICHTX32.OCX

2013-10-22 15:11:48 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2013-10-19 17:16:42 -------- d-----w- c:\program files\MSXML 4.0

2013-10-19 00:35:07 -------- d-----w- c:\windows\system32\BWKDLogs

2013-10-19 00:34:11 5632 ----a-w- c:\windows\system32\ptpusb.dll

2013-10-19 00:34:11 159232 ----a-w- c:\windows\system32\ptpusd.dll

2013-10-19 00:34:01 -------- d-----w- c:\program files\common files\Kodak

2013-10-19 00:32:00 -------- d-----w- c:\program files\Kodak

2013-10-19 00:29:59 -------- d-----w- c:\documents and settings\all users\application data\Kodak

2013-10-18 03:37:46 221184 ----a-w- c:\windows\system32\wmpns.dll

2013-10-18 03:37:38 -------- d-----w- c:\program files\Windows Media Connect 2

2013-10-18 03:36:06 -------- d-----w- C:\656e718fed0ffcfdcb23ea6d0dac

2013-10-18 03:36:02 -------- d-----w- c:\windows\system32\LogFiles

2013-10-17 21:15:23 -------- d-----w- c:\program files\Metaseq31

2013-10-17 20:39:34 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2013-10-17 20:39:32 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

2013-10-17 20:39:31 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

2013-10-17 20:39:29 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

2013-10-17 20:39:26 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2013-10-17 20:38:02 -------- d-----w- c:\program files\tetraface

2013-10-17 20:14:42 -------- d-----w- c:\program files\NCH Software

2013-10-17 05:57:26 -------- d-----w- c:\program files\Advanced Batch Converter

2013-10-16 19:50:25 -------- d-----w- c:\program files\Microsoft ActiveSync

2013-10-16 19:48:18 -------- d--h--w- c:\windows\ShellNew

2013-10-16 19:48:14 -------- d-----w- c:\program files\common files\L&H

2013-10-16 13:54:02 145408 ----a-w- c:\windows\system32\javacpl.cpl

2013-10-16 13:53:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-10-16 13:45:35 -------- d-----w- c:\program files\RealNetworks

2013-10-16 13:45:34 -------- d-----w- c:\documents and settings\all users\application data\RealNetworks

2013-10-16 13:43:51 -------- d-----w- c:\program files\common files\xing shared

2013-10-15 05:14:47 -------- d-----w- c:\program files\FileASSASSIN

2013-10-15 04:40:53 -------- d-----w- c:\windows\865537E164904193A4B6669C62711852.TMP

2013-10-15 03:51:47 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Mozilla

2013-10-15 02:06:44 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

2013-10-13 03:17:04 238872 ----a-w- c:\windows\system32\MpSigStub.exe

2013-10-13 03:13:40 -------- d-----w- c:\program files\Microsoft Security Client

2013-10-12 13:44:04 -------- d-----w- c:\program files\Uninstaller

2013-10-11 21:27:53 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes

2013-10-11 01:48:22 -------- d-----w- c:\windows\system32\MRT

2013-10-11 01:47:24 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll

2013-10-11 01:33:44 -------- d-----w- C:\DriversBackup

2013-10-11 01:32:05 14976 ----a-w- c:\windows\system32\drivers\usbscan.sys

2013-10-11 01:07:28 1034240 ----a-w- c:\windows\system32\drivers\bcmwlhigh5.sys

2013-10-11 01:07:27 89088 ----a-w- c:\windows\system32\ATL71.DLL

2013-10-11 01:07:27 53299 ----a-w- c:\windows\system32\pthreadVC.dll

2013-10-11 01:07:27 50704 ----a-w- c:\windows\system32\drivers\npf.sys

2013-10-11 01:07:27 281104 ----a-w- c:\windows\system32\wpcap.dll

2013-10-11 01:07:27 1060864 ----a-w- c:\windows\system32\MFC71.DLL

2013-10-11 01:07:27 100880 ----a-w- c:\windows\system32\Packet.dll

.

==================== Find3M ====================

.

2013-11-04 02:29:43 1098236 ----a-w- c:\windows\system32\nvdrsdb0.bin

2013-11-04 02:29:43 1 ----a-w- c:\windows\system32\nvdrssel.bin

2013-11-04 02:29:37 1098236 ----a-w- c:\windows\system32\nvdrsdb1.bin

2013-10-16 13:42:20 499712 ----a-w- c:\windows\system32\msvcp71.dll

2013-10-16 13:42:20 348160 ----a-w- c:\windows\system32\msvcr71.dll

2013-10-13 01:08:43 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-09-26 01:57:14 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys

2013-09-23 07:40:04 668672 ----a-w- c:\windows\system32\wininet.dll

2013-09-23 07:40:03 81920 ----a-w- c:\windows\system32\ieencode.dll

2013-09-23 07:40:03 61952 ----a-w- c:\windows\system32\tdc.ocx

2013-09-23 01:22:30 369664 ----a-w- c:\windows\system32\html.iec

2013-09-11 03:11:44 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2013-09-09 03:12:16 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2013-09-02 15:39:32 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2013-09-02 15:28:06 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2013-09-02 15:28:04 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2013-09-02 15:28:00 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys

2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys

2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll

2013-08-09 00:55:08 144128 ----a-w- c:\windows\system32\drivers\usbport.sys

2013-08-09 00:55:07 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2013-08-09 00:55:06 5376 ----a-w- c:\windows\system32\drivers\usbd.sys

.

============= FINISH: 14:37:12.28 ===============

Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Thanks that was a really fast response. :) I did all, just as you requsted, here is the report...

 

 

 

RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Master [Admin rights]
Mode : Scan -- Date : 11/06/2013 18:35:54
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V1][sUSP PATH] At1.job : C:\DOCUME~1\Master\APPLIC~1\DSite\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST332061 3AS SCSI Disk Device +++++
--- User ---
[MBR] 6ed2d7d2db1a8e840c6eb052f2f66c75
[bSP] 5513d4cfdd6448f9b858f3961fdd1ad4 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_11062013_183554.txt >>



 

Link to post
Share on other sites

OK......lets run some scans:

First,

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

Thanks MrCharlie, I did as you said. Rootkit ran in safemode and did not detect any threats. However, while going over the two log files it created I saw something in the kernel list of the mbar-log that didn't look right. "\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys"

Currently Windows Firewall seems functional. I can toggle between it and the AVG Firewall I normally use.

As for updates. I am currently able to access system updates but the two updates listed "HID Non-User Input Data Filter (KB 911895)" repeatedly failed during to install during the installation process.

Here are the two files created by mbar.exe...



---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.5512

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.000000 GHz
Memory total: 3219566592, free: 1741357056

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.5512

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.000000 GHz
Memory total: 3219566592, free: 2436481024

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 6.0.2900.5512

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.000000 GHz
Memory total: 3219566592, free: 2855161856

Downloaded database version: v2013.11.07.06
Downloaded database version: v2013.10.11.02
Initializing...
======================
------------ Kernel report ------------
     11/07/2013 10:55:53
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
sptd.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
nvgts.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
avgrkx86.sys
avglogx.sys
avgmfx86.sys
avgidshx.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\avgfwdx.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\bcmwlhigh5.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8acbb3a0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Scsi\nvgts2Port3Path0Target0Lun0\
Lower Device Object: 0xffffffff8ad4a998
Lower Device Driver Name: \Driver\nvgts\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8acbb3a0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8acbb118, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8acbb3a0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8ad4a828, DeviceName: \Device\0000006d\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8ad4a998, DeviceName: \Device\Scsi\nvgts2Port3Path0Target0Lun0\, DriverName: \Driver\nvgts\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2120212

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 625121217
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.5512

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.000000 GHz
Memory total: 3219566592, free: 1741357056

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.5512

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.000000 GHz
Memory total: 3219566592, free: 2436481024

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 6.0.2900.5512

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.000000 GHz
Memory total: 3219566592, free: 2855161856

Downloaded database version: v2013.11.07.06
Downloaded database version: v2013.10.11.02
Initializing...
======================
------------ Kernel report ------------
     11/07/2013 10:55:53
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
sptd.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
nvgts.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
avgrkx86.sys
avglogx.sys
avgmfx86.sys
avgidshx.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\avgfwdx.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\bcmwlhigh5.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8acbb3a0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Scsi\nvgts2Port3Path0Target0Lun0\
Lower Device Object: 0xffffffff8ad4a998
Lower Device Driver Name: \Driver\nvgts\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8acbb3a0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8acbb118, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8acbb3a0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8ad4a828, DeviceName: \Device\0000006d\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8ad4a998, DeviceName: \Device\Scsi\nvgts2Port3Path0Target0Lun0\, DriverName: \Driver\nvgts\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2120212

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 625121217
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
 

Link to post
Share on other sites

I'm not sure why it shows like that but it's OK.

Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

I followed the directions and ran Combofix. Things seemed to work well, the system seems faster and more "crisp". Several missing features seemed to return such as update launchers for several programs. Windows update and the system restore wizard were refreshed and repaired. However several issues popped up.

 

First issue was an unexpected Trojan that AVG detected and quarantined after combofix rebooted the system. (My AVG was disabled but automatically enables on system start) What was interesting was that AVG still showed that it was "disabled" even after the reboot (I'm assuming combofix anticipates AV's auto starting on reboot), yet AVG's resident shield still managed to detect the Trojan. Curious... Here is the specific information of the Trojan it detected.

 

Trojan horse BackDoor.Generic17.CEGP

C:\System Volume Information\_restore{BE49E673-FC53-4DA3-8BC3-B650382131FC}\RP23\A0014511.EXE

Severity: High
State: Secured
Indentified by: AVG Resident Shield
Date: 11/8/2013 1:46:34 AM

Specific element ID/information:

Process name: C\WINDOWS\system32\svchost.exe
Process ID: 1264
Created: 11/8/2013 1:46:34 AM
Username: SYSTEM
Session ID: 0
 

 

Second, the updates seem to go much easier with the system update wizard now functioning propery, however two updates listed as  "Microsoft- Hid Non-User Data Input Filter (KB911895)" still fail on every install attempt even in safe mode. Currently my DVD RW is not supported by XP, which only recognizes it as a DVD RAM despte whatever drivers I try. Perhaps this update failure may be related?

 

Here is the combofix log.

 

 

 

ComboFix 13-11-03.02 - Master 11/08/2013   2:19.1.4 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3070.1850 [GMT -5:00]
Running from: c:\documents and settings\Master\Desktop\ComboFix.exe
AV: AVG Internet Security 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Internet Security 2014 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\RAIDTest
C:\Install.exe
c:\windows\settings.reg
c:\windows\system32\Cache
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\5c54eb1a1655b076.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\9be7376514f63c28.fb
c:\windows\system32\Cache\d4d5e2af9bbf798f.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
c:\windows\system32\drivers\npf.sys
c:\windows\system32\frapsvid.dll
c:\windows\system32\kbhookdll.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BROWSERDEFENDERT
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-08 to 2013-11-08  )))))))))))))))))))))))))))))))
.
.
2013-11-08 07:28 . 2013-11-08 07:28    40392    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{60DB4B8E-BCAD-48D6-9AB5-4EE6E51A10B8}\MpKsl48b62b56.sys
2013-11-07 21:23 . 2013-11-07 21:23    --------    d-----w-    C:\ProgramData
2013-11-07 21:23 . 2013-11-07 21:23    --------    d-----w-    c:\documents and settings\All Users\Application Data\Electronic Arts
2013-11-07 21:22 . 2008-09-04 20:11    447752    ----a-r-    c:\windows\system32\vp6vfw.dll
2013-11-07 21:21 . 2013-11-07 21:21    --------    d-----w-    c:\program files\Microsoft WSE
2013-11-07 15:19 . 2013-11-07 17:02    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-11-07 15:19 . 2013-11-07 15:55    105176    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-07 15:10 . 2013-11-07 17:09    47064    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-11-07 14:24 . 2013-11-07 14:24    40392    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{60DB4B8E-BCAD-48D6-9AB5-4EE6E51A10B8}\MpKsl628aa845.sys
2013-11-07 05:50 . 2013-11-07 05:51    --------    d-----w-    c:\documents and settings\Master\mods
2013-11-06 19:06 . 2013-11-06 19:06    --------    d-----w-    c:\documents and settings\Administrator\Local Settings\Application Data\Help
2013-11-06 18:58 . 2013-11-06 18:58    --------    d-----w-    c:\windows\220FB0354744483A9A0B41DF77061583.TMP
2013-11-06 00:06 . 2013-11-06 00:06    --------    d-----w-    c:\documents and settings\Master\Local Settings\Application Data\Wondershare
2013-11-06 00:06 . 2013-11-06 00:06    --------    d-----w-    c:\program files\Common Files\Wondershare
2013-11-06 00:06 . 2013-11-06 00:06    --------    d-----w-    c:\program files\Wondershare
2013-11-05 23:50 . 2013-11-05 23:50    --------    d-----w-    c:\documents and settings\Master\Local Settings\Application Data\Ahead
2013-11-05 05:53 . 2008-06-13 11:05    272128    -c----w-    c:\windows\system32\dllcache\bthport.sys
2013-11-05 05:52 . 2010-09-18 06:53    953856    -c----w-    c:\windows\system32\dllcache\mfc40u.dll
2013-11-05 05:51 . 2011-07-15 13:29    456320    -c----w-    c:\windows\system32\dllcache\mrxsmb.sys
2013-11-05 05:51 . 2010-08-23 16:12    617472    -c----w-    c:\windows\system32\dllcache\comctl32.dll
2013-11-05 05:51 . 2009-11-21 15:51    471552    -c----w-    c:\windows\system32\dllcache\aclayers.dll
2013-11-05 05:50 . 2010-06-14 14:31    744448    -c----w-    c:\windows\system32\dllcache\helpsvc.exe
2013-11-05 05:49 . 2010-11-02 15:17    40960    -c----w-    c:\windows\system32\dllcache\ndproxy.sys
2013-11-05 05:49 . 2013-07-03 02:12    25088    -c----w-    c:\windows\system32\dllcache\hidparse.sys
2013-11-05 05:49 . 2013-07-03 01:59    14976    -c----w-    c:\windows\system32\dllcache\usbscan.sys
2013-11-05 05:48 . 2010-08-27 08:02    119808    -c----w-    c:\windows\system32\dllcache\t2embed.dll
2013-11-05 05:48 . 2009-10-15 16:28    81920    -c----w-    c:\windows\system32\dllcache\fontsub.dll
2013-11-05 05:47 . 2009-03-06 14:22    284160    -c----w-    c:\windows\system32\dllcache\pdh.dll
2013-11-05 05:47 . 2009-02-09 12:10    401408    -c----w-    c:\windows\system32\dllcache\rpcss.dll
2013-11-05 05:47 . 2009-02-06 11:11    110592    -c----w-    c:\windows\system32\dllcache\services.exe
2013-11-05 05:47 . 2009-02-09 12:10    473600    -c----w-    c:\windows\system32\dllcache\fastprox.dll
2013-11-05 05:47 . 2009-02-09 12:10    453120    -c----w-    c:\windows\system32\dllcache\wmiprvsd.dll
2013-11-05 05:47 . 2009-02-06 10:10    227840    -c----w-    c:\windows\system32\dllcache\wmiprvse.exe
2013-11-05 05:47 . 2009-02-09 12:10    617472    -c----w-    c:\windows\system32\dllcache\advapi32.dll
2013-11-05 05:47 . 2009-06-21 21:44    153088    -c----w-    c:\windows\system32\dllcache\triedit.dll
2013-11-05 05:45 . 2011-04-21 13:37    105472    -c----w-    c:\windows\system32\dllcache\mup.sys
2013-11-05 05:45 . 2008-05-08 14:02    203136    -c----w-    c:\windows\system32\dllcache\rmcast.sys
2013-11-05 05:44 . 2013-02-12 00:32    12928    -c----w-    c:\windows\system32\dllcache\usb8023x.sys
2013-11-05 05:44 . 2013-02-12 00:32    12928    -c----w-    c:\windows\system32\dllcache\usb8023.sys
2013-11-05 05:44 . 2008-05-01 14:33    331776    -c----w-    c:\windows\system32\dllcache\msadce.dll
2013-11-05 05:44 . 2013-07-17 00:58    123008    -c----w-    c:\windows\system32\dllcache\usbvideo.sys
2013-11-05 05:44 . 2013-07-17 00:58    60160    -c----w-    c:\windows\system32\dllcache\usbaudio.sys
2013-11-05 05:42 . 2012-05-28 18:16    536576    -c----w-    c:\windows\system32\dllcache\msado15.dll
2013-11-05 05:41 . 2010-06-18 13:36    3558912    -c----w-    c:\windows\system32\dllcache\moviemk.exe
2013-11-05 05:41 . 2012-07-04 14:05    139784    -c----w-    c:\windows\system32\dllcache\rdpwd.sys
2013-11-05 05:40 . 2013-08-09 00:55    144128    -c----w-    c:\windows\system32\dllcache\usbport.sys
2013-11-05 05:40 . 2013-08-09 00:55    32384    -c----w-    c:\windows\system32\dllcache\usbccgp.sys
2013-11-05 05:40 . 2013-08-09 00:55    5376    -c----w-    c:\windows\system32\dllcache\usbd.sys
2013-11-05 05:40 . 2009-03-18 11:02    30336    -c----w-    c:\windows\system32\dllcache\usbehci.sys
2013-11-05 05:39 . 2010-12-09 15:15    718336    -c----w-    c:\windows\system32\dllcache\ntdll.dll
2013-11-05 05:39 . 2013-07-04 03:03    2149888    -c----w-    c:\windows\system32\dllcache\ntkrnlmp.exe
2013-11-05 05:39 . 2013-07-04 02:59    2193536    -c----w-    c:\windows\system32\dllcache\ntoskrnl.exe
2013-11-05 05:39 . 2013-07-04 02:08    2070144    -c----w-    c:\windows\system32\dllcache\ntkrnlpa.exe
2013-11-05 05:39 . 2013-07-04 02:08    2028544    -c----w-    c:\windows\system32\dllcache\ntkrpamp.exe
2013-11-05 05:39 . 2010-07-12 12:55    218112    -c----w-    c:\windows\system32\dllcache\wordpad.exe
2013-11-05 05:38 . 2011-07-08 14:02    10496    -c----w-    c:\windows\system32\dllcache\ndistapi.sys
2013-11-05 05:37 . 2010-10-11 14:59    45568    -c----w-    c:\windows\system32\dllcache\wab.exe
2013-11-05 02:13 . 2013-11-05 02:13    --------    d-----w-    c:\documents and settings\All Users\Application Data\PCHealthBoost
2013-11-05 00:50 . 2013-10-14 06:39    7796464    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{60DB4B8E-BCAD-48D6-9AB5-4EE6E51A10B8}\mpengine.dll
2013-11-05 00:31 . 2012-11-06 02:01    1371648    -c----w-    c:\windows\system32\dllcache\msxml6.dll
2013-11-05 00:31 . 2008-04-14 03:57    79872    -c----w-    c:\windows\system32\dllcache\msxml6r.dll
2013-11-05 00:27 . 2008-04-14 10:42    294912    -c----w-    c:\windows\system32\dllcache\dlimport.exe
2013-11-04 08:34 . 2013-11-04 08:40    --------    d-----w-    c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2013-11-04 07:28 . 2013-11-04 07:28    --------    d-----w-    c:\documents and settings\Administrator\Application Data\AVG2014
2013-11-04 07:28 . 2013-11-04 07:29    --------    d-----w-    c:\documents and settings\Administrator\Local Settings\Application Data\Avg2014
2013-11-04 03:32 . 2013-11-04 03:32    --------    d-----w-    c:\documents and settings\Master\Application Data\AVG2014
2013-11-04 03:29 . 2013-11-04 03:29    --------    d-----w-    c:\windows\system32\config\systemprofile\Application Data\AVG2014
2013-11-04 03:25 . 2013-11-04 03:29    --------    d-----w-    c:\documents and settings\All Users\Application Data\AVG2014
2013-11-04 03:03 . 2004-08-04 12:00    41600    -c--a-w-    c:\windows\system32\dllcache\weitekp9.dll
2013-11-04 03:03 . 2004-08-04 12:00    31232    -c--a-w-    c:\windows\system32\dllcache\weitekp9.sys
2013-11-04 03:03 . 2004-08-04 12:00    48256    -c--a-w-    c:\windows\system32\dllcache\w32.dll
2013-11-04 03:03 . 2004-08-04 12:00    14336    -c--a-w-    c:\windows\system32\dllcache\tsprof.exe
2013-11-04 03:03 . 2008-04-14 10:41    10240    -c--a-w-    c:\windows\system32\dllcache\tmigrate.dll
2013-11-04 03:03 . 2004-08-04 12:00    455168    -c--a-w-    c:\windows\system32\dllcache\tintsetp.exe
2013-11-04 03:03 . 2004-08-04 12:00    44032    -c--a-w-    c:\windows\system32\dllcache\tintlphr.exe
2013-11-04 03:03 . 2004-08-04 12:00    21896    -c--a-w-    c:\windows\system32\dllcache\tdipx.sys
2013-11-04 03:03 . 2004-08-04 12:00    19464    -c--a-w-    c:\windows\system32\dllcache\tdspx.sys
2013-11-04 03:03 . 2004-08-04 12:00    13192    -c--a-w-    c:\windows\system32\dllcache\tdasync.sys
2013-11-04 03:01 . 2004-08-04 12:00    18432    -c--a-w-    c:\windows\system32\dllcache\jupiw.dll
2013-11-04 03:00 . 2001-08-18 03:36    45056    -c--a-w-    c:\windows\system32\dllcache\EXCH_aqadmin.dll
2013-11-04 03:00 . 2001-08-18 03:36    5632    -c--a-w-    c:\windows\system32\dllcache\EXCH_adsiisex.dll
2013-11-04 02:57 . 2004-08-04 12:00    16384    -c--a-w-    c:\windows\system32\dllcache\isignup.exe
2013-11-04 02:57 . 2004-08-04 12:00    16384    ----a-w-    c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2013-11-04 02:56 . 2008-04-14 10:41    32768    ----a-w-    c:\program files\Internet Explorer\Connection Wizard\icwdl.dll
2013-11-04 02:56 . 2008-04-14 10:42    86016    ----a-w-    c:\program files\Internet Explorer\Connection Wizard\icwconn2.exe
2013-11-04 02:56 . 2008-04-14 10:42    214528    ----a-w-    c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe
2013-11-04 02:56 . 2008-04-14 10:42    20480    ----a-w-    c:\program files\Internet Explorer\Connection Wizard\inetwiz.exe
2013-11-04 02:15 . 2004-08-04 12:00    24661    -c--a-w-    c:\windows\system32\dllcache\spxcoins.dll
2013-11-04 02:15 . 2004-08-04 12:00    24661    ----a-w-    c:\windows\system32\spxcoins.dll
2013-11-04 02:15 . 2004-08-04 12:00    13312    -c--a-w-    c:\windows\system32\dllcache\irclass.dll
2013-11-04 02:15 . 2004-08-04 12:00    13312    ----a-w-    c:\windows\system32\irclass.dll
2013-11-03 20:38 . 2013-11-03 20:38    --------    d-----w-    c:\documents and settings\Master\Application Data\Ahead
2013-11-03 18:37 . 2013-11-03 18:38    --------    d-----w-    c:\program files\Common Files\Adobe
2013-11-03 18:36 . 2013-11-03 18:36    --------    d-----w-    C:\Fraps
2013-11-03 18:35 . 2013-11-03 18:35    --------    d-----w-    c:\program files\EVGA Precision
2013-11-03 17:37 . 2004-06-23 17:26    1994752    ----a-w-    c:\windows\UNNMP.exe
2013-11-03 17:34 . 2001-07-09 16:50    155648    ----a-w-    c:\windows\system32\NeroCheck.exe
2013-11-03 17:32 . 2004-10-11 07:23    2277376    ----a-w-    c:\windows\UNNeroVision.exe
2013-11-03 17:32 . 2001-03-09 00:30    24064    ----a-w-    c:\windows\system32\msxml3a.dll
2013-11-03 17:32 . 2013-11-03 17:32    --------    d-----w-    c:\documents and settings\All Users\Application Data\Ahead
2013-11-03 17:32 . 2004-07-20 22:24    476320    ----a-w-    c:\windows\system32\ImagXpr7.dll
2013-11-03 17:32 . 2004-07-20 22:24    471040    ----a-w-    c:\windows\system32\ImagXRA7.dll
2013-11-03 17:32 . 2004-07-20 22:24    262144    ----a-w-    c:\windows\system32\ImagXR7.dll
2013-11-03 17:32 . 2004-07-20 22:24    1568768    ----a-w-    c:\windows\system32\ImagX7.dll
2013-11-03 17:32 . 2004-07-09 14:43    364544    ----a-w-    c:\windows\system32\TwnLib4.dll
2013-11-03 17:32 . 2001-06-26 13:15    38912    ----a-w-    c:\windows\system32\picn20.dll
2013-11-03 17:32 . 2000-06-26 16:45    106496    ----a-w-    c:\windows\system32\TwnLib20.dll
2013-11-03 17:32 . 2013-11-03 17:32    --------    d-----w-    c:\program files\Common Files\Ahead
2013-11-03 17:31 . 2013-11-03 17:36    --------    d-----w-    c:\program files\Ahead
2013-11-03 17:23 . 2013-11-03 17:23    --------    d-----w-    c:\documents and settings\Master\Application Data\ElevatedDiagnostics
2013-11-03 16:26 . 2013-11-05 05:12    --------    d-----w-    C:\Temp
2013-11-03 03:31 . 2013-11-03 03:31    --------    d-----w-    c:\documents and settings\UpdatusUser\Local Settings\Application Data\NVIDIA
2013-11-02 23:53 . 2013-11-02 23:53    --------    d-----w-    c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2013-11-02 23:53 . 2013-11-02 23:53    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2013-11-02 23:42 . 2013-11-03 00:58    110080    ----a-r-    c:\documents and settings\Master\Application Data\Microsoft\Installer\{220FB035-4744-483A-9A0B-41DF77061583}\IconF7A21AF7.exe
2013-11-02 23:42 . 2013-11-03 00:58    110080    ----a-r-    c:\documents and settings\Master\Application Data\Microsoft\Installer\{220FB035-4744-483A-9A0B-41DF77061583}\IconD7F16134.exe
2013-11-02 23:42 . 2013-11-03 00:58    110080    ----a-r-    c:\documents and settings\Master\Application Data\Microsoft\Installer\{220FB035-4744-483A-9A0B-41DF77061583}\IconCF33A0CE.exe
2013-11-02 23:23 . 2004-06-14 18:56    427864    ----a-w-    c:\windows\system32\XceedZip.dll
2013-11-02 22:44 . 2013-10-14 06:39    7796464    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-02 21:18 . 2013-11-02 21:18    --------    d-----w-    c:\documents and settings\All Users\Application Data\DriverGenius
2013-11-02 13:23 . 2002-11-12 16:22    569397    ----a-w-    c:\program files\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll
2013-11-02 13:23 . 2013-11-02 13:31    --------    d-----w-    c:\program files\Rhapsody
2013-11-02 13:04 . 2013-11-05 03:51    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-02 13:04 . 2013-11-05 03:51    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-10-28 21:22 . 2013-10-28 21:22    --------    d-----w-    c:\windows\system32\wbem\Framework
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-16 13:42 . 2013-07-18 19:04    499712    ----a-w-    c:\windows\system32\msvcp71.dll
2013-10-16 13:42 . 2013-07-18 19:04    348160    ----a-w-    c:\windows\system32\msvcr71.dll
2013-10-13 01:08 . 2013-07-18 13:47    37664    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-09-26 01:57 . 2013-09-26 01:57    120632    ----a-w-    c:\windows\system32\drivers\avgdiskx.sys
2013-09-23 07:40 . 2004-08-04 12:00    668672    ----a-w-    c:\windows\system32\wininet.dll
2013-09-23 07:40 . 2004-08-04 12:00    81920    ----a-w-    c:\windows\system32\ieencode.dll
2013-09-23 07:40 . 2004-08-04 12:00    61952    ----a-w-    c:\windows\system32\tdc.ocx
2013-09-23 01:22 . 2004-08-04 12:00    369664    ----a-w-    c:\windows\system32\html.iec
2013-09-11 03:11 . 2013-03-01 14:32    22840    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2013-09-09 03:12 . 2013-02-08 08:37    27448    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2013-09-02 15:39 . 2013-02-08 08:37    176952    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-09-02 15:28 . 2013-02-08 08:37    145720    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-09-02 15:28 . 2013-03-29 06:53    209208    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-09-02 15:28 . 2013-02-08 08:37    223032    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2013-08-29 01:31 . 2004-08-04 12:00    1878656    ----a-w-    c:\windows\system32\win32k.sys
2013-08-21 03:54 . 2013-02-08 08:37    102200    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Driver Restore"="c:\program files\Driver Restore\Driver Restore\DriverRestore.exe" [2013-07-16 3981176]
"RDReminder"="c:\program files\Dll-Files.com Fixer\DLLFixer.exe" [2013-04-11 8943552]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-10-08 4908592]
"vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2013-10-13 2404376]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-10-18 1028384]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 995176]
"SystemProtect"="c:\program files\System Protect\SysProtect_Tray.exe" [2013-07-24 1223680]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-06-21 15677728]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2013-06-21 223008]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-03-27 1686528]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe  /startup [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2013-05-20 02:37    450560    ----a-w-    c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37    1263952    ----a-w-    c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2013-06-21 09:54    223008    ----a-w-    c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 13:16    254336    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-10-16 13:42    295512    ----a-w-    c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"bckwfs"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\TrueCrypt\\TrueCrypt.exe"=
"c:\\Program Files\\Electronic Arts\\BioWare\\Star Wars-The Old Republic\\swtor\\retailclient\\swtor.exe"=
"c:\\Program Files\\Electronic Arts\\BioWare\\Star Wars-The Old Republic\\launcher.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2/8/2013 3:37 AM 145720]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 3:37 AM 223032]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2/8/2013 3:37 AM 27448]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [9/25/2013 8:57 PM 120632]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [3/29/2013 1:53 AM 209208]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [3/1/2013 9:32 AM 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/8/2013 3:37 AM 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/21/2013 2:08 AM 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [7/18/2013 8:47 AM 37664]
R1 MpKsl48b62b56;MpKsl48b62b56;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{60DB4B8E-BCAD-48D6-9AB5-4EE6E51A10B8}\MpKsl48b62b56.sys [11/8/2013 2:28 AM 40392]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2014\avgfws.exe [9/25/2013 9:55 PM 1358944]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [10/3/2013 10:00 PM 3538480]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [9/25/2013 9:47 PM 301152]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/14/2013 2:19 PM 39056]
R2 SP_Service;System Protect Deletion Prevention Service;c:\program files\System Protect\SysProtect_srv.exe [7/24/2013 11:27 AM 598528]
R2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [10/12/2013 8:08 PM 1734680]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1/12/2012 7:52 PM 30944]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [10/10/2013 8:07 PM 1034240]
R3 sp_prot;System Protect Filter Driver;c:\windows\system32\drivers\sp_prot.sys [7/24/2013 11:27 AM 12288]
S1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [3/1/2013 6:06 AM 91248]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/12/2012 7:52 PM 30944]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 RTL8192cu;%RTL8192cu.DeviceDesc%;c:\windows\system32\drivers\rtl8192cu.sys [7/18/2013 2:26 AM 987904]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL48B62B56
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-30 c:\windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job
- c:\program files\Dll-Files.com Fixer\DLLFixer.exe [2013-10-27 20:12]
.
2013-11-02 c:\windows\Tasks\DLL-Files.Com Fixer_Updates.job
- c:\program files\Dll-Files.com Fixer\DLLFixer.exe [2013-10-27 20:12]
.
2013-11-02 c:\windows\Tasks\Driver Restore-RTMRules.job
- c:\program files\Driver Restore\Driver Restore\DriverRestore.exe [2013-07-16 15:47]
.
2013-11-06 c:\windows\Tasks\Driver Restore-RTMScan.job
- c:\program files\Driver Restore\Driver Restore\DriverRestore.exe [2013-07-16 15:47]
.
2013-10-21 c:\windows\Tasks\Driver Restore-RTMUpdater.job
- c:\program files\Driver Restore\Driver Restore\DriverRestore.exe [2013-07-16 15:47]
.
2013-11-08 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-08-12 14:12]
.
2013-11-02 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1960408961-2000478354-839522115-1004.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14 19:19]
.
2013-11-08 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1960408961-2000478354-839522115-1004.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 19:19]
.
2013-11-05 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1960408961-2000478354-839522115-1004.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 19:19]
.
2013-11-08 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1960408961-2000478354-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2013-11-04 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1960408961-2000478354-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
.
------- Supplementary Scan -------
.


IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: aol.com\free
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Master\Application Data\Mozilla\Firefox\Profiles\mqjc6y6u.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL -
FF - ExtSQL: 2013-10-16 09:45; {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}; c:\documents and settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - ExtSQL: 2013-10-17 15:30; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Master\Application Data\Mozilla\Firefox\Profiles\mqjc6y6u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-11-02 17:01; flashfirebug@o-minds.com; c:\documents and settings\Master\Application Data\Mozilla\Firefox\Profiles\mqjc6y6u.default\extensions\flashfirebug@o-minds.com
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-MSPY2002 - c:\windows\system32\IME\PINTLGNT\ImScInst.exe
HKLM-Run-PHIME2002ASync - c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
HKLM-Run-PHIME2002A - c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
AddRemove-Precision - c:\program files\EVGA Precision\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-08 02:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(608)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Windows Desktop Search\WindowsSearch.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2013-11-08  02:41:55 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-08 07:41
.
Pre-Run: 22,789,320,704 bytes free
Post-Run: 22,847,528,960 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /noguiboot
.
- - End Of File - - 605737B9417CB958EE0E2C20CEEA683E
8F558EB6672622401DA993E1E865C861

 

 

Thanks as always!
 

Link to post
Share on other sites

Trojan horse BackDoor.Generic17.CEGP

C:\System Volume Information\_restore{BE49E673-FC53-4DA3-8BC3-B650382131FC}\RP23\A0014511.EXE

 

That's in system restore and we won't worry about that.

When we uninstall CF it will create a new system restore point and flush out all the old ones.

-------------------------------------------

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

I followed the instructions and only kept anything AVG related from being removed. I was suprised how much of these nasty little programs were still lingering around. MalwareBytes ran succesfully and detected several items. Furthermore, AVG also picked up one during the MWBytes scan.  "MalSign.generic.3EF"

I will proceed to clear them out.

 

Here is the log....

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.08.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Master :: PRIME-VM14R926D [administrator]

11/8/2013 11:35:42 AM
MBAM-log-2013-11-08 (11-54-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 249919
Time elapsed: 14 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.ExpressInstall.A) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Documents and Settings\Master\My Documents\Downloads\setup.exe (PUP.Optional.ExpressInstall.A) -> No action taken.
C:\Documents and Settings\Master\My Documents\Downloads\daemon-tools-lite.exe (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Documents and Settings\Master\My Documents\Downloads\resource-cfg-for-sims-3-pc.zip (Rootkit.0Access.ED) -> No action taken.

(end)

Link to post
Share on other sites

Yes, clear them all out and if all is OK........

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

I'm still getting some odd, though less intrusive, re-directs while browsing. Quite commonly I click a link or try and download a file and it re-directs me to blank page suggesting I upgrade Flash.There have also been numerous Firefox pop-ups requesting I upgrade my browser giving me the option to "hide" them, and letting them slide to the side of the screen.  I just back out or reject anything I didn't specifically request to DL, many times I can't get back to the original page I was re-directed from and have to retype the URL. I refuse to just auto accept anything that pops up. This was one of the main ways the infections got onto my system to being with . However I'm now doubting my stance, perhaps the re-directs are the result of a need to upgrade?

 

Security Check Log

 

 Results of screen317's Security Check version 0.99.76  
 Windows XP Service Pack 3 x86   
 Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
 AVG 2014     
 AVG SafeGuard toolbar    
 AVG 2014     
 Microsoft Security Essentials    
`````````Anti-malware/Other Utilities Check:`````````
 SpyHunter     
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 TweakNow RegCleaner    
 Java 7 Update 45  
 Adobe Flash Player     11.9.900.117  
 Adobe Reader 8 Adobe Reader out of Date!
 Mozilla Firefox 24.0 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites

Thanks, Mr. Charlie. Been busy the past 48 hours.

 

I'm getting an error saying the post is too long for the forum. I'll break it up in several posts for you.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2013 01
Ran by Master (administrator) on PRIME-VM14R926D on 10-11-2013 19:59:08
Running from C:\Documents and Settings\Master\My Documents\Downloads
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 6
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTsvcCDA.EXE
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Xacti Corporation) C:\Program Files\System Protect\SysProtect_srv.exe
(Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Xacti Corporation) C:\Program Files\System Protect\SysProtect_Tray.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Electronic Arts) C:\Program Files\Electronic Arts\EADM\Core.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Farbar) C:\Documents and Settings\Master\My Documents\Downloads\FRST(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-17] (NVIDIA Corporation)
HKLM\...\Run: [iMJPMIG8.1] - C:\WINDOWS\ime\imjp8_1\imjpmig.exe [208952 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [iMEKRMIG6.1] - C:\WINDOWS\ime\imkr6_1\imekrmig.exe [44032 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [systemProtect] - C:\Program Files\System Protect\SysProtect_Tray.exe [1223680 2013-07-24] (Xacti Corporation)
HKLM\...\Run: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-10-16] (RealNetworks, Inc.)
HKCU\...\Run: [Driver Restore] - C:\Program Files\Driver Restore\Driver Restore\DriverRestore.exe [3981176 2013-07-16] (PC Drivers Headquarters)
HKCU\...\Run: [EA Core] - C:\Program Files\Electronic Arts\EADM\Core.exe [3325952 2009-03-28] (Electronic Arts)
HKCU\...\Run: [RDReminder] - C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe [8943552 2013-04-11] (Dll-FIles.Com)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1374131626403
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1374131788637
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\mqjc6y6u.default
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll (AVG Technologies)
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: FlashFirebug - C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\mqjc6y6u.default\Extensions\flashfirebug@o-minds.com
FF Extension: NetVideoHunter - C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\mqjc6y6u.default\Extensions\netvideohunter@netvideohunter.com
FF Extension: Flash and Video Download - C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\mqjc6y6u.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF Extension: artur.dubovoy - C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\mqjc6y6u.default\Extensions\artur.dubovoy@gmail.com.xpi
FF Extension: eoWwdRD - C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\mqjc6y6u.default\Extensions\eoWwdRD@Qe3qzqg.com.xpi
FF Extension: Adblock Plus - C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\mqjc6y6u.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

========================== Services (Whitelisted) =================

R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1358944 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [44032 1999-12-12] (Creative Technology Ltd)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-08-12] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SP_Service; C:\Program Files\System Protect\SysProtect_srv.exe [598528 2013-07-24] (Xacti Corporation)
R2 WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120632 2013-09-25] (AVG Technologies CZ, s.r.o.)
R3 Avgfwdx; C:\Windows\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209208 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [145720 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [223032 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102200 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-10-12] (AVG Technologies)
S1 bckd; C:\Windows\System32\drivers\bckd.sys [91248 2013-03-01] (Blue Coat Systems, Inc.)
R3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh5.sys [1034240 2011-12-12] (Broadcom Corporation)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13904 2011-05-06] ()
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [47064 2013-11-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R1 MpKslc6457990; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{10763EAE-DB1D-4037-B4D9-B6E88E5ED70C}\MpKslc6457990.sys [40392 2013-11-10] (Microsoft Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R0 nvgts; C:\Windows\System32\DRIVERS\nvgts.sys [164896 2009-06-30] (NVIDIA Corporation)
R3 P17; C:\Windows\System32\drivers\P17.sys [1127936 2007-06-15] (Creative Technology Ltd.)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [987904 2013-01-24] (Realtek Semiconductor Corporation                           )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-08-01] (Duplex Secure Ltd.)
R3 sp_prot; C:\WINDOWS\system32\drivers\sp_prot.sys [12288 2013-07-24] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-10 04:23 - 2013-11-10 04:23 - 00001975 _____ C:\Documents and Settings\Master\Desktop\SpyHunter.lnk
2013-11-10 03:12 - 2013-11-10 03:13 - 00000000 ____D C:\Documents and Settings\Master\Desktop\mbar
2013-11-10 03:09 - 2013-11-10 03:09 - 00001542 _____ C:\Documents and Settings\Master\Desktop\RKreport[0]_S_11102013_030905.txt
2013-11-10 03:07 - 2013-11-10 03:07 - 00000914 _____ C:\Documents and Settings\Master\Desktop\RKreport[0]_S_11102013_030723.txt
2013-11-10 01:33 - 2013-11-10 01:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB952011$
2013-11-10 01:32 - 2013-11-10 01:33 - 00006922 _____ C:\WINDOWS\KB952011.log
2013-11-10 01:32 - 2013-11-10 01:32 - 00000855 _____ C:\Documents and Settings\All Users\Desktop\Wondershare Video Editor.lnk
2013-11-10 01:31 - 2013-11-10 03:02 - 00000000 ____D C:\Documents and Settings\Master\My Documents\Wondershare Video Editor
2013-11-10 01:31 - 2008-04-14 05:41 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2013-11-10 01:12 - 2013-11-10 12:11 - 00000000 ____D C:\Documents and Settings\Master\Desktop\Meshes
2013-11-09 15:59 - 2013-11-09 15:59 - 00000000 ____D C:\FRST
2013-11-09 13:51 - 2013-11-09 14:05 - 00000137 _____ C:\Documents and Settings\Master\Desktop\districtBreakdown.txt
2013-11-09 10:58 - 2013-11-09 10:58 - 00499517 _____ C:\Documents and Settings\Master\.recently-used.xbel
2013-11-09 03:43 - 2013-11-09 03:49 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-08 11:30 - 2013-11-08 11:30 - 00009095 _____ C:\Documents and Settings\Master\Desktop\AdwCleaner[s0].txt
2013-11-08 11:19 - 2013-11-08 11:24 - 00000000 ____D C:\AdwCleaner
2013-11-08 02:41 - 2013-11-08 02:41 - 00031550 _____ C:\Documents and Settings\Master\Desktop\ComboFix.txt
2013-11-08 02:25 - 2013-11-08 02:25 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-11-08 02:25 - 2013-11-08 02:25 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-11-08 02:16 - 2013-11-08 02:16 - 00000000 _RSHD C:\cmdcons
2013-11-08 02:16 - 2013-11-03 22:50 - 00000222 _____ C:\Boot.bak
2013-11-08 02:16 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2013-11-08 02:14 - 2013-11-08 02:42 - 00000000 ____D C:\Qoobox
2013-11-08 02:14 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-11-08 02:14 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-11-08 02:14 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-11-08 02:14 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-11-08 02:14 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-11-08 02:14 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-11-08 02:14 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-11-08 02:14 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-11-08 02:14 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-11-08 02:13 - 2013-11-08 02:40 - 00000000 ____D C:\WINDOWS\erdnt
2013-11-07 22:44 - 2013-11-10 01:33 - 00012973 _____ C:\WINDOWS\FaxSetup.log
2013-11-07 22:44 - 2013-11-10 01:33 - 00008725 _____ C:\WINDOWS\ocgen.log
2013-11-07 22:44 - 2013-11-10 01:33 - 00006283 _____ C:\WINDOWS\tsoc.log
2013-11-07 22:44 - 2013-11-10 01:33 - 00004405 _____ C:\WINDOWS\comsetup.log
2013-11-07 22:44 - 2013-11-10 01:33 - 00002871 _____ C:\WINDOWS\ntdtcsetup.log
2013-11-07 22:44 - 2013-11-10 01:33 - 00001965 _____ C:\WINDOWS\iis6.log
2013-11-07 22:44 - 2013-11-10 01:33 - 00001393 _____ C:\WINDOWS\imsins.log
2013-11-07 22:44 - 2013-11-10 01:33 - 00000811 _____ C:\WINDOWS\ocmsn.log
2013-11-07 22:44 - 2013-11-10 01:33 - 00000788 _____ C:\WINDOWS\msgsocm.log
2013-11-07 22:44 - 2013-11-07 22:44 - 00001917 _____ C:\WINDOWS\imsins.BAK
2013-11-07 19:54 - 2013-11-07 19:55 - 00000000 ____D C:\Documents and Settings\Master\Desktop\MassE
2013-11-07 16:23 - 2013-11-08 00:37 - 00000000 ____D C:\Documents and Settings\Master\My Documents\Electronic Arts
2013-11-07 16:23 - 2013-11-07 16:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Electronic Arts
2013-11-07 16:22 - 2013-11-07 16:22 - 00000790 _____ C:\Documents and Settings\All Users\Start Menu\Programs\EA Download Manager.lnk
2013-11-07 16:22 - 2008-09-04 15:11 - 00447752 ____R (On2.com) C:\WINDOWS\system32\vp6vfw.dll
2013-11-07 16:21 - 2013-11-07 16:21 - 00000000 ____D C:\Program Files\Microsoft WSE
2013-11-07 16:20 - 2013-11-08 01:37 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Electronic Arts
2013-11-07 10:19 - 2013-11-07 12:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-11-07 10:14 - 2013-11-07 10:14 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\rootkit
2013-11-07 10:10 - 2013-11-10 03:13 - 00047064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-11-07 10:08 - 2013-11-10 03:08 - 00000000 ____D C:\Documents and Settings\Master\Desktop\rootkit
2013-11-07 00:50 - 2013-11-07 00:51 - 00000000 ____D C:\Documents and Settings\Master\mods
2013-11-06 21:00 - 2013-11-10 12:18 - 00032228 _____ C:\WINDOWS\Wdf01005Inst.log
2013-11-06 21:00 - 2013-11-10 12:18 - 00026138 _____ C:\WINDOWS\setupact.log
2013-11-06 21:00 - 2013-11-06 21:00 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-06 18:32 - 2013-11-06 18:35 - 00000000 ____D C:\Documents and Settings\Master\Desktop\RK_Quarantine
2013-11-06 14:37 - 2013-11-06 15:01 - 00043263 _____ C:\Documents and Settings\Administrator\Desktop\dds.txt
2013-11-06 14:37 - 2013-11-06 14:56 - 00017869 _____ C:\Documents and Settings\Administrator\Desktop\attach.txt
2013-11-06 14:36 - 2013-11-06 14:36 - 00688992 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\dds.scr
2013-11-06 14:06 - 2013-11-06 14:06 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Help
2013-11-06 14:06 - 2013-11-06 14:06 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Help
2013-11-06 13:58 - 2013-11-10 04:23 - 00000000 ____D C:\WINDOWS\220FB0354744483A9A0B41DF77061583.TMP
2013-11-06 13:54 - 2013-11-10 12:18 - 00128777 _____ C:\WINDOWS\setupapi.log
2013-11-06 13:29 - 2013-11-06 13:29 - 00000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts-clean.txt
2013-11-06 13:24 - 2013-11-10 19:56 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-11-06 13:24 - 2013-11-10 19:56 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-06 13:24 - 2013-11-06 13:24 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2013-11-05 19:06 - 2013-11-10 01:32 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Wondershare
2013-11-05 19:06 - 2013-11-10 01:31 - 00000000 ____D C:\Program Files\Wondershare
2013-11-05 19:06 - 2013-11-05 21:53 - 00000000 ____D C:\Documents and Settings\Master\My Documents\Wondershare DVD Creator
2013-11-05 19:06 - 2013-11-05 19:06 - 00000843 _____ C:\Documents and Settings\Master\Desktop\Wondershare DVD Creator.lnk
2013-11-05 19:06 - 2013-11-05 19:06 - 00000000 ____D C:\Program Files\Common Files\Wondershare
2013-11-05 19:06 - 2013-11-05 19:06 - 00000000 ____D C:\Documents and Settings\Master\Local Settings\Application Data\Wondershare
2013-11-05 18:50 - 2013-11-05 18:50 - 00000000 ____D C:\Documents and Settings\Master\Local Settings\Application Data\Ahead
2013-11-05 18:16 - 2013-11-05 18:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB970430$
2013-11-05 18:16 - 2013-11-05 18:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2345886$
2013-11-05 16:20 - 2013-11-05 16:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB959426$
2013-11-05 16:20 - 2013-11-05 16:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB952954$
2013-11-05 16:20 - 2013-11-05 16:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB951376-v2$
2013-11-05 16:20 - 2013-11-05 16:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB946648$
2013-11-05 16:19 - 2013-11-05 16:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB960859$
2013-11-05 16:19 - 2013-11-05 16:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2712808$
2013-11-05 16:19 - 2013-11-05 16:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2479943$
2013-11-05 16:19 - 2013-11-05 16:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2387149$
2013-11-05 16:18 - 2013-11-05 16:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2758857$
2013-11-05 16:18 - 2013-11-05 16:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2659262$
2013-11-05 16:18 - 2013-11-05 16:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2564958$
2013-11-05 16:18 - 2013-11-05 16:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2478971$
2013-11-05 16:17 - 2013-11-05 16:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-11-05 16:17 - 2013-11-05 16:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2631813$
2013-11-05 16:17 - 2013-11-05 16:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2585542$
2013-11-05 16:17 - 2013-11-05 16:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2544893-v2$
2013-11-05 16:17 - 2013-11-05 16:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2536276-v2$
2013-11-05 16:16 - 2013-11-05 16:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2691442$
2013-11-05 16:16 - 2013-11-05 16:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2296011$
2013-11-05 16:16 - 2013-11-05 16:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2115168$
2013-11-05 16:15 - 2013-11-05 16:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB974318$
2013-11-05 16:15 - 2013-11-05 16:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB955759$
2013-11-05 16:15 - 2013-11-05 16:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB951978$
2013-11-05 16:15 - 2013-11-05 16:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-11-05 16:14 - 2013-11-05 16:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB969059$
2013-11-05 16:14 - 2013-11-05 16:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2802968$
2013-11-05 16:14 - 2013-11-05 16:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2655992$
2013-11-05 16:14 - 2013-11-05 16:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2443105$
2013-11-05 16:13 - 2013-11-05 16:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB975713$
2013-11-05 16:13 - 2013-11-05 16:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB950974$
2013-11-05 16:13 - 2013-11-05 16:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2598479$
2013-11-05 16:13 - 2013-11-05 16:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2485663$
2013-11-05 16:13 - 2013-11-05 16:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2481109$
2013-11-05 16:13 - 2013-11-05 16:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2229593$
2013-11-05 16:12 - 2013-11-05 16:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB982132$
2013-11-05 16:12 - 2013-11-05 16:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-11-05 16:12 - 2013-11-05 16:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2686509$
2013-11-05 16:12 - 2013-11-05 16:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2440591$
2013-11-05 16:11 - 2013-11-05 16:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB978338$
2013-11-05 16:11 - 2013-11-05 16:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB971657$
2013-11-05 16:11 - 2013-11-05 16:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB961118$
2013-11-05 16:10 - 2013-11-05 16:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2507938$
2013-11-05 16:10 - 2013-11-05 16:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB972270$
2013-11-05 16:10 - 2013-11-05 16:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-11-05 16:10 - 2013-11-05 16:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$
2013-11-05 16:10 - 2013-11-05 16:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2510581$
2013-11-05 16:09 - 2013-11-05 16:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB974112$
2013-11-05 16:09 - 2013-11-05 16:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB956572$
2013-11-05 16:09 - 2013-11-05 16:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-11-05 16:09 - 2013-11-05 16:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2347290$
2013-11-05 16:08 - 2013-11-05 16:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB979687$
2013-11-05 16:08 - 2013-11-05 16:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB973869$
2013-11-05 16:08 - 2013-11-05 16:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB956844$
2013-11-05 16:08 - 2013-11-05 16:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-11-05 16:08 - 2013-11-05 16:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2483185$
2013-11-05 16:07 - 2013-11-05 16:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB975025$
2013-11-05 16:07 - 2013-11-05 16:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB974571$
2013-11-05 16:07 - 2013-11-05 16:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB952004$
2013-11-05 16:07 - 2013-11-05 16:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2719985$
2013-11-05 16:06 - 2013-11-05 16:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB975560$
2013-11-05 16:06 - 2013-11-05 16:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB973507$
2013-11-05 16:06 - 2013-11-05 16:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2770660$
2013-11-05 16:06 - 2013-11-05 16:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2592799$
2013-11-05 16:05 - 2013-11-05 16:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB977816$
2013-11-05 16:05 - 2013-11-05 16:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-11-05 16:05 - 2013-11-05 16:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2535512$
2013-11-05 16:04 - 2013-11-05 16:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB950762$
2013-11-05 16:04 - 2013-11-05 16:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-11-05 16:04 - 2013-11-05 16:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$
2013-11-05 16:04 - 2013-11-05 16:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2570947$
2013-11-05 16:03 - 2013-11-05 16:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB952287$
2013-11-05 16:03 - 2013-11-05 16:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-11-05 16:03 - 2013-11-05 16:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$
2013-11-05 16:03 - 2013-11-05 16:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2603381$
2013-11-05 16:02 - 2013-11-05 16:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB973904$
2013-11-05 16:02 - 2013-11-05 16:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2757638$
2013-11-05 16:01 - 2013-11-05 16:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB974392$
2013-11-05 16:01 - 2013-11-05 16:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2749655$
2013-11-05 16:01 - 2013-11-05 16:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2653956$
2013-11-05 16:01 - 2013-11-05 16:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2508429$
2013-11-05 16:01 - 2013-11-05 16:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2419632$
2013-11-05 16:00 - 2013-11-05 16:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB971029$
2013-11-05 16:00 - 2013-11-05 16:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2879017$
2013-11-05 16:00 - 2013-11-05 16:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2506212$
2013-11-05 15:59 - 2013-11-05 15:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB977914$
2013-11-05 15:59 - 2013-11-05 15:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2698365$
2013-11-05 15:59 - 2013-11-05 15:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2619339$
2013-11-05 15:58 - 2013-11-05 15:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB979309$
2013-11-05 15:58 - 2013-11-05 15:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB978542$
2013-11-05 15:58 - 2013-11-05 15:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-11-05 15:58 - 2013-11-05 15:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2705219-v2$
2013-11-05 15:57 - 2013-11-05 15:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB981997$
2013-11-05 15:57 - 2013-11-05 15:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB979482$
2013-11-05 15:57 - 2013-11-05 15:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB978706$
2013-11-05 15:57 - 2013-11-05 15:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2727528$
2013-11-05 15:56 - 2013-11-05 15:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB973815$
2013-11-05 15:56 - 2013-11-05 15:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB960803$
2013-11-05 15:56 - 2013-11-05 15:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-11-05 15:56 - 2013-11-05 15:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2723135-v2$
2013-11-05 15:55 - 2013-11-05 15:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB956802$
2013-11-05 15:55 - 2013-11-05 15:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-11-05 15:55 - 2013-11-05 15:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$
2013-11-05 15:55 - 2013-11-05 15:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2661254-v2$
2013-11-05 15:54 - 2013-11-05 15:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB982665$
2013-11-05 15:54 - 2013-11-05 15:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2676562$
2013-11-05 15:54 - 2013-11-05 15:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2509553$
2013-11-05 15:54 - 2013-11-05 15:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2478960$
2013-11-05 15:53 - 2013-11-05 15:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2393802$
2013-11-05 15:52 - 2013-11-09 09:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2566454$
2013-11-05 15:52 - 2013-11-05 15:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB923561$
2013-11-05 15:52 - 2013-11-05 15:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2620712$
2013-11-05 15:51 - 2013-11-05 15:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB975467$
2013-11-05 15:51 - 2013-11-05 15:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB968389$
2013-11-05 15:51 - 2013-11-05 15:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2584146$
2013-11-05 15:50 - 2013-11-05 15:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2423089$
2013-11-05 02:42 - 2013-11-05 02:42 - 00000083 _____ C:\Documents and Settings\Master\SwissArmySYSVirus.txt
2013-11-05 00:53 - 2008-06-13 06:05 - 00272128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bthport.sys
2013-11-05 00:52 - 2010-09-18 01:53 - 00953856 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mfc40u.dll
2013-11-05 00:51 - 2011-07-15 08:29 - 00456320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mrxsmb.sys
2013-11-05 00:51 - 2010-08-23 11:12 - 00617472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\comctl32.dll
2013-11-05 00:51 - 2009-11-21 10:51 - 00471552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aclayers.dll
2013-11-05 00:50 - 2010-06-14 09:31 - 00744448 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\helpsvc.exe
2013-11-05 00:49 - 2013-07-02 21:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2013-11-05 00:49 - 2013-07-02 20:59 - 00014976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys
2013-11-05 00:49 - 2010-11-02 10:17 - 00040960 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ndproxy.sys
2013-11-05 00:48 - 2010-08-27 03:02 - 00119808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\t2embed.dll
2013-11-05 00:48 - 2009-10-15 11:28 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fontsub.dll
2013-11-05 00:48 - 2009-01-09 14:19 - 01089593 ____C C:\WINDOWS\system32\dllcache\ntprint.cat
2013-11-05 00:47 - 2009-06-21 16:44 - 00153088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\triedit.dll
2013-11-05 00:47 - 2009-03-06 09:22 - 00284160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pdh.dll
2013-11-05 00:47 - 2009-02-09 07:10 - 00617472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\advapi32.dll
2013-11-05 00:47 - 2009-02-09 07:10 - 00473600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fastprox.dll
2013-11-05 00:47 - 2009-02-09 07:10 - 00453120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wmiprvsd.dll
2013-11-05 00:47 - 2009-02-09 07:10 - 00401408 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rpcss.dll
2013-11-05 00:47 - 2009-02-06 06:11 - 00110592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\services.exe
2013-11-05 00:47 - 2009-02-06 05:10 - 00227840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wmiprvse.exe
2013-11-05 00:46 - 2009-07-27 17:27 - 00128512 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dhtmled.ocx
2013-11-05 00:45 - 2011-04-21 08:37 - 00105472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mup.sys
2013-11-05 00:45 - 2008-05-08 09:02 - 00203136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rmcast.sys
2013-11-05 00:44 - 2013-07-16 19:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2013-11-05 00:44 - 2013-07-16 19:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2013-11-05 00:44 - 2013-02-11 19:32 - 00012928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023x.sys
2013-11-05 00:44 - 2013-02-11 19:32 - 00012928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023.sys
2013-11-05 00:44 - 2008-05-01 09:33 - 00331776 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msadce.dll
2013-11-05 00:42 - 2012-05-28 13:16 - 00536576 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msado15.dll
2013-11-05 00:41 - 2012-07-04 09:05 - 00139784 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rdpwd.sys
2013-11-05 00:41 - 2010-06-18 08:36 - 03558912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\moviemk.exe
2013-11-05 00:40 - 2013-08-08 19:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2013-11-05 00:40 - 2013-08-08 19:55 - 00032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2013-11-05 00:40 - 2013-08-08 19:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2013-11-05 00:40 - 2009-03-18 06:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2013-11-05 00:39 - 2013-07-03 22:03 - 02149888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2013-11-05 00:39 - 2013-07-03 21:59 - 02193536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2013-11-05 00:39 - 2013-07-03 21:08 - 02070144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2013-11-05 00:39 - 2013-07-03 21:08 - 02028544 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2013-11-05 00:39 - 2010-12-09 10:15 - 00718336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntdll.dll
2013-11-05 00:39 - 2010-07-12 07:55 - 00218112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wordpad.exe
2013-11-05 00:39 - 2009-11-21 10:51 - 01206508 ____C C:\WINDOWS\system32\dllcache\sysmain.sdb
2013-11-05 00:38 - 2011-07-08 09:02 - 00010496 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ndistapi.sys
2013-11-05 00:37 - 2010-10-11 09:59 - 00045568 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wab.exe
2013-11-04 23:53 - 2013-11-04 23:53 - 00000612 _____ C:\Documents and Settings\Master\Desktop\ark.zip
2013-11-04 23:50 - 2013-11-07 16:55 - 00000000 ____D C:\Documents and Settings\Master\Desktop\ArkTxt
2013-11-04 22:58 - 2013-04-04 09:55 - 00377856 _____ C:\Documents and Settings\Master\Desktop\gmer.exe
2013-11-04 22:24 - 2013-11-02 19:29 - 00688992 ____R (Swearware) C:\Documents and Settings\Master\Desktop\dds.scr
2013-11-04 22:23 - 2013-11-04 22:23 - 00368554 _____ C:\Documents and Settings\Master\Desktop\gmer.zip
2013-11-04 21:15 - 2013-11-05 02:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PC HealthBoost
2013-11-04 21:13 - 2013-11-04 21:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PCHealthBoost
2013-11-04 19:31 - 2012-11-05 21:01 - 01371648 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msxml6.dll
2013-11-04 19:31 - 2008-04-14 05:40 - 00294912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msaud32.acm
2013-11-04 19:31 - 2008-04-14 05:40 - 00086016 ____C (Sipro Lab Telecom Inc.) C:\WINDOWS\system32\dllcache\sl_anet.acm
2013-11-04 19:31 - 2008-04-14 05:39 - 00290816 ____C (Fraunhofer Institut Integrierte Schaltungen IIS) C:\WINDOWS\system32\dllcache\l3codeca.acm
2013-11-04 19:31 - 2008-04-13 22:58 - 00184959 ____C C:\WINDOWS\system32\dllcache\compact.wmz
2013-11-04 19:31 - 2008-04-13 22:58 - 00066725 ____C C:\WINDOWS\system32\dllcache\revert.wmz
2013-11-04 19:31 - 2008-04-13 22:57 - 00079872 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msxml6r.dll
2013-11-04 19:31 - 2007-06-26 11:30 - 00572557 ____C C:\WINDOWS\system32\dllcache\rtuner.wmv
2013-11-04 19:31 - 2007-06-26 11:30 - 00457607 ____C C:\WINDOWS\system32\dllcache\mdlib.wmv
2013-11-04 19:31 - 2007-06-26 11:30 - 00381425 ____C C:\WINDOWS\system32\dllcache\copycd.wmv
2013-11-04 19:31 - 2007-06-26 11:30 - 00375519 ____C C:\WINDOWS\system32\dllcache\nuskin.wmv
2013-11-04 19:31 - 2007-06-26 11:30 - 00354468 ____C C:\WINDOWS\system32\dllcache\wmpaud1.wav
2013-11-04 19:31 - 2007-06-26 11:30 - 00343204 ____C C:\WINDOWS\system32\dllcache\wmpaud7.wav
2013-11-04 19:31 - 2007-06-26 11:30 - 00343204 ____C C:\WINDOWS\system32\dllcache\wmpaud6.wav
2013-11-04 19:31 - 2007-06-26 11:30 - 00300969 ____C C:\WINDOWS\system32\dllcache\viz.wmv
2013-11-04 19:31 - 2007-06-26 11:30 - 00172196 ____C C:\WINDOWS\system32\dllcache\wmpaud9.wav
2013-11-04 19:31 - 2007-06-26 11:30 - 00172196 ____C C:\WINDOWS\system32\dllcache\wmpaud8.wav
2013-11-04 19:31 - 2007-06-26 11:30 - 00172196 ____C C:\WINDOWS\system32\dllcache\wmpaud3.wav
2013-11-04 19:31 - 2007-06-26 11:30 - 00086196 ____C C:\WINDOWS\system32\dllcache\wmpaud5.wav
2013-11-04 19:31 - 2007-06-26 11:30 - 00086180 ____C C:\WINDOWS\system32\dllcache\wmpaud4.wav
2013-11-04 19:31 - 2007-06-26 11:30 - 00086180 ____C C:\WINDOWS\system32\dllcache\wmpaud2.wav
2013-11-04 19:31 - 2007-06-26 11:30 - 00022060 ____C C:\WINDOWS\system32\dllcache\npds.zip
2013-11-04 19:31 - 2007-06-26 11:30 - 00010457 ____C C:\WINDOWS\system32\dllcache\wmptour.hta
2013-11-04 19:31 - 2007-06-26 11:30 - 00009585 ____C C:\WINDOWS\system32\dllcache\controls.css
2013-11-04 19:31 - 2007-06-26 11:30 - 00008298 ____C C:\WINDOWS\system32\dllcache\contents.htm
2013-11-04 19:31 - 2007-06-26 11:30 - 00006878 ____C C:\WINDOWS\system32\dllcache\controls.js
2013-11-04 19:31 - 2007-06-26 11:30 - 00005971 ____C C:\WINDOWS\system32\dllcache\events.js
2013-11-04 19:31 - 2007-06-26 11:30 - 00003187 ____C C:\WINDOWS\system32\dllcache\tour.js
2013-11-04 19:31 - 2007-06-26 11:30 - 00001771 ____C C:\WINDOWS\system32\dllcache\wmptour.css
2013-11-04 19:31 - 2007-06-26 11:30 - 00001148 ____C C:\WINDOWS\system32\dllcache\snd.htm
2013-11-04 19:31 - 2007-06-26 11:30 - 00000420 ____C C:\WINDOWS\system32\dllcache\wmploc.js
2013-11-04 19:31 - 2007-06-26 11:29 - 00097117 ____C C:\WINDOWS\system32\dllcache\mplayer2.hlp
2013-11-04 19:31 - 2007-06-26 11:29 - 00001885 ____C C:\WINDOWS\system32\dllcache\mplayer2.cnt
2013-11-04 19:31 - 2007-06-26 11:28 - 00613334 ____C C:\WINDOWS\system32\dllcache\wmplayer.chm
2013-11-04 19:31 - 2007-06-26 11:28 - 00067374 ____C C:\WINDOWS\system32\dllcache\wmplayer.adm
2013-11-04 19:31 - 2007-06-26 11:26 - 00077307 ____C C:\WINDOWS\system32\dllcache\plyr_err.chm
2013-11-04 19:31 - 2007-06-26 11:26 - 00001477 ____C C:\WINDOWS\system32\dllcache\plylst6.wpl
2013-11-04 19:31 - 2007-06-26 11:26 - 00001477 ____C C:\WINDOWS\system32\dllcache\plylst5.wpl
2013-11-04 19:31 - 2007-06-26 11:26 - 00001474 ____C C:\WINDOWS\system32\dllcache\plylst3.wpl
2013-11-04 19:31 - 2007-06-26 11:26 - 00001451 ____C C:\WINDOWS\system32\dllcache\plylst12.wpl
2013-11-04 19:31 - 2007-06-26 11:26 - 00001448 ____C C:\WINDOWS\system32\dllcache\plylst4.wpl
2013-11-04 19:31 - 2007-06-26 11:26 - 00001250 ____C C:\WINDOWS\system32\dllcache\plylst1.wpl
2013-11-04 19:31 - 2007-06-26 11:26 - 00001049 ____C C:\WINDOWS\system32\dllcache\plylst2.wpl
2013-11-04 19:31 - 2007-06-26 11:26 - 00001046 ____C C:\WINDOWS\system32\dllcache\plylst7.wpl
2013-11-04 19:31 - 2007-06-26 11:26 - 00001036 ____C C:\WINDOWS\system32\dllcache\plylst8.wpl
2013-11-04 19:31 - 2007-06-26 11:26 - 00000789 ____C C:\WINDOWS\system32\dllcache\plylst11.wpl
2013-11-04 19:31 - 2007-06-26 11:26 - 00000787 ____C C:\WINDOWS\system32\dllcache\plylst10.wpl
2013-11-04 19:31 - 2007-06-26 11:26 - 00000784 ____C C:\WINDOWS\system32\dllcache\plylst9.wpl
2013-11-04 19:31 - 2007-06-26 11:26 - 00000783 ____C C:\WINDOWS\system32\dllcache\plylst13.wpl
2013-11-04 19:31 - 2007-06-26 11:26 - 00000775 ____C C:\WINDOWS\system32\dllcache\plylst14.wpl
2013-11-04 19:31 - 2007-06-26 11:26 - 00000733 ____C C:\WINDOWS\system32\dllcache\plylst15.wpl
2013-11-04 19:31 - 2007-06-26 11:26 - 00000403 ____C C:\WINDOWS\system32\dllcache\npdrmv2.zip
2013-11-04 19:31 - 2007-04-02 23:21 - 00023195 ____C C:\WINDOWS\system32\dllcache\wmplay.chm
2013-11-04 19:27 - 2008-04-14 05:42 - 00294912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dlimport.exe
2013-11-04 19:04 - 2013-11-04 19:16 - 00000000 __HDC C:\WINDOWS\$NtServicePackUninstall$
2013-11-04 14:55 - 2013-11-04 15:29 - 00003790 _____ C:\Documents and Settings\Master\Desktop\avgrep2.txt
2013-11-04 13:37 - 2013-11-04 13:37 - 05143677 ____R (Swearware) C:\Documents and Settings\Master\Desktop\ComboFix.exe
2013-11-04 13:09 - 2013-11-04 13:10 - 00003101 _____ C:\sh4_service.log
2013-11-04 13:08 - 2013-11-04 13:06 - 00004090 _____ C:\Documents and Settings\Master\avgrep.txt
2013-11-04 11:41 - 2013-11-04 11:41 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\New Folder (2)
2013-11-04 10:15 - 2013-11-04 13:33 - 00000000 ____D C:\WINDOWS\Minidump
2013-11-04 07:14 - 2013-11-04 07:14 - 00000166 _____ C:\spyhunter.log
2013-11-04 03:34 - 2013-11-04 03:40 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
2013-11-04 03:26 - 2013-11-10 12:18 - 00032628 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-04 03:25 - 2013-11-10 19:54 - 01985137 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-04 02:28 - 2013-11-04 02:29 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014
2013-11-04 02:28 - 2013-11-04 02:28 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\AVG2014
2013-11-04 01:45 - 2013-11-04 01:45 - 00000217 _____ C:\Documents and Settings\Master\Desktop\Windows Firewall.lnk
2013-11-04 00:40 - 2013-11-04 00:40 - 00000930 _____ C:\Documents and Settings\All Users\Desktop\RegHunter.lnk
2013-11-04 00:40 - 2013-11-04 00:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\RegHunter
2013-11-03 22:32 - 2013-11-03 22:32 - 00000000 ____D C:\Documents and Settings\Master\Application Data\AVG2014
2013-11-03 22:27 - 2013-11-03 22:27 - 00000702 _____ C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2013-11-03 22:25 - 2013-11-03 22:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2014
2013-11-03 22:03 - 2008-04-14 05:41 - 00571392 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tintlgnt.ime
2013-11-03 22:03 - 2008-04-14 05:41 - 00010240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tmigrate.dll
2013-11-03 22:03 - 2004-08-04 07:00 - 00455168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tintsetp.exe
2013-11-03 22:03 - 2004-08-04 07:00 - 00048256 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\w32.dll
2013-11-03 22:03 - 2004-08-04 07:00 - 00044032 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tintlphr.exe
2013-11-03 22:03 - 2004-08-04 07:00 - 00041600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\weitekp9.dll
2013-11-03 22:03 - 2004-08-04 07:00 - 00031232 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\weitekp9.sys
2013-11-03 22:03 - 2004-08-04 07:00 - 00021896 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tdipx.sys
2013-11-03 22:03 - 2004-08-04 07:00 - 00019464 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tdspx.sys
2013-11-03 22:03 - 2004-08-04 07:00 - 00014336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tsprof.exe
2013-11-03 22:03 - 2004-08-04 07:00 - 00013192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tdasync.sys
2013-11-03 22:02 - 2008-04-14 05:41 - 00482304 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pintlgnt.ime
2013-11-03 22:02 - 2008-04-14 05:40 - 00067584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pmigrate.dll
2013-11-03 22:02 - 2008-04-13 22:13 - 00070144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pintlphr.exe
2013-11-03 22:02 - 2004-08-04 07:00 - 00131584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pmxviceo.dll
2013-11-03 22:02 - 2004-08-04 07:00 - 00101376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\srusbusd.dll
2013-11-03 22:02 - 2004-08-04 07:00 - 00092416 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mga.sys
2013-11-03 22:02 - 2004-08-04 07:00 - 00092032 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mga.dll
2013-11-03 22:02 - 2004-08-04 07:00 - 00079872 ____C (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rwia330.dll
2013-11-03 22:02 - 2004-08-04 07:00 - 00079872 ____C (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rwia001.dll
2013-11-03 22:02 - 2004-08-04 07:00 - 00038912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm9aw.dll
2013-11-03 22:02 - 2004-08-04 07:00 - 00031744 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smb6w.dll
2013-11-03 22:02 - 2004-08-04 07:00 - 00031744 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sma3w.dll
2013-11-03 22:02 - 2004-08-04 07:00 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm87w.dll
2013-11-03 22:02 - 2004-08-04 07:00 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm81w.dll
2013-11-03 22:02 - 2004-08-04 07:00 - 00029184 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm8cw.dll
2013-11-03 22:02 - 2004-08-04 07:00 - 00026624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm93w.dll
2013-11-03 22:02 - 2004-08-04 07:00 - 00026624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm92w.dll
2013-11-03 22:02 - 2004-08-04 07:00 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm90w.dll
2013-11-03 22:02 - 2004-08-04 07:00 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm8dw.dll
2013-11-03 22:02 - 2004-08-04 07:00 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm8aw.dll
2013-11-03 22:02 - 2004-08-04 07:00 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm89w.dll
2013-11-03 22:02 - 2004-08-04 07:00 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm59w.dll
2013-11-03 22:02 - 2004-08-04 07:00 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\simptcp.dll
2013-11-03 22:02 - 2004-08-04 07:00 - 00016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\quser.exe
2013-11-03 22:02 - 2004-08-04 07:00 - 00015872 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smierrsm.dll
2013-11-03 22:02 - 2004-08-04 07:00 - 00014848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\register.exe
2013-11-03 22:02 - 2004-08-04 07:00 - 00011264 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pmxmcro.dll
2013-11-03 22:02 - 2004-08-04 07:00 - 00010240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\snmpstup.dll
2013-11-03 22:02 - 2004-08-04 07:00 - 00009728 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\query.exe
2013-11-03 22:02 - 2004-08-04 07:00 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pmxgl.dll
2013-11-03 22:02 - 2004-08-04 07:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smimsgif.dll
2013-11-03 22:02 - 2004-08-04 07:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smierrsy.dll
2013-11-03 22:02 - 2001-08-17 22:36 - 00065536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_mailmsg.dll
2013-11-03 22:02 - 2001-08-17 22:36 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_scripto.dll
2013-11-03 22:02 - 2001-08-17 22:36 - 00038912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll
2013-11-03 22:02 - 2001-08-17 22:36 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_seos.dll
2013-11-03 22:02 - 2001-08-17 22:36 - 00023040 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe
2013-11-03 22:02 - 2001-08-17 22:36 - 00012288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_smtpctrs.dll
2013-11-03 22:02 - 2001-08-17 22:36 - 00007168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_snprfdll.dll
2013-11-03 22:01 - 2008-04-14 05:41 - 00021504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cintlgnt.ime
2013-11-03 22:01 - 2008-04-14 05:39 - 00198656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cintime.dll
2013-11-03 22:01 - 2008-04-14 05:39 - 00173568 ____C C:\WINDOWS\system32\dllcache\chtskf.dll
2013-11-03 22:01 - 2008-04-14 05:39 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chtmbx.dll
2013-11-03 22:01 - 2008-04-14 05:39 - 00056320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chtskdic.dll
2013-11-03 22:01 - 2004-08-04 07:00 - 10096640 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hwxcht.dll
2013-11-03 22:01 - 2004-08-04 07:00 - 00480256 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cintsetp.exe
2013-11-03 22:01 - 2004-08-04 07:00 - 00187938 ____C C:\WINDOWS\system32\dllcache\c_20005.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00186402 ____C C:\WINDOWS\system32\dllcache\c_20001.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00185378 ____C C:\WINDOWS\system32\dllcache\c_20003.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00180258 ____C C:\WINDOWS\system32\dllcache\c_20004.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00173602 ____C C:\WINDOWS\system32\dllcache\c_20002.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00132608 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxsclntr.dll
2013-11-03 22:01 - 2004-08-04 07:00 - 00111104 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxscfgwz.dll
2013-11-03 22:01 - 2004-08-04 07:00 - 00066594 ____C C:\WINDOWS\system32\dllcache\c_858.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_870.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_21025.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_20924.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_20880.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_20871.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_20838.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_20833.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_20424.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_20423.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_20420.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_20297.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_20285.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_20284.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_20280.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_20278.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_20277.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_20273.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_20269.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_20108.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_20107.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_20106.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_20105.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_1149.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_1148.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_1147.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_1146.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_1145.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_1144.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_1143.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_1142.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_1141.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_1140.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00066082 ____C C:\WINDOWS\system32\dllcache\c_1047.nls
2013-11-03 22:01 - 2004-08-04 07:00 - 00059392 ____C C:\WINDOWS\system32\dllcache\imscinst.exe
2013-11-03 22:01 - 2004-08-04 07:00 - 00057856 ____C (SEIKO EPSON CORP.) C:\WINDOWS\system32\dllcache\esuimgd.dll
2013-11-03 22:01 - 2004-08-04 07:00 - 00054528 ____C (Philips Semiconductors GmbH) C:\WINDOWS\system32\dllcache\cap7146.sys
2013-11-03 22:01 - 2004-08-04 07:00 - 00045056 ____C (SEIKO EPSON CORP.) C:\WINDOWS\system32\dllcache\esunid.dll
2013-11-03 22:01 - 2004-08-04 07:00 - 00031744 ____C (SEIKO EPSON CORP.) C:\WINDOWS\system32\dllcache\esucmd.dll
2013-11-03 22:01 - 2004-08-04 07:00 - 00031744 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxsroute.dll
2013-11-03 22:01 - 2004-08-04 07:00 - 00025856 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\et4000.sys
2013-11-03 22:01 - 2004-08-04 07:00 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cprofile.exe
2013-11-03 22:01 - 2004-08-04 07:00 - 00018432 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jupiw.dll
2013-11-03 22:01 - 2004-08-04 07:00 - 00015872 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chgport.exe
2013-11-03 22:01 - 2004-08-04 07:00 - 00014848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\flattemp.exe
2013-11-03 22:01 - 2004-08-04 07:00 - 00014336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chgusr.exe
2013-11-03 22:01 - 2004-08-04 07:00 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chglogon.exe
2013-11-03 22:01 - 2004-08-04 07:00 - 00011264 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxssend.exe
2013-11-03 22:01 - 2004-08-04 07:00 - 00009728 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\change.exe
2013-11-03 22:01 - 2001-08-17 22:36 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_fcachdll.dll
2013-11-03 22:00 - 2001-08-17 22:36 - 00045056 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_aqadmin.dll
2013-11-03 22:00 - 2001-08-17 22:36 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_adsiisex.dll
2013-11-03 21:58 - 2013-11-03 21:58 - 00000749 ___RH C:\WINDOWS\WindowsShell.Manifest
2013-11-03 21:58 - 2013-11-03 21:58 - 00000749 ___RH C:\WINDOWS\system32\wuaucpl.cpl.manifest
2013-11-03 21:58 - 2013-11-03 21:58 - 00000749 ___RH C:\WINDOWS\system32\sapi.cpl.manifest
2013-11-03 21:58 - 2013-11-03 21:58 - 00000749 ___RH C:\WINDOWS\system32\ncpa.cpl.manifest
2013-11-03 21:58 - 2013-11-03 21:58 - 00000488 ___RH C:\WINDOWS\system32\logonui.exe.manifest
2013-11-03 21:57 - 2004-08-04 07:00 - 00016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\isignup.exe
2013-11-03 21:54 - 2013-11-03 22:00 - 00000792 _____ C:\Documents and Settings\Default User\Start Menu\Programs\Windows Media Player.lnk
2013-11-03 21:15 - 2004-08-04 07:00 - 01042903 ____C C:\WINDOWS\system32\dllcache\SP2.CAT
2013-11-03 21:15 - 2004-08-04 07:00 - 00797189 ____C C:\WINDOWS\system32\dllcache\NT5IIS.CAT
2013-11-03 21:15 - 2004-08-04 07:00 - 00399645 ____C C:\WINDOWS\system32\dllcache\MAPIMIG.CAT
2013-11-03 21:15 - 2004-08-04 07:00 - 00037484 ____C C:\WINDOWS\system32\dllcache\MW770.CAT
2013-11-03 21:15 - 2004-08-04 07:00 - 00024661 ____C (Perle Systems Ltd.) C:\WINDOWS\system32\dllcache\spxcoins.dll
2013-11-03 21:15 - 2004-08-04 07:00 - 00024661 _____ (Perle Systems Ltd.) C:\WINDOWS\system32\spxcoins.dll
2013-11-03 21:15 - 2004-08-04 07:00 - 00013472 ____C C:\WINDOWS\system32\dllcache\HPCRDP.CAT
2013-11-03 21:15 - 2004-08-04 07:00 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irclass.dll
2013-11-03 21:15 - 2004-08-04 07:00 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\irclass.dll
2013-11-03 21:15 - 2004-08-04 07:00 - 00008574 ____C C:\WINDOWS\system32\dllcache\IASNT4.CAT
2013-11-03 21:15 - 2004-08-04 07:00 - 00007382 ____C C:\WINDOWS\system32\dllcache\OEMBIOS.CAT
2013-11-03 15:38 - 2013-11-03 15:38 - 00000000 ____D C:\Documents and Settings\Master\Application Data\Ahead
2013-11-03 15:36 - 2013-11-10 01:15 - 00000116 _____ C:\WINDOWS\NeroDigital.ini
2013-11-03 15:34 - 2013-11-05 18:51 - 00000109 _____ C:\Documents and Settings\Master\default.pls
2013-11-03 15:14 - 2013-11-03 15:14 - 00002476 _____ C:\Documents and Settings\Master\About Satanists.txt
2013-11-03 13:38 - 2013-11-03 13:38 - 00001804 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
2013-11-03 13:38 - 2013-11-03 13:38 - 00001729 _____ C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
2013-11-03 13:37 - 2013-11-03 13:38 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-03 13:37 - 2013-11-03 13:37 - 00000000 ____D C:\Program Files\Adobe
2013-11-03 13:36 - 2013-11-03 13:36 - 00000000 ____D C:\Fraps
2013-11-03 13:36 - 2013-11-03 13:36 - 00000000 ____D C:\Documents and Settings\Master\Start Menu\Programs\Fraps
2013-11-03 13:35 - 2013-11-03 13:35 - 00000749 _____ C:\Documents and Settings\Master\Desktop\EVGA Precision.lnk
2013-11-03 13:35 - 2013-11-03 13:35 - 00000000 ____D C:\Program Files\EVGA Precision
2013-11-03 13:35 - 2013-11-03 13:35 - 00000000 ____D C:\Documents and Settings\Master\Start Menu\Programs\EVGA Precision
2013-11-03 12:37 - 2004-10-14 11:49 - 00052527 _____ C:\WINDOWS\UNNMP.cfg
2013-11-03 12:37 - 2004-06-23 12:26 - 01994752 _____ (Ahead Software AG) C:\WINDOWS\UNNMP.exe
2013-11-03 12:34 - 2001-07-09 11:50 - 00155648 _____ (Ahead Software Gmbh) C:\WINDOWS\system32\NeroCheck.exe
2013-11-03 12:33 - 2013-11-03 12:37 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Nero
2013-11-03 12:32 - 2013-11-03 12:32 - 00000000 ____D C:\Program Files\Common Files\Ahead
2013-11-03 12:32 - 2013-11-03 12:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Ahead
2013-11-03 12:32 - 2004-10-14 11:49 - 00133211 _____ C:\WINDOWS\UNNeroVision.cfg
2013-11-03 12:32 - 2004-10-11 02:23 - 02277376 _____ (Ahead Software AG) C:\WINDOWS\UNNeroVision.exe
2013-11-03 12:32 - 2004-07-20 17:24 - 01568768 _____ (Pegasus Imaging Corp.) C:\WINDOWS\system32\ImagX7.dll
2013-11-03 12:32 - 2004-07-20 17:24 - 00476320 _____ (Pegasus Imaging Corp.) C:\WINDOWS\system32\ImagXpr7.dll
2013-11-03 12:32 - 2004-07-20 17:24 - 00471040 _____ (Pegasus Imaging Corp.) C:\WINDOWS\system32\ImagXRA7.dll
2013-11-03 12:32 - 2004-07-20 17:24 - 00262144 _____ (Pegasus Imaging Corp.) C:\WINDOWS\system32\ImagXR7.dll
2013-11-03 12:32 - 2004-07-09 09:43 - 00364544 _____ (Pegasus Imaging Corp.) C:\WINDOWS\system32\TwnLib4.dll
2013-11-03 12:32 - 2001-06-26 08:15 - 00038912 _____ (Pegasus Imaging Corp.) C:\WINDOWS\system32\picn20.dll
2013-11-03 12:32 - 2001-03-08 19:30 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3a.dll
2013-11-03 12:32 - 2000-06-26 11:45 - 00106496 _____ (Pegasus Software) C:\WINDOWS\system32\TwnLib20.dll
2013-11-03 12:31 - 2013-11-03 12:36 - 00000000 ____D C:\Program Files\Ahead
2013-11-03 03:57 - 2013-11-03 03:57 - 00002416 _____ C:\Documents and Settings\Administrator\My Documents\cc_20131103_035707.reg
2013-11-02 22:31 - 2013-11-02 22:31 - 00000000 ____D C:\Documents and Settings\UpdatusUser\Local Settings\Application Data\NVIDIA
2013-11-02 19:01 - 2013-11-02 19:01 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2013-11-02 19:01 - 2013-11-02 19:01 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2013-11-02 18:53 - 2013-11-02 18:53 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
2013-11-02 18:46 - 2013-11-02 18:36 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Documents and Settings\Administrator\Desktop\SpyHunter-Installer.exe
2013-11-02 18:23 - 2004-06-14 13:56 - 00427864 _____ (Xceed Software Inc        (450) 442-2626        support@xceedsoft.com        www.xceedsoft.com) C:\WINDOWS\system32\XceedZip.dll
2013-11-02 17:01 - 2013-11-02 17:01 - 00000000 _____ C:\Documents and Settings\Master\mm_backup.cfg
2013-11-02 16:24 - 2013-11-03 14:05 - 00000000 ____D C:\Documents and Settings\Master\Desktop\NewDriver
2013-11-02 16:18 - 2013-11-04 00:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Driver Genius2
2013-11-02 16:18 - 2013-11-02 16:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DriverGenius
2013-11-02 15:27 - 2013-11-02 15:27 - 00000251 _____ C:\Documents and Settings\Master\My Documents\ProjectGetty.ebp
2013-11-02 13:31 - 2013-11-02 13:31 - 00000817 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Express Burn.lnk
2013-11-02 13:31 - 2013-11-02 13:31 - 00000000 ____D C:\Documents and Settings\Master\Start Menu\Programs\NCH Software Suite
2013-11-02 08:24 - 2013-11-02 08:24 - 00000630 _____ C:\Documents and Settings\All Users\Start Menu\Rhapsody.lnk
2013-11-02 08:24 - 2013-11-02 08:24 - 00000630 _____ C:\Documents and Settings\All Users\Desktop\Rhapsody.lnk
2013-11-02 08:24 - 2013-11-02 08:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Rhapsody
2013-11-02 08:23 - 2013-11-02 08:31 - 00000000 ____D C:\Program Files\Rhapsody
2013-11-02 08:04 - 2013-11-10 00:19 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-11-02 08:04 - 2013-11-10 00:19 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-11-01 22:57 - 2013-11-10 19:42 - 00000302 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1960408961-2000478354-839522115-1004.job
2013-11-01 22:57 - 2013-11-05 18:19 - 00000310 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1960408961-2000478354-839522115-1004.job
2013-11-01 22:57 - 2013-11-01 22:57 - 00000328 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1960408961-2000478354-839522115-1004.job
2013-11-01 22:44 - 2013-11-02 00:46 - 00000803 _____ C:\Documents and Settings\Master\Start Menu\Programs\Internet Explorer.lnk
2013-11-01 17:35 - 2013-11-01 17:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2013-10-29 10:25 - 2013-10-29 10:25 - 00000056 _____ C:\Documents and Settings\Master\MQOTemplates.txt
2013-10-29 09:55 - 2013-10-29 09:55 - 00003931 _____ C:\Documents and Settings\Master\copyOPtionsinSB3.txt
2013-10-29 09:51 - 2013-10-29 09:51 - 00008746 _____ C:\Documents and Settings\Master\TransparencyInfo.txt
2013-10-29 08:23 - 2013-11-02 08:24 - 00000000 ____D C:\Documents and Settings\Master\Application Data\Real
2013-10-29 08:23 - 2013-10-30 15:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Real
2013-10-29 00:17 - 2013-10-29 00:17 - 00088761 _____ C:\Documents and Settings\Master\Desktop\Sofia Design.xcf
2013-10-28 16:25 - 2013-11-02 16:05 - 00000000 ____D C:\Documents and Settings\Master\Desktop\CPU Thermometer
2013-10-28 02:15 - 2013-10-28 02:15 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Windows Search
2013-10-28 02:14 - 2013-11-06 14:36 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\New Folder
2013-10-28 00:34 - 2013-10-28 00:34 - 00000464 _____ C:\Documents and Settings\Master\help2.txt
2013-10-27 17:59 - 2013-10-27 17:59 - 00000471 _____ C:\Documents and Settings\Master\help.txt
2013-10-26 20:25 - 2013-11-09 13:21 - 00000282 _____ C:\WINDOWS\Tasks\DLL-Files.Com Fixer_Updates.job
2013-10-26 20:25 - 2013-10-30 12:21 - 00000266 _____ C:\WINDOWS\Tasks\DLL-Files.Com Fixer_MONTHLY.job
2013-10-26 20:25 - 2013-10-26 20:25 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_40.dll
2013-10-26 20:25 - 2013-10-26 20:25 - 00000000 ____D C:\Program Files\Dll-Files.com Fixer
2013-10-26 20:25 - 2013-10-26 20:25 - 00000000 ____D C:\Documents and Settings\Master\Application Data\dll-files.com
2013-10-26 20:25 - 2013-10-26 20:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Dll-Files Fixer
2013-10-26 20:20 - 2013-10-26 20:20 - 00000000 ____D C:\Documents and Settings\Master\Application Data\Windows Search
2013-10-26 19:25 - 2013-11-10 12:18 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2013-10-26 19:25 - 2013-11-10 12:18 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2013-10-26 19:25 - 2013-10-26 19:25 - 00000000 ____D C:\WINDOWS\system32\winrm
2013-10-26 19:25 - 2013-10-26 19:25 - 00000000 ____D C:\WINDOWS\system32\WindowsPowerShell
2013-10-26 19:24 - 2013-10-26 19:25 - 00000000 __HDC C:\WINDOWS\$968930Uinstall_KB968930$
2013-10-26 19:24 - 2013-10-26 19:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallbasecsp$
2013-10-26 19:24 - 2013-10-26 19:24 - 00000000 ____D C:\WINDOWS\$NtUninstallKB968930$
2013-10-26 19:24 - 2013-10-26 19:24 - 00000000 ____D C:\Documents and Settings\Master\Application Data\Windows Desktop Search
2013-10-26 19:23 - 2013-10-27 13:07 - 00000000 ____D C:\Program Files\Windows Desktop Search
2013-10-26 19:23 - 2013-10-26 19:23 - 00001803 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
2013-10-26 19:23 - 2013-10-26 19:23 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2013-10-26 13:01 - 2013-10-26 13:01 - 00000000 ____D C:\WINDOWS\RegisteredPackages
2013-10-26 13:00 - 2008-04-14 05:42 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\kswdmcap.ax
2013-10-26 13:00 - 2008-04-14 05:42 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\kstvtune.ax
2013-10-26 13:00 - 2008-04-14 05:42 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksxbar.ax
2013-10-26 13:00 - 2008-04-14 00:16 - 00085248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nabtsfec.sys
2013-10-26 13:00 - 2008-04-14 00:16 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msdv.sys
2013-10-26 13:00 - 2008-04-14 00:16 - 00019200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wstcodec.sys
2013-10-26 13:00 - 2008-04-14 00:16 - 00017024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ccdecode.sys
2013-10-26 13:00 - 2008-04-14 00:09 - 00005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mstee.sys
2013-10-26 12:59 - 2013-10-26 13:00 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2013-10-26 12:32 - 2013-10-27 18:58 - 00000000 ____D C:\Documents and Settings\Master\Local Settings\Application Data\SB3Utility
2013-10-26 02:01 - 2013-10-27 00:30 - 00000000 ____D C:\New Folder
2013-10-25 18:39 - 2013-10-27 12:20 - 00000000 ____D C:\Documents and Settings\Master\Desktop\New Folder
2013-10-24 21:39 - 2013-10-24 21:39 - 00006232 _____ C:\Documents and Settings\Master\IllusionWizardUse.txt
2013-10-24 14:41 - 2013-10-24 14:41 - 00003785 _____ C:\Documents and Settings\Master\ModdingInfo.txt
2013-10-23 23:49 - 2013-11-10 01:17 - 00054156 ____H C:\WINDOWS\QTFont.qfn
2013-10-23 23:49 - 2013-10-23 23:49 - 00001409 _____ C:\WINDOWS\QTFont.for
2013-10-23 23:42 - 2013-10-23 23:42 - 00000000 ___HD C:\Documents and Settings\All Users\Start Menu\Programs\DVD Shrink
2013-10-23 23:42 - 2013-10-23 23:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DVD Shrink
2013-10-23 23:41 - 2013-10-23 23:42 - 00000000 ____D C:\Program Files\DVD Shrink
2013-10-23 16:56 - 2013-11-04 02:34 - 00040616 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-23 16:56 - 2013-10-23 16:56 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Disabled Startup
2013-10-23 15:48 - 2013-10-23 15:48 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\WinRAR
2013-10-23 08:22 - 2013-11-04 13:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2013-10-22 10:11 - 2005-04-15 18:58 - 01071088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSCOMCTL.OCX
2013-10-22 10:11 - 1998-06-23 23:00 - 00203576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RICHTX32.OCX
2013-10-22 02:37 - 2013-10-22 02:37 - 00005602 _____ C:\Documents and Settings\Master\My Documents\cc_20131022_033722.reg
2013-10-22 01:21 - 2013-10-22 01:21 - 00000000 ____D C:\Program Files\7-Zip
2013-10-22 01:21 - 2013-10-22 01:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
2013-10-21 14:44 - 2013-10-21 14:44 - 00000000 __SHD C:\Documents and Settings\Master\IECompatCache
2013-10-21 03:07 - 2013-11-09 18:09 - 00000000 ____D C:\Documents and Settings\Master\Desktop\coolstuff
2013-10-19 12:16 - 2013-10-19 12:16 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-10-18 19:49 - 2013-10-18 19:49 - 00000000 ____D C:\Documents and Settings\Master\Local Settings\Application Data\KodakGallery
2013-10-18 19:48 - 2013-10-19 01:22 - 00002843 _____ C:\logfile

Link to post
Share on other sites

Second part of the first log.

 

 

 

928 ____R C:\Documents and Settings\All Users\Documents\ESBK.mbb
2013-10-18 19:48 - 2013-10-18 20:23 - 00340992 ____R C:\Documents and Settings\All Users\Documents\ESBK.mb
2013-10-18 19:34 - 2013-10-18 19:34 - 00000000 ____D C:\Program Files\Common Files\Kodak
2013-10-18 19:34 - 2008-04-14 04:42 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusd.dll
2013-10-18 19:34 - 2001-08-17 21:36 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusb.dll
2013-10-18 19:32 - 2013-10-18 19:35 - 00000000 ____D C:\Program Files\Kodak
2013-10-18 19:32 - 2013-10-18 19:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Kodak
2013-10-18 19:32 - 2013-10-18 19:32 - 00001817 _____ C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk
2013-10-18 19:29 - 2013-10-18 19:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Kodak
2013-10-17 22:38 - 2009-01-07 17:20 - 00016928 _____ (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2013-10-17 22:37 - 2013-10-17 22:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallwmp11$
2013-10-17 22:37 - 2013-10-17 22:37 - 00000000 ____D C:\Program Files\Windows Media Connect 2
2013-10-17 22:37 - 2008-04-14 04:42 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpns.dll
2013-10-17 22:36 - 2013-10-17 22:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallWMFDist11$
2013-10-17 22:36 - 2013-10-17 22:36 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2013-10-17 22:36 - 2013-10-17 22:36 - 00000000 ____D C:\656e718fed0ffcfdcb23ea6d0dac
2013-10-17 16:15 - 2013-10-18 23:34 - 00000000 ____D C:\Program Files\Metaseq31
2013-10-17 15:39 - 2013-10-17 15:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Metasequoia 4
2013-10-17 15:39 - 2010-05-26 10:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2013-10-17 15:39 - 2010-05-26 10:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2013-10-17 15:39 - 2010-05-26 10:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2013-10-17 15:39 - 2010-05-26 10:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2013-10-17 15:39 - 2010-05-26 10:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2013-10-17 15:38 - 2013-10-17 15:38 - 00000000 ____D C:\Program Files\tetraface
2013-10-17 15:15 - 2013-11-02 13:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\NCH Software
2013-10-17 15:14 - 2013-11-02 13:31 - 00000000 ____D C:\Program Files\NCH Software
2013-10-17 15:14 - 2013-10-17 15:14 - 00000823 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Pixillion Image Converter.lnk
2013-10-17 15:14 - 2013-10-17 15:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite
2013-10-17 01:00 - 2013-10-17 01:00 - 00000000 _____ C:\WINDOWS\ABC_mru.ini
2013-10-17 00:57 - 2013-10-17 00:57 - 00000000 ____D C:\Program Files\Advanced Batch Converter
2013-10-17 00:57 - 2013-10-17 00:57 - 00000000 ____D C:\Documents and Settings\Master\Start Menu\Programs\Advanced Batch Converter
2013-10-16 14:51 - 2013-10-16 14:51 - 00000376 _____ C:\WINDOWS\ODBC.INI
2013-10-16 14:50 - 2013-10-30 17:06 - 00002489 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2013-10-16 14:50 - 2013-10-16 14:50 - 00002046 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Outlook.lnk
2013-10-16 14:50 - 2013-10-16 14:50 - 00002030 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2013-10-16 14:50 - 2013-10-16 14:50 - 00002002 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint.lnk
2013-10-16 14:50 - 2013-10-16 14:50 - 00002002 _____ C:\Documents and Settings\All Users\Start Menu\Open Office Document.lnk
2013-10-16 14:50 - 2013-10-16 14:50 - 00001998 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft FrontPage.lnk
2013-10-16 14:50 - 2013-10-16 14:50 - 00001992 _____ C:\Documents and Settings\All Users\Start Menu\New Office Document.lnk
2013-10-16 14:50 - 2013-10-16 14:50 - 00001990 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Access.lnk
2013-10-16 14:50 - 2013-10-16 14:50 - 00000000 ____D C:\Program Files\Microsoft Visual Studio
2013-10-16 14:50 - 2013-10-16 14:50 - 00000000 ____D C:\Program Files\Microsoft ActiveSync
2013-10-16 14:50 - 2013-10-16 14:50 - 00000000 ____D C:\Program Files\Common Files\Designer
2013-10-16 14:50 - 2013-10-16 14:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
2013-10-16 14:48 - 2013-10-16 14:50 - 00000000 ___HD C:\WINDOWS\ShellNew
2013-10-16 14:48 - 2013-10-16 14:49 - 00000000 ____D C:\Program Files\Microsoft Office
2013-10-16 14:48 - 2013-10-16 14:48 - 00000000 ____D C:\Program Files\Common Files\L&H
2013-10-16 08:54 - 2013-10-16 08:54 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-16 08:54 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-16 08:54 - 2013-10-08 06:29 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-10-16 08:53 - 2013-10-16 08:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-10-16 08:53 - 2013-10-08 06:50 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-16 08:53 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-16 08:53 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-16 08:52 - 2013-10-16 08:53 - 00004705 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log
2013-10-16 08:47 - 2013-10-16 08:47 - 00000000 ____D C:\Documents and Settings\Master\Application Data\RealNetworks
2013-10-16 08:45 - 2013-10-16 08:45 - 00000000 ____D C:\Program Files\RealNetworks
2013-10-16 08:45 - 2013-10-16 08:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RealNetworks
2013-10-16 08:43 - 2013-10-16 08:43 - 00000000 ____D C:\Program Files\Common Files\xing shared
2013-10-15 08:50 - 2013-10-15 08:51 - 00020014 _____ C:\Documents and Settings\Master\My Documents\cc_20131015_095035.reg
2013-10-15 00:14 - 2013-10-15 00:14 - 00000730 _____ C:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk
2013-10-15 00:14 - 2013-10-15 00:14 - 00000000 ____D C:\Program Files\FileASSASSIN
2013-10-15 00:14 - 2013-10-15 00:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\FileASSASSIN
2013-10-14 23:41 - 2013-11-10 04:23 - 00000000 ____D C:\Documents and Settings\Master\Start Menu\Programs\SpyHunter
2013-10-14 23:40 - 2013-11-02 18:42 - 00000000 ____D C:\WINDOWS\865537E164904193A4B6669C62711852.TMP
2013-10-14 22:51 - 2013-10-14 22:51 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2013-10-14 22:51 - 2013-10-14 22:51 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Mozilla
2013-10-14 21:55 - 2013-10-14 21:55 - 00000000 ____D C:\Documents and Settings\Master\Desktop\RegSeeker
2013-10-14 21:54 - 2013-10-14 21:54 - 00002210 _____ C:\Documents and Settings\Master\My Documents\cc_20131014_225423.reg
2013-10-14 21:06 - 2013-10-24 21:41 - 00043520 _____ C:\WINDOWS\system32\CmdLineExt03.dll
2013-10-14 18:37 - 2013-11-03 16:20 - 00000000 ____D C:\Documents and Settings\Master\Desktop\PIRATESmods
2013-10-14 18:12 - 2013-10-14 18:12 - 00000000 ____D C:\Documents and Settings\Master\Application Data\Leadertech
2013-10-14 18:10 - 2013-10-14 18:10 - 00001920 _____ C:\Documents and Settings\All Users\Desktop\Sid Meier's Pirates!.lnk
2013-10-14 18:10 - 2013-10-14 18:10 - 00000000 ____D C:\Documents and Settings\Master\Start Menu\Programs\Firaxis Games
2013-10-14 18:10 - 2013-10-14 18:10 - 00000000 ____D C:\Documents and Settings\Master\My Documents\My Games
2013-10-14 14:38 - 2013-10-14 14:38 - 00002188 _____ C:\Documents and Settings\Master\My Documents\cc_20131014_153820.reg
2013-10-14 08:24 - 2013-11-10 19:52 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-10-14 02:13 - 2013-11-04 15:35 - 00000000 ____D C:\Documents and Settings\Master\Desktop\MWBCham
2013-10-13 23:11 - 2013-10-13 23:11 - 00000000 __SHD C:\Documents and Settings\NetworkService\PrivacIE
2013-10-13 23:11 - 2013-10-13 23:11 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\RealNetworks
2013-10-13 01:32 - 2013-10-13 01:32 - 00000000 ____D C:\Documents and Settings\Master\Local Settings\Application Data\Eraser 6
2013-10-12 22:17 - 2013-05-02 10:28 - 00238872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2013-10-12 22:14 - 2013-10-14 08:14 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2013-10-12 22:14 - 2013-10-14 08:14 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2013-10-12 22:13 - 2013-10-14 08:13 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-12 20:08 - 2013-10-12 20:09 - 00003734 _____ C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2013-10-12 08:36 - 2013-10-12 08:36 - 00000724 _____ C:\Documents and Settings\Master\Desktop\Shortcut to firefox.lnk
2013-10-11 22:00 - 2013-10-11 22:00 - 00000000 ____D C:\Documents and Settings\Master\Application Data\DDMSettings
2013-10-11 16:40 - 2013-11-04 13:06 - 00004090 _____ C:\Documents and Settings\Administrator\Desktop\avgrep.txt
2013-10-11 16:27 - 2013-10-11 16:27 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-10-11 14:31 - 2013-10-11 14:31 - 00013260 _____ C:\Documents and Settings\Master\My Documents\cc_20131011_153107.reg
2013-10-11 10:28 - 2013-10-11 10:39 - 00000000 ____D C:\Program Files\Google
2013-10-11 10:28 - 2013-10-11 10:30 - 00000000 ____D C:\Documents and Settings\Master\Local Settings\Application Data\Google
2013-10-11 01:18 - 2013-10-11 01:18 - 00021094 _____ C:\Documents and Settings\Master\My Documents\cc_20131011_021846.reg

==================== One Month Modified Files and Folders =======

2013-11-10 19:56 - 2013-11-06 13:24 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-11-10 19:56 - 2013-11-06 13:24 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-10 19:54 - 2013-11-04 03:25 - 01985137 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-10 19:52 - 2013-10-14 08:24 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-11-10 19:49 - 2013-07-18 13:27 - 00023222 _____ C:\WINDOWS\system32\nvAppTimestamps
2013-11-10 19:47 - 2013-07-18 08:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-11-10 19:47 - 2013-07-18 01:58 - 00000000 ____D C:\Documents and Settings\Master
2013-11-10 19:42 - 2013-11-01 22:57 - 00000302 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1960408961-2000478354-839522115-1004.job
2013-11-10 19:42 - 2013-07-30 07:14 - 00000280 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1960408961-2000478354-839522115-1004.job
2013-11-10 19:41 - 2013-07-18 01:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-10 19:41 - 2003-03-31 14:00 - 00013724 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-10 12:18 - 2013-11-06 21:00 - 00032228 _____ C:\WINDOWS\Wdf01005Inst.log
2013-11-10 12:18 - 2013-11-06 21:00 - 00026138 _____ C:\WINDOWS\setupact.log
2013-11-10 12:18 - 2013-11-06 13:54 - 00128777 _____ C:\WINDOWS\setupapi.log
2013-11-10 12:18 - 2013-11-04 03:26 - 00032628 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-10 12:18 - 2013-10-26 19:25 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2013-11-10 12:18 - 2013-10-26 19:25 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2013-11-10 12:18 - 2013-07-18 09:42 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt
2013-11-10 12:18 - 2013-07-18 03:13 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2013-11-10 12:17 - 2013-07-18 01:58 - 00000278 ___SH C:\Documents and Settings\Master\ntuser.ini
2013-11-10 12:14 - 2013-07-18 02:13 - 00000000 ___SD C:\Documents and Settings\Master\UserData
2013-11-10 12:11 - 2013-11-10 01:12 - 00000000 ____D C:\Documents and Settings\Master\Desktop\Meshes
2013-11-10 04:23 - 2013-11-10 04:23 - 00001975 _____ C:\Documents and Settings\Master\Desktop\SpyHunter.lnk
2013-11-10 04:23 - 2013-11-06 13:58 - 00000000 ____D C:\WINDOWS\220FB0354744483A9A0B41DF77061583.TMP
2013-11-10 04:23 - 2013-10-14 23:41 - 00000000 ____D C:\Documents and Settings\Master\Start Menu\Programs\SpyHunter
2013-11-10 03:13 - 2013-11-10 03:12 - 00000000 ____D C:\Documents and Settings\Master\Desktop\mbar
2013-11-10 03:13 - 2013-11-07 10:10 - 00047064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-11-10 03:09 - 2013-11-10 03:09 - 00001542 _____ C:\Documents and Settings\Master\Desktop\RKreport[0]_S_11102013_030905.txt
2013-11-10 03:08 - 2013-11-07 10:08 - 00000000 ____D C:\Documents and Settings\Master\Desktop\rootkit
2013-11-10 03:07 - 2013-11-10 03:07 - 00000914 _____ C:\Documents and Settings\Master\Desktop\RKreport[0]_S_11102013_030723.txt
2013-11-10 03:02 - 2013-11-10 01:31 - 00000000 ____D C:\Documents and Settings\Master\My Documents\Wondershare Video Editor
2013-11-10 01:33 - 2013-11-10 01:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB952011$
2013-11-10 01:33 - 2013-11-10 01:32 - 00006922 _____ C:\WINDOWS\KB952011.log
2013-11-10 01:33 - 2013-11-07 22:44 - 00012973 _____ C:\WINDOWS\FaxSetup.log
2013-11-10 01:33 - 2013-11-07 22:44 - 00008725 _____ C:\WINDOWS\ocgen.log
2013-11-10 01:33 - 2013-11-07 22:44 - 00006283 _____ C:\WINDOWS\tsoc.log
2013-11-10 01:33 - 2013-11-07 22:44 - 00004405 _____ C:\WINDOWS\comsetup.log
2013-11-10 01:33 - 2013-11-07 22:44 - 00002871 _____ C:\WINDOWS\ntdtcsetup.log
2013-11-10 01:33 - 2013-11-07 22:44 - 00001965 _____ C:\WINDOWS\iis6.log
2013-11-10 01:33 - 2013-11-07 22:44 - 00001393 _____ C:\WINDOWS\imsins.log
2013-11-10 01:33 - 2013-11-07 22:44 - 00000811 _____ C:\WINDOWS\ocmsn.log
2013-11-10 01:33 - 2013-11-07 22:44 - 00000788 _____ C:\WINDOWS\msgsocm.log
2013-11-10 01:32 - 2013-11-10 01:32 - 00000855 _____ C:\Documents and Settings\All Users\Desktop\Wondershare Video Editor.lnk
2013-11-10 01:32 - 2013-11-05 19:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Wondershare
2013-11-10 01:31 - 2013-11-05 19:06 - 00000000 ____D C:\Program Files\Wondershare
2013-11-10 01:27 - 2013-07-18 11:56 - 00033792 _____ C:\Documents and Settings\Master\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-10 01:18 - 2013-07-30 07:14 - 00000288 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1960408961-2000478354-839522115-1004.job
2013-11-10 01:17 - 2013-10-23 23:49 - 00054156 ____H C:\WINDOWS\QTFont.qfn
2013-11-10 01:15 - 2013-11-03 15:36 - 00000116 _____ C:\WINDOWS\NeroDigital.ini
2013-11-10 00:19 - 2013-11-02 08:04 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-11-10 00:19 - 2013-11-02 08:04 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-11-10 00:19 - 2013-10-10 22:11 - 00000000 ____D C:\Documents and Settings\Master\Local Settings\Application Data\Adobe
2013-11-09 18:09 - 2013-10-21 03:07 - 00000000 ____D C:\Documents and Settings\Master\Desktop\coolstuff
2013-11-09 15:59 - 2013-11-09 15:59 - 00000000 ____D C:\FRST
2013-11-09 15:16 - 2013-07-20 00:03 - 00000000 ____D C:\Documents and Settings\Master\Application Data\vlc
2013-11-09 14:05 - 2013-11-09 13:51 - 00000137 _____ C:\Documents and Settings\Master\Desktop\districtBreakdown.txt
2013-11-09 13:21 - 2013-10-26 20:25 - 00000282 _____ C:\WINDOWS\Tasks\DLL-Files.Com Fixer_Updates.job
2013-11-09 12:16 - 2013-08-02 00:37 - 00000000 ____D C:\Documents and Settings\Master\.gimp-2.6
2013-11-09 10:58 - 2013-11-09 10:58 - 00499517 _____ C:\Documents and Settings\Master\.recently-used.xbel
2013-11-09 10:58 - 2013-08-02 00:42 - 00000000 ____D C:\Documents and Settings\Master\Application Data\gtk-2.0
2013-11-09 09:49 - 2013-11-05 15:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2566454$
2013-11-09 09:49 - 2013-07-18 02:29 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-09 09:49 - 2013-07-17 20:07 - 00000000 ____D C:\WINDOWS\Cursors
2013-11-09 03:49 - 2013-11-09 03:43 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-09 00:53 - 2013-07-20 09:38 - 00000000 ____D C:\Documents and Settings\Master\Desktop\Footlocker
2013-11-08 22:56 - 2013-07-18 12:43 - 00000470 _____ C:\WINDOWS\Tasks\Driver Restore-RTMRules.job
2013-11-08 12:06 - 2013-07-17 20:07 - 00000000 ____D C:\WINDOWS\ime
2013-11-08 11:30 - 2013-11-08 11:30 - 00009095 _____ C:\Documents and Settings\Master\Desktop\AdwCleaner[s0].txt
2013-11-08 11:24 - 2013-11-08 11:19 - 00000000 ____D C:\AdwCleaner
2013-11-08 02:42 - 2013-11-08 02:14 - 00000000 ____D C:\Qoobox
2013-11-08 02:41 - 2013-11-08 02:41 - 00031550 _____ C:\Documents and Settings\Master\Desktop\ComboFix.txt
2013-11-08 02:40 - 2013-11-08 02:13 - 00000000 ____D C:\WINDOWS\erdnt
2013-11-08 02:32 - 2003-03-31 14:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-11-08 02:25 - 2013-11-08 02:25 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-11-08 02:25 - 2013-11-08 02:25 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-11-08 02:25 - 2013-07-17 20:10 - 34340864 _____ C:\WINDOWS\system32\config\software.bak
2013-11-08 02:25 - 2013-07-17 20:10 - 10223616 _____ C:\WINDOWS\system32\config\system.bak
2013-11-08 02:25 - 2013-07-17 20:10 - 00524288 _____ C:\WINDOWS\system32\config\default.bak
2013-11-08 02:25 - 2013-07-17 20:10 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak
2013-11-08 02:25 - 2013-07-17 20:10 - 00262144 _____ C:\WINDOWS\system32\config\SAM.bak
2013-11-08 02:16 - 2013-11-08 02:16 - 00000000 _RSHD C:\cmdcons
2013-11-08 02:16 - 2013-07-17 20:10 - 00000338 __RSH C:\boot.ini
2013-11-08 01:37 - 2013-11-07 16:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Electronic Arts
2013-11-08 01:31 - 2013-07-23 17:36 - 00000000 ____D C:\Program Files\Electronic Arts
2013-11-08 01:31 - 2013-07-18 02:25 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-08 00:37 - 2013-11-07 16:23 - 00000000 ____D C:\Documents and Settings\Master\My Documents\Electronic Arts
2013-11-07 22:02 - 2013-07-18 13:10 - 00000000 ____D C:\Documents and Settings\Master\Desktop\Midi's
2013-11-07 20:01 - 2013-07-18 08:58 - 00000000 ____D C:\Documents and Settings\Master\Application Data\Adobe
2013-11-07 19:55 - 2013-11-07 19:54 - 00000000 ____D C:\Documents and Settings\Master\Desktop\MassE
2013-11-07 16:55 - 2013-11-04 23:50 - 00000000 ____D C:\Documents and Settings\Master\Desktop\ArkTxt
2013-11-07 16:23 - 2013-11-07 16:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Electronic Arts
2013-11-07 16:22 - 2013-11-07 16:22 - 00000790 _____ C:\Documents and Settings\All Users\Start Menu\Programs\EA Download Manager.lnk
2013-11-07 16:21 - 2013-11-07 16:21 - 00000000 ____D C:\Program Files\Microsoft WSE
2013-11-07 12:19 - 2013-07-18 11:37 - 00008020 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-11-07 12:02 - 2013-11-07 10:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-11-07 10:45 - 2013-07-18 11:09 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-11-07 10:43 - 2013-07-18 11:09 - 00000000 ____D C:\Documents and Settings\Administrator
2013-11-07 10:14 - 2013-11-07 10:14 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\rootkit
2013-11-07 00:51 - 2013-11-07 00:50 - 00000000 ____D C:\Documents and Settings\Master\mods
2013-11-06 21:00 - 2013-11-06 21:00 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-06 18:35 - 2013-11-06 18:32 - 00000000 ____D C:\Documents and Settings\Master\Desktop\RK_Quarantine
2013-11-06 15:01 - 2013-11-06 14:37 - 00043263 _____ C:\Documents and Settings\Administrator\Desktop\dds.txt
2013-11-06 14:56 - 2013-11-06 14:37 - 00017869 _____ C:\Documents and Settings\Administrator\Desktop\attach.txt
2013-11-06 14:36 - 2013-11-06 14:36 - 00688992 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\dds.scr
2013-11-06 14:36 - 2013-10-28 02:14 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\New Folder
2013-11-06 14:06 - 2013-11-06 14:06 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Help
2013-11-06 14:06 - 2013-11-06 14:06 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Help
2013-11-06 14:06 - 2013-07-17 20:07 - 00000000 ____D C:\WINDOWS\Help
2013-11-06 13:29 - 2013-11-06 13:29 - 00000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts-clean.txt
2013-11-06 13:24 - 2013-11-06 13:24 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2013-11-06 10:06 - 2013-07-17 20:11 - 00633082 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-06 08:42 - 2013-07-18 12:43 - 00000482 _____ C:\WINDOWS\Tasks\Driver Restore-RTMScan.job
2013-11-06 02:22 - 2013-08-21 19:13 - 00000000 ____D C:\Documents and Settings\Master\Desktop\Antietam
2013-11-05 21:53 - 2013-11-05 19:06 - 00000000 ____D C:\Documents and Settings\Master\My Documents\Wondershare DVD Creator
2013-11-05 19:06 - 2013-11-05 19:06 - 00000843 _____ C:\Documents and Settings\Master\Desktop\Wondershare DVD Creator.lnk
2013-11-05 19:06 - 2013-11-05 19:06 - 00000000 ____D C:\Program Files\Common Files\Wondershare
2013-11-05 19:06 - 2013-11-05 19:06 - 00000000 ____D C:\Documents and Settings\Master\Local Settings\Application Data\Wondershare
2013-11-05 18:52 - 2013-07-18 01:58 - 00000792 _____ C:\Documents and Settings\Master\Start Menu\Programs\Windows Media Player.lnk
2013-11-05 18:51 - 2013-11-03 15:34 - 00000109 _____ C:\Documents and Settings\Master\default.pls
2013-11-05 18:50 - 2013-11-05 18:50 - 00000000 ____D C:\Documents and Settings\Master\Local Settings\Application Data\Ahead
2013-11-05 18:19 - 2013-11-01 22:57 - 00000310 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1960408961-2000478354-839522115-1004.job
2013-11-05 18:16 - 2013-11-05 18:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB970430$
2013-11-05 18:16 - 2013-11-05 18:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2345886$
2013-11-05 17:50 - 2013-07-18 01:54 - 00000000 ____D C:\Program Files\Outlook Express
2013-11-05 17:50 - 2013-07-17 20:10 - 00183424 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-11-05 16:20 - 2013-11-05 16:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB959426$
2013-11-05 16:20 - 2013-11-05 16:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB952954$
2013-11-05 16:20 - 2013-11-05 16:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB951376-v2$
2013-11-05 16:20 - 2013-11-05 16:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB946648$
2013-11-05 16:20 - 2013-07-18 01:53 - 00000000 ____D C:\Program Files\Messenger
2013-11-05 16:19 - 2013-11-05 16:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB960859$
2013-11-05 16:19 - 2013-11-05 16:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2712808$
2013-11-05 16:19 - 2013-11-05 16:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2479943$
2013-11-05 16:19 - 2013-11-05 16:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2387149$
2013-11-05 16:18 - 2013-11-05 16:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2758857$
2013-11-05 16:18 - 2013-11-05 16:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2659262$
2013-11-05 16:18 - 2013-11-05 16:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2564958$
2013-11-05 16:18 - 2013-11-05 16:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2478971$
2013-11-05 16:17 - 2013-11-05 16:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-11-05 16:17 - 2013-11-05 16:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2631813$
2013-11-05 16:17 - 2013-11-05 16:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2585542$
2013-11-05 16:17 - 2013-11-05 16:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2544893-v2$
2013-11-05 16:17 - 2013-11-05 16:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2536276-v2$
2013-11-05 16:16 - 2013-11-05 16:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2691442$
2013-11-05 16:16 - 2013-11-05 16:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2296011$
2013-11-05 16:16 - 2013-11-05 16:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2115168$
2013-11-05 16:15 - 2013-11-05 16:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB974318$
2013-11-05 16:15 - 2013-11-05 16:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB955759$
2013-11-05 16:15 - 2013-11-05 16:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB951978$
2013-11-05 16:15 - 2013-11-05 16:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-11-05 16:14 - 2013-11-05 16:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB969059$
2013-11-05 16:14 - 2013-11-05 16:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2802968$
2013-11-05 16:14 - 2013-11-05 16:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2655992$
2013-11-05 16:14 - 2013-11-05 16:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2443105$
2013-11-05 16:13 - 2013-11-05 16:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB975713$
2013-11-05 16:13 - 2013-11-05 16:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB950974$
2013-11-05 16:13 - 2013-11-05 16:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2598479$
2013-11-05 16:13 - 2013-11-05 16:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2485663$
2013-11-05 16:13 - 2013-11-05 16:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2481109$
2013-11-05 16:13 - 2013-11-05 16:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2229593$
2013-11-05 16:12 - 2013-11-05 16:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB982132$
2013-11-05 16:12 - 2013-11-05 16:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-11-05 16:12 - 2013-11-05 16:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2686509$
2013-11-05 16:12 - 2013-11-05 16:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2440591$
2013-11-05 16:11 - 2013-11-05 16:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB978338$
2013-11-05 16:11 - 2013-11-05 16:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB971657$
2013-11-05 16:11 - 2013-11-05 16:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB961118$
2013-11-05 16:11 - 2013-11-05 16:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2507938$
2013-11-05 16:10 - 2013-11-05 16:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB972270$
2013-11-05 16:10 - 2013-11-05 16:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-11-05 16:10 - 2013-11-05 16:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$
2013-11-05 16:10 - 2013-11-05 16:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2510581$
2013-11-05 16:09 - 2013-11-05 16:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB974112$
2013-11-05 16:09 - 2013-11-05 16:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB956572$
2013-11-05 16:09 - 2013-11-05 16:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-11-05 16:09 - 2013-11-05 16:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2347290$
2013-11-05 16:08 - 2013-11-05 16:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB979687$
2013-11-05 16:08 - 2013-11-05 16:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB973869$
2013-11-05 16:08 - 2013-11-05 16:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB956844$
2013-11-05 16:08 - 2013-11-05 16:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-11-05 16:08 - 2013-11-05 16:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2483185$
2013-11-05 16:07 - 2013-11-05 16:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB975025$
2013-11-05 16:07 - 2013-11-05 16:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB974571$
2013-11-05 16:07 - 2013-11-05 16:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB952004$
2013-11-05 16:07 - 2013-11-05 16:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2719985$
2013-11-05 16:06 - 2013-11-05 16:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB975560$
2013-11-05 16:06 - 2013-11-05 16:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB973507$
2013-11-05 16:06 - 2013-11-05 16:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2770660$
2013-11-05 16:06 - 2013-11-05 16:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2592799$
2013-11-05 16:05 - 2013-11-05 16:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB977816$
2013-11-05 16:05 - 2013-11-05 16:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-11-05 16:05 - 2013-11-05 16:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2535512$
2013-11-05 16:05 - 2013-11-05 16:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB950762$
2013-11-05 16:04 - 2013-11-05 16:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-11-05 16:04 - 2013-11-05 16:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$
2013-11-05 16:04 - 2013-11-05 16:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2570947$
2013-11-05 16:03 - 2013-11-05 16:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB952287$
2013-11-05 16:03 - 2013-11-05 16:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-11-05 16:03 - 2013-11-05 16:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$
2013-11-05 16:03 - 2013-11-05 16:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2603381$
2013-11-05 16:02 - 2013-11-05 16:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB973904$
2013-11-05 16:02 - 2013-11-05 16:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2757638$
2013-11-05 16:01 - 2013-11-05 16:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB974392$
2013-11-05 16:01 - 2013-11-05 16:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2749655$
2013-11-05 16:01 - 2013-11-05 16:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2653956$
2013-11-05 16:01 - 2013-11-05 16:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2508429$
2013-11-05 16:01 - 2013-11-05 16:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2419632$
2013-11-05 16:00 - 2013-11-05 16:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB971029$
2013-11-05 16:00 - 2013-11-05 16:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2879017$
2013-11-05 16:00 - 2013-11-05 16:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2506212$
2013-11-05 15:59 - 2013-11-05 15:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB977914$
2013-11-05 15:59 - 2013-11-05 15:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2698365$
2013-11-05 15:59 - 2013-11-05 15:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2619339$
2013-11-05 15:58 - 2013-11-05 15:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB979309$
2013-11-05 15:58 - 2013-11-05 15:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB978542$
2013-11-05 15:58 - 2013-11-05 15:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-11-05 15:58 - 2013-11-05 15:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2705219-v2$
2013-11-05 15:57 - 2013-11-05 15:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB981997$
2013-11-05 15:57 - 2013-11-05 15:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB979482$
2013-11-05 15:57 - 2013-11-05 15:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB978706$
2013-11-05 15:57 - 2013-11-05 15:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2727528$
2013-11-05 15:57 - 2013-07-18 01:54 - 00000000 ____D C:\Program Files\Movie Maker
2013-11-05 15:56 - 2013-11-05 15:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB973815$
2013-11-05 15:56 - 2013-11-05 15:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB960803$
2013-11-05 15:56 - 2013-11-05 15:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-11-05 15:56 - 2013-11-05 15:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2723135-v2$
2013-11-05 15:55 - 2013-11-05 15:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB956802$
2013-11-05 15:55 - 2013-11-05 15:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-11-05 15:55 - 2013-11-05 15:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$
2013-11-05 15:55 - 2013-11-05 15:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2661254-v2$
2013-11-05 15:54 - 2013-11-05 15:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB982665$
2013-11-05 15:54 - 2013-11-05 15:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2676562$
2013-11-05 15:54 - 2013-11-05 15:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2509553$
2013-11-05 15:54 - 2013-11-05 15:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2478960$
2013-11-05 15:53 - 2013-11-05 15:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2393802$
2013-11-05 15:52 - 2013-11-05 15:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB923561$
2013-11-05 15:52 - 2013-11-05 15:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2620712$
2013-11-05 15:51 - 2013-11-05 15:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB975467$
2013-11-05 15:51 - 2013-11-05 15:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB968389$
2013-11-05 15:51 - 2013-11-05 15:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2584146$
2013-11-05 15:50 - 2013-11-05 15:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2423089$
2013-11-05 02:45 - 2013-11-04 21:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PC HealthBoost
2013-11-05 02:42 - 2013-11-05 02:42 - 00000083 _____ C:\Documents and Settings\Master\SwissArmySYSVirus.txt
2013-11-05 01:16 - 2013-07-18 08:47 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2013-11-04 23:53 - 2013-11-04 23:53 - 00000612 _____ C:\Documents and Settings\Master\Desktop\ark.zip
2013-11-04 22:23 - 2013-11-04 22:23 - 00368554 _____ C:\Documents and Settings\Master\Desktop\gmer.zip
2013-11-04 21:13 - 2013-11-04 21:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PCHealthBoost
2013-11-04 20:30 - 2013-07-18 10:22 - 00000000 ____D C:\Program Files\Evil Player
2013-11-04 20:30 - 2013-07-17 20:07 - 00000000 ____D C:\WINDOWS\security
2013-11-04 20:08 - 2013-08-01 17:23 - 00000000 ____D C:\Documents and Settings\Master\Application Data\DAEMON Tools Lite
2013-11-04 19:57 - 2013-07-18 13:15 - 00001599 _____ C:\Documents and Settings\UpdatusUser\Start Menu\Programs\Remote Assistance.lnk
2013-11-04 19:57 - 2013-07-18 11:09 - 00001599 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2013-11-04 19:57 - 2013-07-18 01:58 - 00001599 _____ C:\Documents and Settings\Master\Start Menu\Programs\Remote Assistance.lnk
2013-11-04 19:57 - 2013-07-18 01:55 - 00001599 _____ C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
2013-11-04 19:55 - 2013-07-27 18:02 - 00001507 _____ C:\Documents and Settings\Master\Desktop\Notepad .lnk
2013-11-04 19:47 - 2013-07-18 13:15 - 00000792 _____ C:\Documents and Settings\UpdatusUser\Start Menu\Programs\Windows Media Player.lnk
2013-11-04 19:46 - 2013-07-18 02:19 - 00316640 _____ C:\WINDOWS\WMSysPr9.prx
2013-11-04 19:43 - 2013-07-18 03:24 - 00000090 _____ C:\WINDOWS\system32\spupdwxp.log
2013-11-04 19:41 - 2013-07-18 01:54 - 00000000 ____D C:\Program Files\Common Files\System
2013-11-04 19:32 - 2013-07-18 01:55 - 00001563 _____ C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2013-11-04 19:31 - 2013-07-18 01:52 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2013-11-04 19:30 - 2013-07-17 22:04 - 00000000 ____D C:\WINDOWS\PeerNet
2013-11-04 19:28 - 2013-07-18 01:54 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-11-04 19:28 - 2013-07-18 01:54 - 00000000 ____D C:\WINDOWS\srchasst
2013-11-04 19:28 - 2013-07-18 01:54 - 00000000 ____D C:\Program Files\NetMeeting
2013-11-04 19:28 - 2013-07-18 01:53 - 00000000 ____D C:\WINDOWS\system32\Com
2013-11-04 19:28 - 2013-07-17 20:07 - 00000000 ____D C:\WINDOWS\system32\npp
2013-11-04 19:28 - 2013-07-17 20:07 - 00000000 ____D C:\WINDOWS\msagent
2013-11-04 19:27 - 2013-07-18 01:53 - 00000000 ____D C:\Program Files\Windows NT
2013-11-04 19:26 - 2013-07-17 20:07 - 00000000 ____D C:\WINDOWS\system32\usmt
2013-11-04 19:26 - 2013-07-17 20:07 - 00000000 ____D C:\WINDOWS\system
2013-11-04 19:16 - 2013-11-04 19:04 - 00000000 __HDC C:\WINDOWS\$NtServicePackUninstall$
2013-11-04 15:35 - 2013-10-14 02:13 - 00000000 ____D C:\Documents and Settings\Master\Desktop\MWBCham
2013-11-04 15:29 - 2013-11-04 14:55 - 00003790 _____ C:\Documents and Settings\Master\Desktop\avgrep2.txt
2013-11-04 13:46 - 2013-10-23 08:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2013-11-04 13:37 - 2013-11-04 13:37 - 05143677 ____R (Swearware) C:\Documents and Settings\Master\Desktop\ComboFix.exe
2013-11-04 13:33 - 2013-11-04 10:15 - 00000000 ____D C:\WINDOWS\Minidump
2013-11-04 13:10 - 2013-11-04 13:09 - 00003101 _____ C:\sh4_service.log
2013-11-04 13:06 - 2013-11-04 13:08 - 00004090 _____ C:\Documents and Settings\Master\avgrep.txt
2013-11-04 13:06 - 2013-10-11 16:40 - 00004090 _____ C:\Documents and Settings\Administrator\Desktop\avgrep.txt
2013-11-04 11:41 - 2013-11-04 11:41 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\New Folder (2)
2013-11-04 07:14 - 2013-11-04 07:14 - 00000166 _____ C:\spyhunter.log
2013-11-04 03:40 - 2013-11-04 03:34 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
2013-11-04 02:52 - 2013-07-18 13:32 - 00001299 _____ C:\Documents and Settings\Master\Desktop\Install Sound Blaster Audigy DriverPack (2000XP).lnk
2013-11-04 02:34 - 2013-10-23 16:56 - 00040616 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-11-04 02:29 - 2013-11-04 02:28 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014
2013-11-04 02:28 - 2013-11-04 02:28 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\AVG2014
2013-11-04 01:45 - 2013-11-04 01:45 - 00000217 _____ C:\Documents and Settings\Master\Desktop\Windows Firewall.lnk
2013-11-04 00:40 - 2013-11-04 00:40 - 00000930 _____ C:\Documents and Settings\All Users\Desktop\RegHunter.lnk
2013-11-04 00:40 - 2013-11-04 00:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\RegHunter
2013-11-04 00:40 - 2013-07-18 12:23 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-04 00:39 - 2013-07-18 11:32 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-11-04 00:22 - 2013-11-02 16:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Driver Genius2
2013-11-04 00:12 - 2013-10-10 20:35 - 00000000 ____D C:\Documents and Settings\Master\Local Settings\Application Data\Avg2014
2013-11-03 22:50 - 2013-11-08 02:16 - 00000222 _____ C:\Boot.bak
2013-11-03 22:50 - 2003-03-31 14:00 - 00000682 _____ C:\WINDOWS\win.ini
2013-11-03 22:32 - 2013-11-03 22:32 - 00000000 ____D C:\Documents and Settings\Master\Application Data\AVG2014
2013-11-03 22:31 - 2013-07-18 08:45 - 00000000 ____D C:\Program Files\AVG
2013-11-03 22:31 - 2013-07-18 08:45 - 00000000 ____D C:\$AVG
2013-11-03 22:29 - 2013-11-03 22:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2014
2013-11-03 22:29 - 2013-07-18 08:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2013
2013-11-03 22:27 - 2013-11-03 22:27 - 00000702 _____ C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2013-11-03 22:10 - 2013-07-18 02:50 - 00040616 _____ C:\Documents and Settings\Master\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-11-03 22:10 - 2013-07-18 01:54 - 00000000 ____D C:\WINDOWS\Registration
2013-11-03 22:04 - 2013-07-17 20:07 - 00000000 ____D C:\WINDOWS\repair
2013-11-03 22:00 - 2013-11-03 21:54 - 00000792 _____ C:\Documents and Settings\Default User\Start Menu\Programs\Windows Media Player.lnk
2013-11-03 22:00 - 2013-07-18 02:19 - 00262144 _____ C:\WINDOWS\system32\config\userdifr
2013-11-03 22:00 - 2013-07-18 02:19 - 00001024 ____H C:\WINDOWS\system32\config\userdifr.LOG
2013-11-03 22:00 - 2013-07-18 01:55 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2013-11-03 22:00 - 2013-07-18 01:55 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2013-11-03 22:00 - 2013-07-18 01:55 - 00001507 _____ C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2013-11-03 22:00 - 2013-07-18 01:55 - 00000398 _____ C:\Documents and Settings\All Users\Start Menu\Windows Catalog.lnk
2013-11-03 22:00 - 2013-07-17 20:10 - 00001024 ____H C:\WINDOWS\system32\config\userdiff.LOG
2013-11-03 21:59 - 2013-07-17 20:11 - 00004161 _____ C:\WINDOWS\ODBCINST.INI
2013-11-03 21:59 - 2013-07-17 20:07 - 00000000 ____D C:\WINDOWS\system32\ias
2013-11-03 21:58 - 2013-11-03 21:58 - 00000749 ___RH C:\WINDOWS\WindowsShell.Manifest
2013-11-03 21:58 - 2013-11-03 21:58 - 00000749 ___RH C:\WINDOWS\system32\wuaucpl.cpl.manifest
2013-11-03 21:58 - 2013-11-03 21:58 - 00000749 ___RH C:\WINDOWS\system32\sapi.cpl.manifest
2013-11-03 21:58 - 2013-11-03 21:58 - 00000749 ___RH C:\WINDOWS\system32\ncpa.cpl.manifest
2013-11-03 21:58 - 2013-11-03 21:58 - 00000488 ___RH C:\WINDOWS\system32\logonui.exe.manifest
2013-11-03 21:58 - 2013-07-18 02:18 - 00000786 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
2013-11-03 21:58 - 2013-07-18 01:55 - 00000749 ___RH C:\WINDOWS\system32\nwc.cpl.manifest
2013-11-03 21:58 - 2013-07-18 01:55 - 00000749 ___RH C:\WINDOWS\system32\cdplayer.exe.manifest
2013-11-03 21:58 - 2013-07-18 01:55 - 00000488 ___RH C:\WINDOWS\system32\WindowsLogon.manifest
2013-11-03 21:58 - 2013-07-18 01:55 - 00000000 ___RD C:\Documents and Settings\Default User\Start Menu\Programs\Accessories
2013-11-03 21:58 - 2013-07-17 20:07 - 00000000 ___RD C:\WINDOWS\Web
2013-11-03 21:55 - 2013-07-18 01:54 - 00023328 _____ C:\WINDOWS\system32\emptyregdb.dat
2013-11-03 21:54 - 2013-07-18 01:53 - 00000609 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
2013-11-03 21:32 - 2013-07-18 14:54 - 00000584 _____ C:\WINDOWS\system32\settingsbkup.sfm
2013-11-03 21:32 - 2013-07-18 14:54 - 00000584 _____ C:\WINDOWS\system32\settings.sfm
2013-11-03 21:29 - 2013-07-18 13:14 - 01098236 _____ C:\WINDOWS\system32\nvdrsdb1.bin
2013-11-03 21:29 - 2013-07-18 13:14 - 01098236 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2013-11-03 21:29 - 2013-07-18 13:14 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2013-11-03 21:01 - 2013-07-17 20:10 - 00262144 _____ C:\WINDOWS\system32\config\security.sav
2013-11-03 16:20 - 2013-10-14 18:37 - 00000000 ____D C:\Documents and Settings\Master\Desktop\PIRATESmods
2013-11-03 16:12 - 2013-07-17 20:10 - 34340864 _____ C:\WINDOWS\system32\config\software.sav
2013-11-03 16:12 - 2013-07-17 20:10 - 08126464 _____ C:\WINDOWS\system32\config\system.sav
2013-11-03 16:12 - 2013-07-17 20:10 - 00524288 _____ C:\WINDOWS\system32\config\default.sav
2013-11-03 16:12 - 2013-07-17 20:10 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2013-11-03 16:11 - 2013-07-17 20:10 - 00001024 ____H C:\WINDOWS\system32\config\TempKey.LOG
2013-11-03 16:10 - 2013-07-17 20:07 - 00000000 ____D C:\WINDOWS\Media
2013-11-03 16:07 - 2013-07-17 20:07 - 00000000 ____D C:\WINDOWS\twain_32
2013-11-03 16:06 - 2013-07-17 20:07 - 00000000 ____D C:\WINDOWS\system32\icsxml
2013-11-03 16:06 - 2013-07-17 20:07 - 00000000 ____D C:\WINDOWS\system32\1033
2013-11-03 16:05 - 2013-07-17 20:07 - 00000000 ____D C:\WINDOWS\Driver Cache
2013-11-03 15:38 - 2013-11-03 15:38 - 00000000 ____D C:\Documents and Settings\Master\Application Data\Ahead
2013-11-03 15:14 - 2013-11-03 15:14 - 00002476 _____ C:\Documents and Settings\Master\About Satanists.txt
2013-11-03 14:05 - 2013-11-02 16:24 - 00000000 ____D C:\Documents and Settings\Master\Desktop\NewDriver
2013-11-03 13:38 - 2013-11-03 13:38 - 00001804 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
2013-11-03 13:38 - 2013-11-03 13:38 - 00001729 _____ C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
2013-11-03 13:38 - 2013-11-03 13:37 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-03 13:38 - 2013-07-18 11:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2013-11-03 13:37 - 2013-11-03 13:37 - 00000000 ____D C:\Program Files\Adobe
2013-11-03 13:36 - 2013-11-03 13:36 - 00000000 ____D C:\Fraps
2013-11-03 13:36 - 2013-11-03 13:36 - 00000000 ____D C:\Documents and Settings\Master\Start Menu\Programs\Fraps
2013-11-03 13:35 - 2013-11-03 13:35 - 00000749 _____ C:\Documents and Settings\Master\Desktop\EVGA Precision.lnk
2013-11-03 13:35 - 2013-11-03 13:35 - 00000000 ____D C:\Program Files\EVGA Precision
2013-11-03 13:35 - 2013-11-03 13:35 - 00000000 ____D C:\Documents and Settings\Master\Start Menu\Programs\EVGA Precision
2013-11-03 12:37 - 2013-11-03 12:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Nero
2013-11-03 12:36 - 2013-11-03 12:31 - 00000000 ____D C:\Program Files\Ahead
2013-11-03 12:32 - 2013-11-03 12:32 - 00000000 ____D C:\Program Files\Common Files\Ahead
2013-11-03 12:32 - 2013-11-03 12:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Ahead
2013-11-03 03:57 - 2013-11-03 03:57 - 00002416 _____ C:\Documents and Settings\Administrator\My Documents\cc_20131103_035707.reg
2013-11-03 03:46 - 2013-07-31 15:33 - 03306009 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1960408961-2000478354-839522115-1004-0.dat
2013-11-03 03:46 - 2013-07-31 15:33 - 00168138 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2013-11-02 22:31 - 2013-11-02 22:31 - 00000000 ____D C:\Documents and Settings\UpdatusUser\Local Settings\Application Data\NVIDIA
2013-11-02 21:35 - 2013-07-18 13:15 - 00000178 ___SH C:\Documents and Settings\UpdatusUser\ntuser.ini
2013-11-02 19:29 - 2013-11-04 22:24 - 00688992 ____R (Swearware) C:\Documents and Settings\Master\Desktop\dds.scr
2013-11-02 19:01 - 2013-11-02 19:01 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2013-11-02 19:01 - 2013-11-02 19:01 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2013-11-02 18:53 - 2013-11-02 18:53 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
2013-11-02 18:42 - 2013-10-14 23:40 - 00000000 ____D C:\WINDOWS\865537E164904193A4B6669C62711852.TMP
2013-11-02 18:36 - 2013-11-02 18:46 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Documents and Settings\Administrator\Desktop\SpyHunter-Installer.exe
2013-11-02 17:01 - 2013-11-02 17:01 - 00000000 _____ C:\Documents and Settings\Master\mm_backup.cfg
2013-11-02 16:18 - 2013-11-02 16:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DriverGenius
2013-11-02 16:05 - 2013-10-28 16:25 - 00000000 ____D C:\Documents and Settings\Master\Desktop\CPU Thermometer
2013-11-02 15:27 - 2013-11-02 15:27 - 00000251 _____ C:\Documents and Settings\Master\My Documents\ProjectGetty.ebp
2013-11-02 13:31 - 2013-11-02 13:31 - 00000817 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Express Burn.lnk
2013-11-02 13:31 - 2013-11-02 13:31 - 00000000 ____D C:\Documents and Settings\Master\Start Menu\Programs\NCH Software Suite
2013-11-02 13:31 - 2013-10-17 15:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\NCH Software
2013-11-02 13:31 - 2013-10-17 15:14 - 00000000 ____D C:\Program Files\NCH Software
2013-11-02 08:31 - 2013-11-02 08:23 - 00000000 ____D C:\Program Files\Rhapsody
2013-11-02 08:24 - 2013-11-02 08:24 - 00000630 _____ C:\Documents and Settings\All Users\Start Menu\Rhapsody.lnk
2013-11-02 08:24 - 2013-11-02 08:24 - 00000630 _____ C:\Documents and Settings\All Users\Desktop\Rhapsody.lnk
2013-11-02 08:24 - 2013-11-02 08:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Rhapsody
2013-11-02 08:24 - 2013-10-29 08:23 - 00000000 ____D C:\Documents and Settings\Master\Application Data\Real
2013-11-02 00:46 - 2013-11-01 22:44 - 00000803 _____ C:\Documents and Settings\Master\Start Menu\Programs\Internet Explorer.lnk
2013-11-02 00:46 - 2013-07-18 01:58 - 00000000 ___RD C:\Documents and Settings\Master\Start Menu\Programs\Accessories
2013-11-01 22:57 - 2013-11-01 22:57 - 00000328 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1960408961-2000478354-839522115-1004.job
2013-11-01 22:40 - 2013-07-18 09:43 - 00000000 ____D C:\WINDOWS\ie8updates
2013-11-01 21:55 - 2013-07-24 11:27 - 00000000 ____D C:\Program Files\System Protect
2013-11-01 17:35 - 2013-11-01 17:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2013-10-30 17:37 - 2013-07-18 01:55 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2013-10-30 17:06 - 2013-10-16 14:50 - 00002489 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2013-10-30 15:08 - 2013-10-29 08:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Real
2013-10-30 14:14 - 2013-07-18 10:26 - 00000000 __RHD C:\Program Files\WinKey.ini
2013-10-30 12:21 - 2013-10-26 20:25 - 00000266 _____ C:\WINDOWS\Tasks\DLL-Files.Com Fixer_MONTHLY.job
2013-10-29 14:46 - 2013-10-22 21:29 - 00000000 ____D C:\RL 2
2013-10-29 10:25 - 2013-10-29 10:25 - 00000056 _____ C:\Documents and Settings\Master\MQOTemplates.txt
2013-10-29 09:55 - 2013-10-29 09:55 - 00003931 _____ C:\Documents and Settings\Master\copyOPtionsinSB3.txt
2013-10-29 09:54 - 2013-10-29 09:54 - 00005354 _____ C:\Documents and Settings\Master\BODYmeshAccessoryInfo.txt
2013-10-29 09:53 - 2013-10-29 09:53 - 00006246 _____ C:\Documents and Settings\Master\InforModdingMODEL.txt
2013-10-29 09:51 - 2013-10-29 09:51 - 00008746 _____ C:\Documents and Settings\Master\TransparencyInfo.txt
2013-10-29 00:17 - 2013-10-29 00:17 - 00088761 _____ C:\Documents and Settings\Master\Desktop\Sofia Design.xcf
2013-10-28 02:15 - 2013-10-28 02:15 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Windows Search
2013-10-28 00:34 - 2013-10-28 00:34 - 00000464 _____ C:\Documents and Settings\Master\help2.txt
2013-10-27 18:58 - 2013-10-26 12:32 - 00000000 ____D C:\Documents and Settings\Master\Local Settings\Application Data\SB3Utility
2013-10-27 17:59 - 2013-10-27 17:59 - 00000471 _____ C:\Documents and Settings\Master\help.txt
2013-10-27 15:54 - 2013-07-18 12:38 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-27 13:07 - 2013-10-26 19:23 - 00000000 ____D C:\Program Files\Windows Desktop Search
2013-10-27 12:20 - 2013-10-25 18:39 - 00000000 ____D C:\Documents and Settings\Master\Desktop\New Folder
2013-10-27 00:30 - 2013-10-26 02:01 - 00000000 ____D C:\New Folder
2013-10-26 20:25 - 2013-10-26 20:25 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_40.dll
2013-10-26 20:25 - 2013-10-26 20:25 - 00000000 ____D C:\Program Files\Dll-Files.com Fixer
2013-10-26 20:25 - 2013-10-26 20:25 - 00000000 ____D C:\Documents and Settings\Master\Application Data\dll-files.com
2013-10-26 20:25 - 2013-10-26 20:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Dll-Files Fixer
2013-10-26 20:20 - 2013-10-26 20:20 - 00000000 ____D C:\Documents and Settings\Master\Application Data\Windows Search
2013-10-26 19:43 - 2013-07-18 02:59 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2013-10-26 19:25 - 2013-10-26 19:25 - 00000000 ____D C:\WINDOWS\system32\winrm
2013-10-26 19:25 - 2013-10-26 19:25 - 00000000 ____D C:\WINDOWS\system32\WindowsPowerShell
2013-10-26 19:25 - 2013-10-26 19:24 - 00000000 __HDC C:\WINDOWS\$968930Uinstall_KB968930$
2013-10-26 19:24 - 2013-10-26 19:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallbasecsp$
2013-10-26 19:24 - 2013-10-26 19:24 - 00000000 ____D C:\WINDOWS\$NtUninstallKB968930$
2013-10-26 19:24 - 2013-10-26 19:24 - 00000000 ____D C:\Documents and Settings\Master\Application Data\Windows Desktop Search
2013-10-26 19:23 - 2013-10-26 19:23 - 00001803 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
2013-10-26 19:23 - 2013-10-26 19:23 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2013-10-26 13:23 - 2013-07-18 01:55 - 00000000 ____D C:\WINDOWS\system32\DirectX
2013-10-26 13:01 - 2013-10-26 13:01 - 00000000 ____D C:\WINDOWS\RegisteredPackages
2013-10-26 13:00 - 2013-10-26 12:59 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2013-10-24 21:41 - 2013-10-14 21:06 - 00043520 _____ C:\WINDOWS\system32\CmdLineExt03.dll
2013-10-24 14:41 - 2013-10-24 14:41 - 00003785 _____ C:\Documents and Settings\Master\ModdingInfo.txt
2013-10-23 23:49 - 2013-10-23 23:49 - 00001409 _____ C:\WINDOWS\QTFont.for
2013-10-23 23:42 - 2013-10-23 23:42 - 00000000 ___HD C:\Documents and Settings\All Users\Start Menu\Programs\DVD Shrink
2013-10-23 23:42 - 2013-10-23 23:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DVD Shrink
2013-10-23 23:42 - 2013-10-23 23:41 - 00000000 ____D C:\Program Files\DVD Shrink
2013-10-23 23:37 - 2013-07-20 09:33 - 00000000 ____D C:\Documents and Settings\Master\Application Data\DivX
2013-10-23 18:14 - 2013-08-14 11:56 - 00000000 ____D C:\Program Files\Recuva
2013-10-23 16:56 - 2013-10-23 16:56 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Disabled Startup
2013-10-23 15:48 - 2013-10-23 15:48 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\WinRAR
2013-10-23 12:20 - 2013-07-18 09:33 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-10-23 12:20 - 2013-07-18 09:33 - 00000000 ____D C:\Program Files\CCleaner
2013-10-22 19:29 - 2013-10-22 19:29 - 00003083 _____ C:\Documents and Settings\Master\UsingHarem2.txt
2013-10-22 16:18 - 2013-07-18 12:50 - 00000000 ____D C:\Program Files\TweakNow RegCleaner
2013-10-22 09:13 - 2013-08-08 11:50 - 00000000 ____D C:\WINDOWS\MRLH
2013-10-22 02:37 - 2013-10-22 02:37 - 00005602 _____ C:\Documents and Settings\Master\My Documents\cc_20131022_033722.reg
2013-10-22 01:21 - 2013-10-22 01:21 - 00000000 ____D C:\Program Files\7-Zip
2013-10-22 01:21 - 2013-10-22 01:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
2013-10-21 14:44 - 2013-10-21 14:44 - 00000000 __SHD C:\Documents and Settings\Master\IECompatCache
2013-10-21 04:14 - 2013-07-18 12:43 - 00000480 _____ C:\WINDOWS\Tasks\Driver Restore-RTMUpdater.job
2013-10-19 12:16 - 2013-10-19 12:16 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-10-19 01:22 - 2013-10-18 19:48 - 00002843 _____ C:\logfile
2013-10-18 23:34 - 2013-10-17 16:15 - 00000000 ____D C:\Program Files\Metaseq31
2013-10-18 23:18 - 2013-07-21 22:31 - 00000000 ____D C:\WINDOWS\pss
2013-10-18 20:23 - 2013-10-18 19:48 - 00636928 ____R C:\Documents and Settings\All Users\Documents\ESBK.mbb
2013-10-18 20:23 - 2013-10-18 19:48 - 00340992 ____R C:\Documents and Settings\All Users\Documents\ESBK.mb
2013-10-18 19:49 - 2013-10-18 19:49 - 00000000 ____D C:\Documents and Settings\Master\Local Settings\Application Data\KodakGallery
2013-10-18 19:35 - 2013-10-18 19:32 - 00000000 ____D C:\Program Files\Kodak
2013-10-18 19:35 - 2013-10-18 19:32 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Kodak
2013-10-18 19:35 - 2013-10-18 19:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Kodak
2013-10-18 19:34 - 2013-10-18 19:34 - 00000000 ____D C:\Program Files\Common Files\Kodak
2013-10-18 19:32 - 2013-10-18 19:32 - 00001817 _____ C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk
2013-10-18 15:01 - 2004-08-04 07:00 - 00285747 _____ C:\shldr
2013-10-18 02:04 - 2013-07-17 20:11 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-10-17 22:37 - 2013-10-17 22:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallwmp11$
2013-10-17 22:37 - 2013-10-17 22:37 - 00000000 ____D C:\Program Files\Windows Media Connect 2
2013-10-17 22:36 - 2013-10-17 22:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallWMFDist11$
2013-10-17 22:36 - 2013-10-17 22:36 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2013-10-17 22:36 - 2013-10-17 22:36 - 00000000 ____D C:\656e718fed0ffcfdcb23ea6d0dac
2013-10-17 22:36 - 2013-07-18 01:55 - 00000000 __SHD C:\Documents and Settings\All Users\DRM
2013-10-17 15:39 - 2013-10-17 15:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Metasequoia 4
2013-10-17 15:38 - 2013-10-17 15:38 - 00000000 ____D C:\Program Files\tetraface
2013-10-17 15:14 - 2013-10-17 15:14 - 00000823 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Pixillion Image Converter.lnk
2013-10-17 15:14 - 2013-10-17 15:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite
2013-10-17 01:00 - 2013-10-17 01:00 - 00000000 _____ C:\WINDOWS\ABC_mru.ini
2013-10-17 00:57 - 2013-10-17 00:57 - 00000000 ____D C:\Program Files\Advanced Batch Converter
2013-10-17 00:57 - 2013-10-17 00:57 - 00000000 ____D C:\Documents and Settings\Master\Start Menu\Programs\Advanced Batch Converter
2013-10-16 14:51 - 2013-10-16 14:51 - 00000376 _____ C:\WINDOWS\ODBC.INI
2013-10-16 14:50 - 2013-10-16 14:50 - 00002046 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Outlook.lnk
2013-10-16 14:50 - 2013-10-16 14:50 - 00002030 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2013-10-16 14:50 - 2013-10-16 14:50 - 00002002 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint.lnk
2013-10-16 14:50 - 2013-10-16 14:50 - 00002002 _____ C:\Documents and Settings\All Users\Start Menu\Open Office Document.lnk
2013-10-16 14:50 - 2013-10-16 14:50 - 00001998 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft FrontPage.lnk
2013-10-16 14:50 - 2013-10-16 14:50 - 00001992 _____ C:\Documents and Settings\All Users\Start Menu\New Office Document.lnk
2013-10-16 14:50 - 2013-10-16 14:50 - 00001990 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Access.lnk
2013-10-16 14:50 - 2013-10-16 14:50 - 00000000 ____D C:\Program Files\Microsoft Visual Studio
2013-10-16 14:50 - 2013-10-16 14:50 - 00000000 ____D C:\Program Files\Microsoft ActiveSync
2013-10-16 14:50 - 2013-10-16 14:50 - 00000000 ____D C:\Program Files\Common Files\Designer
2013-10-16 14:50 - 2013-10-16 14:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
2013-10-16 14:50 - 2013-10-16 14:48 - 00000000 ___HD C:\WINDOWS\ShellNew
2013-10-16 14:49 - 2013-10-16 14:48 - 00000000 ____D C:\Program Files\Microsoft Office
2013-10-16 14:48 - 2013-10-16 14:48 - 00000000 ____D C:\Program Files\Common Files\L&H
2013-10-16 08:54 - 2013-10-16 08:54 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-16 08:53 - 2013-10-16 08:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-10-16 08:53 - 2013-10-16 08:52 - 00004705 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log
2013-10-16 08:53 - 2013-07-21 23:40 - 00000000 ____D C:\Program Files\Java
2013-10-16 08:47 - 2013-10-16 08:47 - 00000000 ____D C:\Documents and Settings\Master\Application Data\RealNetworks
2013-10-16 08:45 - 2013-10-16 08:45 - 00000000 ____D C:\Program Files\RealNetworks
2013-10-16 08:45 - 2013-10-16 08:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RealNetworks
2013-10-16 08:45 - 2013-07-30 07:12 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
2013-10-16 08:44 - 2013-07-30 07:12 - 00000000 ____D C:\Program Files\Real
2013-10-16 08:43 - 2013-10-16 08:43 - 00000000 ____D C:\Program Files\Common Files\xing shared
2013-10-16 08:42 - 2013-07-18 14:04 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp71.dll
2013-10-16 08:42 - 2013-07-18 14:04 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr71.dll
2013-10-15 08:51 - 2013-10-15 08:50 - 00020014 _____ C:\Documents and Settings\Master\My Documents\cc_20131015_095035.reg
2013-10-15 00:14 - 2013-10-15 00:14 - 00000730 _____ C:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk
2013-10-15 00:14 - 2013-10-15 00:14 - 00000000 ____D C:\Program Files\FileASSASSIN
2013-10-15 00:14 - 2013-10-15 00:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\FileASSASSIN
2013-10-14 22:51 - 2013-10-14 22:51 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2013-10-14 22:51 - 2013-10-14 22:51 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Mozilla
2013-10-14 21:55 - 2013-10-14 21:55 - 00000000 ____D C:\Documents and Settings\Master\Desktop\RegSeeker
2013-10-14 21:54 - 2013-10-14 21:54 - 00002210 _____ C:\Documents and Settings\Master\My Documents\cc_20131014_225423.reg
2013-10-14 18:12 - 2013-10-14 18:12 - 00000000 ____D C:\Documents and Settings\Master\Application Data\Leadertech
2013-10-14 18:10 - 2013-10-14 18:10 - 00001920 _____ C:\Documents and Settings\All Users\Desktop\Sid Meier's Pirates!.lnk
2013-10-14 18:10 - 2013-10-14 18:10 - 00000000 ____D C:\Documents and Settings\Master\Start Menu\Programs\Firaxis Games
2013-10-14 18:10 - 2013-10-14 18:10 - 00000000 ____D C:\Documents and Settings\Master\My Documents\My Games
2013-10-14 18:10 - 2013-08-19 19:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Firaxis Games
2013-10-14 18:08 - 2013-08-19 19:04 - 00000000 ____D C:\Program Files\Firaxis Games
2013-10-14 18:07 - 2013-07-18 11:48 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-10-14 14:43 - 2013-07-22 02:22 - 00000000 ____D C:\Documents and Settings\Master\Local Settings\Application Data\Eraser
2013-10-14 14:38 - 2013-10-14 14:38 - 00002188 _____ C:\Documents and Settings\Master\My Documents\cc_20131014_153820.reg
2013-10-14 08:14 - 2013-10-12 22:14 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2013-10-14 08:14 - 2013-10-12 22:14 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2013-10-14 08:13 - 2013-10-12 22:13 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-13 23:11 - 2013-10-13 23:11 - 00000000 __SHD C:\Documents and Settings\NetworkService\PrivacIE
2013-10-13 23:11 - 2013-10-13 23:11 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\RealNetworks
2013-10-13 23:11 - 2013-07-26 23:11 - 00000093 _____ C:\Documents and Settings\NetworkService\Application Data\WB.CFG
2013-10-13 23:11 - 2013-07-23 23:11 - 00000006 _____ C:\Documents and Settings\NetworkService\Application Data\WBPU-TTL.DAT
2013-10-13 23:11 - 2013-07-18 01:57 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-10-13 01:32 - 2013-10-13 01:32 - 00000000 ____D C:\Documents and Settings\Master\Local Settings\Application Data\Eraser 6
2013-10-12 20:09 - 2013-10-12 20:08 - 00003734 _____ C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2013-10-12 20:08 - 2013-07-18 08:47 - 00037664 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2013-10-12 08:36 - 2013-10-12 08:36 - 00000724 _____ C:\Documents and Settings\Master\Desktop\Shortcut to firefox.lnk
2013-10-11 22:00 - 2013-10-11 22:00 - 00000000 ____D C:\Documents and Settings\Master\Application Data\DDMSettings
2013-10-11 16:27 - 2013-10-11 16:27 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-10-11 14:31 - 2013-10-11 14:31 - 00013260 _____ C:\Documents and Settings\Master\My Documents\cc_20131011_153107.reg
2013-10-11 10:39 - 2013-10-11 10:28 - 00000000 ____D C:\Program Files\Google
2013-10-11 10:30 - 2013-10-11 10:28 - 00000000 ____D C:\Documents and Settings\Master\Local Settings\Application Data\Google
2013-10-11 09:53 - 2013-07-18 03:19 - 00000000 ____D C:\WINDOWS\l2schemas
2013-10-11 01:18 - 2013-10-11 01:18 - 00021094 _____ C:\Documents and Settings\Master\My Documents\cc_20131011_021846.reg

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Link to post
Share on other sites

This is the addition log.

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-10-2013Ran by Master at 2013-11-09 16:01:21Running from C:\Documents and Settings\Master\My Documents\DownloadsBoot Mode: Normal============================================================================== Security Center ========================AV: AVG Internet Security 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}Could not list Security Center items. Check WMI.==================== Installed Programs ======================7-Zip 9.20Abdio Free MP4 Player (Free) (Version: Abdio Free MP4 Player)Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)Adobe Flash Player 11 Plugin (Version: 11.9.900.117)Adobe Reader 8.1.2 (Version: 8.1.2)Advanced Batch Converter (Version: 7.8)All in 1 Media Codecs Pack V3.3AVG 2014 (Version: 14.0.3629)AVG 2014 (Version: 14.0.4158)AVG 2014 (Version: 2014.0.4158)AVG SafeGuard toolbar (Version: 17.0.1.12)CCleaner (Version: 4.06)CCScore (Version: 6.02.1001.0001)Creative EAX SettingsCreative MediaSourceCreative Speaker SettingsDC-Bass Source 1.3.0Device ControlDirectVobSub 2.40.4209 (Version: 2.40.4209)DivX Setup (Version: 2.6.1.8)Dll-Files Fixer (Version: 1.0)Driver Genius (Version: 12.0)Driver Restore (Version: 8.1)DVD Shrink 3.2EA Download Manager (Version: 5.0.0.255)ESSCDBK (Version: 6.02.0001.0001)ESScore (Version: 6.02.1001.0001)ESSgui (Version: 6.02.1001.0001)ESSini (Version: 6.02.1001.0001)ESSPCD (Version: 6.02.1001.0001)ESSSONIC (Version: 6.2.0001.0001)ESSTOOLS (Version: 5.00.0000.0004)essvatgt (Version: 6.02.1001.0001)Evil Player v1.12Express Burn (Version: 4.68)ffdshow v1.1.4399 [2012-03-22] (Version: 1.1.4399.0)FileASSASSIN (Version: 1.06)FrapsGIMP (Version: 2.6.11)Haali Media SplitterJava 7 Update 45 (Version: 7.0.450)Java Auto Updater (Version: 2.1.9.8)kgcbase (Version: 5.03.0000.0004)kgcmove (Version: 5.03.0000.0003)kgcvday (Version: 5.03.0000.0002)Kodak EasyShare softwareKSU (Version: 632.62.0004.0001)Lagarith Lossless Codec (1.3.27)LAME v3.99.3 (for Windows)Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)Metasequoia 4 (Version: 4.0.1)Microsoft .NET Framework 1.1 (Version: 1.1.4322)Microsoft .NET Framework 1.1 Security Update (KB2833941)Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)Microsoft .NET Framework 4 Extended (Version: 4.0.30319)Microsoft Application Error Reporting (Version: 12.0.6012.5000)Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)Microsoft Security Client (Version: 4.3.0219.0)Microsoft Security Essentials (Version: 4.3.219.0)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)Mozilla Firefox 25.0 (x86 en-US) (Version: 25.0)Mozilla Maintenance Service (Version: 25.0)MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)Nero Media PlayerNero OEMNeroVision Express 2netbrdg (Version: 6.02.1001.0001)Notifier (Version: 6.02.0001.0001)NVIDIA Control Panel 320.49 (Version: 320.49)NVIDIA Drivers (Version: 1.5)NVIDIA GeForce Experience 1.7 (Version: 1.7)NVIDIA Install Application (Version: 2.1002.140.952)NVIDIA nView 140.62 (Version: 140.62)NVIDIA PhysX (Version: 9.13.0604)NVIDIA PhysX System Software 9.13.0604 (Version: 9.13.0604)NVIDIA Update 9.3.16 (Version: 9.3.16)NVIDIA Update Components (Version: 9.3.16)OfotoXMI (Version: 6.02.0001.0001)PCDADDIN (Version: 6.02.0001.0003)PCDHELP (Version: 6.02.0001.0001)Pixillion Image Converter (Version: 2.59)QuickTime Alternative 1.90 (Version: 1.90)RealDownloader (Version: 1.3.3)RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)RealPlayer (Version: 16.0.3)RealUpgrade 1.1 (Version: 1.1.0)Recuva (Version: 1.43)RegHunter (Version: 1.3.3.1613)ReLay (Version: 1.03)RhapsodySFR (Version: 6.02.0001.0001)SHASTA (Version: 6.02.0001.0001)Sid Meier's AntietamSid Meier's Pirates! (Version: 1.00.0000)Sid Meier's South Mountain Add-onSKIN0001 (Version: 6.02.1001.0001)SKINXSDK (Version: 6.02.1001.0001)SpyHunter (Version: 4.15.1.4270)SpyHunter (Version: 4.16.5.4290)Star Wars: The Old Republic (Version: 1.00)staticcr (Version: 5.03.0000.0001)System Protect (Version: 1.0.0.83)The PlayaTrueCrypt (Version: 7.1a)TweakNow RegCleaner (Version: 7.2.5)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)Update for Windows XP (KB2345886) (Version: 1)Update for Windows XP (KB2661254-v2) (Version: 2)Update for Windows XP (KB2749655) (Version: 1)Update for Windows XP (KB951978) (Version: 1)Update for Windows XP (KB955759) (Version: 1)Update for Windows XP (KB968389) (Version: 1)Update for Windows XP (KB971029) (Version: 1)Update for Windows XP (KB973815) (Version: 1)VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)VLC media player 2.0.8 (Version: 2.0.8)VPRINTOL (Version: 6.02.0001.0001)WebFldrs XP (Version: 9.50.6513)Windows Genuine Advantage Validation Tool (KB892130)Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)Windows Management Framework CoreWindows Media Format 11 runtimeWindows Media Player 11Windows PowerShell(TM) 1.0 (Version: 1)Windows XP Service Pack 3 (Version: 20080414.031525)WinRAR 4.20 (32-bit) (Version: 4.20.0)WIRELESS (Version: 6.02.0001.0001)Wondershare DVD Creator(Build 2.6.5)Xvid Video Codec (Version: 1.3.2)==================== Restore Points  =========================08-11-2013 17:14:55 Software Distribution Service 3.008-11-2013 18:30:21 Software Distribution Service 3.008-11-2013 19:08:05 Installed The Sims 3 Late Night08-11-2013 19:31:38 Installed The Sims 309-11-2013 02:00:27 Software Distribution Service 3.009-11-2013 09:10:41 Software Distribution Service 3.0==================== Hosts content: ==========================2003-03-31 14:00 - 2013-11-08 02:29 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1       localhost==================== Scheduled Tasks (whitelisted) =============Task: C:\WINDOWS\Tasks\DLL-Files.Com Fixer_MONTHLY.job => C:\Program Files\Dll-Files.com Fixer\DLLFixer.exeTask: C:\WINDOWS\Tasks\DLL-Files.Com Fixer_Updates.job => C:\Program Files\Dll-Files.com Fixer\DLLFixer.exeTask: C:\WINDOWS\Tasks\Driver Restore-RTMRules.job => C:\Program Files\Driver Restore\Driver Restore\DriverRestore.exeTask: C:\WINDOWS\Tasks\Driver Restore-RTMScan.job => C:\Program Files\Driver Restore\Driver Restore\DriverRestore.exeTask: C:\WINDOWS\Tasks\Driver Restore-RTMUpdater.job => C:\Program Files\Driver Restore\Driver Restore\DriverRestore.exeTask: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exeTask: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1960408961-2000478354-839522115-1004.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exeTask: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1960408961-2000478354-839522115-1004.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exeTask: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1960408961-2000478354-839522115-1004.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exeTask: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1960408961-2000478354-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exeTask: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1960408961-2000478354-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe==================== Loaded Modules (whitelisted) =============2009-01-11 05:15 - 2009-01-11 05:15 - 00159744 _____ () C:\Program Files\All in 1 Media Codecs Pack\MatroskaSplitter\mmfinfo.dll2009-01-11 05:14 - 2009-01-11 05:14 - 00023552 _____ () C:\Program Files\All in 1 Media Codecs Pack\MatroskaSplitter\mkunicode.dll2013-10-14 21:06 - 2013-10-24 21:41 - 00043520 _____ () C:\WINDOWS\system32\CmdLineExt03.dll2009-04-30 23:31 - 2009-04-30 23:31 - 00466944 _____ () C:\WINDOWS\system32\nvshell.dll2013-02-12 21:38 - 2013-02-12 21:38 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll==================== Alternate Data Streams (whitelisted) ============================= Safe Mode (whitelisted) ===================HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"==================== Faulty Device Manager Devices =============Name: 1394 Net AdapterDescription: 1394 Net AdapterClass Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}Manufacturer: MicrosoftService: NIC1394Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: bckdDescription: bckdClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer: Service: bckdProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.==================== Event log errors: =========================Application errors:==================System errors:=============Microsoft Office Sessions:============================================= Memory info =========================== Percentage of memory in use: 27%Total physical RAM: 3070.42 MBAvailable physical RAM: 2218 MBTotal Pagefile: 7514.05 MBAvailable Pagefile: 6891.57 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1969.84 MB==================== Drives ================================Drive c: () (Fixed) (Total:298.08 GB) (Free:10.78 GB) NTFS ==>[Drive with boot components (Windows XP)]Drive d: (Sims3EP03) (CDROM) (Total:6.75 GB) (Free:0 GB) UDF==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 02120212)Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)==================== End Of Log ============================
Link to post
Share on other sites

Do you know what this extension is in Firefox:

FF Extension: eoWwdRD - C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\mqjc6y6u.default\Extensions\eoWwdRD@Qe3qzqg.com.xpi

----------------------------------------------------

Download and run Avast Browser Cleanup, see if it detects any bad items. If so have the program delete them.

Then..........

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Let me know.....MrC
Link to post
Share on other sites

 "FF Extension: eoWwdRD - C:\Documents and Settings\Master\Application Data\Mozilla\Firefox\Profiles\mqjc6y6u.default\Extensions\eoWwdRD@Qe3qzqg.com.xpi

 

I have no idea what it is, but I've found a couple forums that mention it as being related to a redirect malware code hiding inside Firefox.

 

 

Here is the JRT log.

 

Thanks for the continued support!

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Master on Mon 11/11/2013 at 14:09:53.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\rdreminder
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\Tasks\dll-files.com fixer_monthly.job"
Successfully deleted: [File] "C:\WINDOWS\Tasks\dll-files.com fixer_updates.job"
Successfully deleted: [File] "C:\Documents and Settings\Master\appdata\locallow\SkwConfig.bin"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\pchealthboost"
Successfully deleted: [Folder] "C:\Documents and Settings\Master\Application Data\dll-files.com"
Successfully deleted: [Folder] "C:\Program Files\dll-files.com fixer"



~~~ FireFox

Emptied folder: C:\Documents and Settings\Master\Application Data\mozilla\firefox\profiles\mqjc6y6u.default\minidumps [8 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/11/2013 at 14:13:55.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

Well I moved that suspicious xpi file to a seperate folder on my desktop to see what it does and so far I haven't noticed any problem. In fact (though I haven't really been paying attention) I don't think I've experienced any odd redirects since then. Overall the system appears to be looking good, in fact MalwBytes, Spyhunter and AVG have now started quickly picking up contaminations on flashdrives and various peripherals that may have been compromised from the previous infection

 

The only remaining issue is the Microsoft HID non-user input data filter upgrade, that still refuses to install.

Link to post
Share on other sites

Yeah looks like it was an update prompted by the previous infection, and hence is no longer neccesary.

 

The system looks and feels good to me, everything seems to be back in order. Moving that extension from Firefox,really solved the redirect problem, which was the primary issue for us. I've had no problems since moving it, so I will go ahead and shred it. Our AV and A-MW programs are now working as they should, and all XP services and programs are functioning  We can now feel comfortable upgrading to Vista Ultimate.

 

Thanks MrC. You've been a very big help, and we appreciate your time and expertise. Thank you so much!

Link to post
Share on other sites

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Here is the SecurityCheck log.

 

 

Results of screen317's Security Check version 0.99.77  
 Windows XP Service Pack 3 x86   
 Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
 AVG 2014     
 AVG SafeGuard toolbar    
 AVG 2014     
 Microsoft Security Essentials    
`````````Anti-malware/Other Utilities Check:`````````
 SpyHunter     
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 TweakNow RegCleaner    
 Java 7 Update 45  
 Adobe Flash Player     11.9.900.117  
 Adobe Reader 8 Adobe Reader out of Date!
 Mozilla Firefox (25.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.